The best firewall (reliable, powerful, etc.) EVER in my opinion - Zone Alarm

Discussion in 'other firewalls' started by stalker, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    If I compare Zone alarm to Norton (which is one of the most trusted ones) ...



    Zone Alarm runs with 2 processes --- Norton with 5 processes
    Zone Alarm is user-rule based --- Norton is predefined-rule ("Live" update required) +user-rule based, but I prefer first (user-rule based) option
    Zone Alarm actually WORKS (and is generally stable/reliable) --- Norton DOESN'T (some features)



    Preety much the same with Sygate, Kerio, etc., ALL are running with more than 2 processes, ALL have much less intuitive interface than Zone Alarm. And in the end, if you are not an expert, there are (older) FREE versions, which you install, set few rules, and foget about it.


    And as the most important for me: if I choosed to block some program accessing internet with Norton - it just didn't help, program still contacted its home page (some PCBoost program's annoying "registration check routine"), it did it only if I added that IP to Blocked Zone. With Zone Alarm I did many port scans, pings, NetBIOS traffic, and it blocked ALL, as it should. For Norton I can't say that (though I haven't tested, but why should I, if it has "problems" already with preventing "local" programs to connect)


    One more thing. I installed Norton Personal Firewall 2002 twice on my PC. And second time installing - there was this new SYMPROXYSVC.exe process running (which I saw first time now), and all the features (listed above), are working normally, exept preventing specific program (again PCBoost) to access internet - "Block-all", as mentioned in Internet Access, but I put that IP to Restricted zone, and it prevents it "registration check routine")
    The strange thing about my previous installation of Norton Personal Firewall 2002, there was one service (process) missing ...


    Norton installed only 4 services (in my opinion already 4 is too much, compare to Zone Alarm, which is running only with "zlclient.exe", and "vsmon.exe"), which are non-stop running, but the most important service SYMPROXYSVC.exe just weren't there running, as it is now (important because it uses TCP endpoints, and monitors all web pages displayed).
    So therefor majority of features: "Web Privacy", "Content Blocking", "Confidential Info Blocking" (some of them logged/viewed in Event Log), just weren't working (so my PC wasn't fully protected).
    Though it is also strange, that installation procedure itself haven't "warn" me during previous istallation, that some "parts" of program are missing !!!




    Zone Alarm just RULEZZZZZ
     
    Last edited: Jun 8, 2004
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Even so I will leave my firewall protection to kerio 2.1.5 And a hardware firewall by way of a router.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas

    Same setup on my system.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    good boy ;)
     
  5. longsword

    longsword Guest

    Hi Stalker

    I use NPF 2003 and was wondering what those 5 processes are i only see 1 Ccapp.exe? Are there others that i'm just not seeing?

    But i would admit, from what i've heard, Zonealarm is a better firewall.

    Also no programs are ever let through my firewall unless i let them. Maybe you had automatic program control turned on. You must disable it to make NPF safe IMO.
     
  6. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    Well, I took a look at one of screenshots I made at that time (when I was comparing NPF and ZAPro, particulary number of GDI/User Objects, number of threads running, RAM consumed, CPU load, etc), and there was these processes running by NPF:

    NOPDB.EXE
    NISUM.EXE
    NISSERV.EXE
    IAMAPP.EXE



    and as I wrote in previous post, after second time installing it, there was this new SYMPROXYSVC.EXE process.

    I actually discovered it was its responsibilty to monitor web browsing (some kind of proxy technique, cause I saw it connecting or better establishing connection between two TCP enpoints, and not the actuall process using that connection, e.g. Internet Explorer, Outlook Express, etc.)



    EDIT: And as we all know more processes running, the more program is "partitioned", and therefore less stable (I suppose), error prone (my experience, also with NPF freezing), and vulnerable to security in general
     
    Last edited: Jun 8, 2004
  7. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I run Kerio 2x, it only has two processes, as a matter of fact it uses less resources than ZA, and its completely user configured. No predefined rules to mess with, but its not for newbies who think they can use any firewall just because they can use Zone Alarm :)
     
  8. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Yes, I also tryed Kerio once, but it just didn't feel as comfortable as ZoneAlarm.


    I suppose with your last sentece you mean Zone Alarm FREE version users.
    Cause I didn't notice any aditional security (TCP/UDP, etc.) in Kerio, compare to Zone Alarm Pro. It has all options, as Kerio, to set for example some app to which IPs it can access (so-called "Access" traffic and "Server" - listening for connections thing), orientation of connecition (from MyComputer to Internet or TrustedZone, or from Internet, Trusted to MyComputer, so Inbound/Outbound oriented, rather than who established connection, and so on), ports on which it can access, and as I mentioned types of protocols.


    It has also in-built various other protection (though not with pre-defined app, or other global for instance "trojan-port" rules, as Norton for example)



    Etc, etc ...
     
  9. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You didn't notice because you didn't look hard enough. Kerio 2x is for power users, and advanced users. You had to make all these configurations yourself so if you had no clue what your were doing, you needed to learn quite a bit before you could even get started.

