Which firewall/s do you think has the most numbers of rules that blocks Trojans?

Discussion in 'other firewalls' started by sweater, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I tried some firewall but still ‘m not sure yet if one particular firewall “contains” lots of rules for Trojan blocking or has none or possibly acts on some kind of “heuristic analysis” to prevent them from entering. But I think Trojan blocking rules was one of the most important parts of Firewalls. :-*
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    'Rules' and 'Heuristics', 'trojan blocking' - are you not confusing a FW with an AV? :D

    These days that's probably not surprising 'cos software companies seem to be doing the same thing - with FWs providing AV cover and AVs providing FW cover.

    It's a confusing world we live in. :doubt:
     
  3. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    I'm not sure what you mean exactly but Norton Personal Firewall and Norton Internet Security contain lots of (inbound) Trojan rules in their default configuration, one for each port a trojan uses. In a rule-based firewall like this, this just adds overhead to the rule checking mechanism and wastes bandwidth downloading more rules like this from LiveUpdate, since they can all be replaced by one rule that blocks inbound TCP/UDP that is put at the end of the rule set. It is a disadvantage
    from a performance perspective to have dozens of these rules when one will do. It's a marketing thing for Norton (ie. "Default Block DeepThroat Trojan horse" = "gee aren't I lucky to have this Norton firewall that is blocking all these big bad trojans like Deep Throat") and they are willing to sacrifice performance for marketing.
     
  4. TeknO

    TeknO Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    147
    Location:
    Istanbul, TURKEY
    Do you have any information about trojan blocking capability of KIS 2006?
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I always looked at these "trojan" rules as blocking various ports that trojans use going *outbound*.. However, in any rule based firewall, it is much easier to just have one rule block all inbound or outbound, except for the various rules that allow the traffic you need. So, in other words. it's a waste of time and extra overhead (as other people have mentioned) to have various "trojan" blocking rules when either the firewall itself should be blocking all others, or else one rule should be blocking all other traffic (other than what you've allowed). So, for inbound for example, just put a block all rule at the end of your rules to block all inbound traffic now allowed above that one. The firewall itself will block or alert you to all outbound traffic going to odd ports, so you don't need any special rules there.. To me, the "trojan" rules are just either marketing hype or redundant and unnecessary rules...
     
Loading...
Thread Status:
Not open for further replies.