    The last statement of my last message wasn't pointed towards you, but you just fit the full description of it, somebody who doesn't want to take time to learn the program, then just dismisses it not as good as one they find easier to use. Rule based firewalls in general are all about user control, you just have to be knowledgeable enough to realize how to use it correctly. :D

    People who I don't feel will take the time to learn a complex rule baed firewall like Kerio 2x get pointed to ZA by me since I don't want to have to hold their hand configuring the program, just for them to realize its too complicted for them, and they go to a program like ZA. So basically I skip the part where they get frustrated learning many new things while wasting my time, and give up by going to a program like ZA.

    True rule based firewalls, which I don't consider Norton one anymore, are like a build your own car at home kit with a 400 page manual. Application based firewalls like ZA are those cars you buy from a dealer with a 20 page manual, sure they are nice, but they don't always have what you want.

    I was using firewalls even before ZA was being developed, and they were all pure packet filters and rule based firewalls. Then the user-friendly firewalls started up for people who had no clue how to protect themselves, and many of them even found them hard to configure when I found them very limited in what they allowed the user to configure.

    Anyway, as software firewalls go, use what you like, everyone has their own preferences :cool:
     
    Last edited: Jun 9, 2004
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    @stalker- I'm happy that you found a FW that is really to your satisfaction. ZA is a powerful application. I used it for a while, & appreciated its protection.

    Nowadays, however, I am a tad concerned that the Zone Labs folks released what is, reportedly, a VERY unstable new version.

    Also, I have become increasingly reluctant to recommend ZA to my friends because, of those who have used it & then chose to discard it, every one of them complained that fully & cleanly uninstalling ZA was a major problem.
     
  11. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Originally I had ZA then tried Kerio and Outpost. Finished up sticking with ZA free 3.7.211 which gets a full stealth every time at GRC.com. I am not going to change again because of the convenience of that FA. I shall have it as long as my CD's last. Now that's another problem. :rolleyes: :D
     
  12. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia



    Must say, I don't understand what is actually the difference betwen as you mentioned so-called "rule based firewalls", and "application based firewalls", I would rather say "user-rule based firewalls", and "predefined-rule based firewalls", if we are talking about the same thing ...


    If with application you mean monitoring apps connecting (which is crucial/basic option of most firewalls), ZA has global rules like Blocked, Trusted Zone, and global Expert Rules (both enforced before application rules), and Individual application Rules + for each also Expert Rules, all this beside component/libraries monitoring/protection, e-mail protection, Web-Filtering (totally useless), mobilecode, cookie, and add control, newer and the newest version has also OpenProcess() function auditing, and many other so-called "advanced protection"


    Also see my post at:

    PG configuration



    Anyway, you're right about "everyone has their own preferences", but I only wanted to share my with others !!
     
  13. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia

    Me exactly the same. On Windows 98 setup, whch has not so many security holes/issues. It is FREE, and it offers just enought protection (I only miss "Blocked Zone" option, and of course "Expert Rules"), though it is strange, 3.7.211 is not listed in branches list on
    ZoneLabs ZoneAlarmPro ReleaseHistory


    On Windows XP I use version 4.0.146.029, see my post:

    PG configuration



    Regards
     
  14. Justhelping

    Justhelping Guest


    Unfortunately, users who think that there is nothing more to selecting a firewall then just getting "stealth", is exactly the kind of users that will probably not appreciate Kerio (yet).

    Not a flame, just an observation.
     
  15. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I like using sygate personal firewall pro, its not bad. I managed to block out a DOS attack by a malicious hacker against my computer. I traced the hacker to CHINA!
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well if a Symantec application is your only comparison, I suppose you can make anything look good. However let's have a look at what features ZoneAlarm doesn't offer:
    • 3 levels of configuration for application rules;
    • Limit application access to specific domains or IP addresses (ZA's Trusted Zone affects all applications so doesn't count);
    • Limit application access to a specific time;
    • Allow/block ICMP on a type-by-type basis (so you could, for example, choose to allow incoming Pings without exposing yourself to malicious ICMP Redirect or Source Quench packets);
    • Run a program when a particular rule is matched;
    • Use a log filter so you can review specific events (e.g. all ICMP requests, all connections to a specific website - although in ZA's case you could get a 3rd party application for this) and finally
    • Uninstall cleanly if you decide to switch to another firewall!
    I'll leave it to you to find a firewall that does do all the above - shouldn't be too much of a problem for someone with real experience in the field... ;)
     
  17. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Well, don't know exactly what you mean with that. Looking logs or something, monitoring connection in general ??

    I can see most of the connections in Zone Alarm so-called "Log-Viewer" part (and there is also log from XP "only-inbound" firewall), then I use various tools from www.sysinternals.com (from Mark Russinovich, all "non-setups", no installation required, just .exe, the "form" of programs I prefer.)

    With TCPview for example I can monitor and close connection, by process or by separate connection line/entry in its UI (each process usually has manny opened for you to imagine what I mean), so each two endpints, don't know. And there are also TDImon (monitors: activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel), Tokenmon (monitors: Logon/logoff, Enabling/disabling privileges, Impersonation, Process creation/exit), and many, many others.

    So I know what is going on my system, if you mean that ...





    For "Symantec being my only comparison", I must "confess", posted all that, only cause I copied pre-prepared text, few parts of my post from some other forum. though, I mentioned Kerio, and Sygate in one sentence ...


    Further, what are you talking about ??

    Are you sure about 7 things, ZoneAlarm doesn't offer ...

    All true yes, but only in FREE version.

    Note: 6 "points" of protection from 7, exept "Run a program when a particular rule is matched", you labeled as "ZoneAlarm doesn't offer", ARE fully available in Zone Alarm Pro version, dunno exactly, but from version 3 or 4 further.

    I don't know any free version being more advanced than PRO, so I use version 4.0.146.029 PRO (ehy not the newest, I also explained why in details, in one of my posts), but hey, that's why I wrote:


    Maybe you should take a look:
    ZoneLabs ZoneAlarmPro ReleaseHistory
     
    Last edited: Jun 10, 2004
  18. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Gentlemen this is an interersting thread but lets keep on topic and not get to carried away in the heat of discussion.

    bigc
     
  19. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Yes, interesting post. I have to agree with Stalker regarding ZA Pro. It is very configurable, easy to understand, and affords a high degree of protection. I have not used Kerio, and it's possible that Kerio might offer some type of additional esoteric features. But I find it hard to believe they would increase security to a meaningful degree.
     
  20. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have always had the belief that anyone that has a program that works for them that is the one that they ought to use. But we all need to remember that all programs don't always work in all computers. I will at times extole the virtues of a program that I am useing, but I will not tell someone that the program will work better than what they are running now. But I will try to get them to at least try it with the possibility that it might work better for them. Sometimes it will and sometimes it won't. But we all need to remember that the program we are trying to get someone to use might work better than anything we have tried before. But it might not work worth a flip on their computer,So we can not in reality say it is the best there is because it might not work like that on someone elses machine.


    Just a personal thought
    bigc
     
  21. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Never were truer words spoken. ;)
     
  22. Spagman

    Spagman Guest

    Tiny Firewall version 2.11.15.0.

    The new versions are REALLY bloated

    This is by far the best one available and it's 100% free.

    It detects ALL incoming and out going traffic and it allows you to set up custom rules.

    Trust me fellas... you will love this one.

    I asked our Network security guy at work what he uses, he said he uses this version of Tiny firewall.

    If you can't find this version you can email me at dblamey@(remove)comcast.net and I will send it to you.
     
  23. Khaine

    Khaine Registered Member

    Joined:
    Oct 2, 2002
    Posts:
    127

    *Sigh*

    Application based firewalls like ZA only allow you to create "rules" based upon applications accessing the internet.

    Rule based firewalls, like kerio 2.x, Atguatd et al allow you to create a rule to do anything. For example here are 2 of my rules from my atguard ruleset (I can't believe I still have these)

    ------------------------------------------------------
    RULE 0: Domain Name Server UDP
    Rule in use: YES
    Protocol: UDP
    Action: Permit
    Direction: Either
    Remote service: (domain)
    ............. 53
    Local service: Any Service
    Remote Address: (203.17.154.22)
    ............. 203.17.154.22
    ............. 203.17.154.22
    Local Address: Any Address

    and

    RULE 26: Outlook Express (Send Mail) TCP (Notify)
    Rule in use: YES
    Protocol: TCP
    Action: Permit
    Direction: Outbound
    Application: (Outlook Express_1)
    ............. C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    Remote service: (25)
    ............. 25
    Local service: Any Service
    Remote Address: (mail.dynamite.com.au)
    ............. mail.dynamite.com.au
    ............. 203.17.154.21
    Local Address: Any Address

    The first rule will apply to any application, it is not application specific. I hope this clarifies, I'm sure that BlitzenZeus will explain it more clearly, and in more detail.
     
  24. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia

    I suppose you have tried Zone Alarm in past to say that. I don't know which version you were using, but as I mention (in post YOU quoted), there are:



    and here Global Expert Rules are just that, as you say "rule to do anything", meaning same as Expert Rules for single application, so defined by Source/Destination, Protocol and Time, but it applies "globaly" regardless of type of traffic (process connecting, etc.), and are INFORCED before any other rule (for example application)

    For example if you set some IP as Blocked in Global Rules, some individual app CAN'T connect to that IP, even if you allowed it in its (application) Expert Rules ...


    P.S., Again, regarding:

    I actually miss some "action", so well-protected I am. I would rather like to be attacked or something and see logs, trying to find out who that was, or attack-back rather than being stealh all the time, with no "happeneing". Zone Alarm is actually "too-powerful"



    lol
     
  25. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Yes stalker, that is strange, but it was listed previously. I wonder why ZA have omitted it. It is possible to get that version plus one or two of the versions just before 3.7.211.
    Theres all the debate about rules based firewalls and that. My ZoneAlarm free is consistant, never have to touch it. Just give it an odd check to see that all is well and let it get on with it. What more does a user need? :rolleyes: :cool:
     
Loading...
Thread Status:
Not open for further replies.