Is my computer under attack or something?

[Jim Z]

nevermind

[Zyph]

Hey Stacy....My main reason for not switching is since my version of ZA is free and I can't spend extra $$ on firewall SW right now. (What extra? I have no spendable money to begin with! I just got laid off!) Free is always good. What times are you normally on DC? (and what hub?) I tried d/ling @guard through DC once, but the person was being overloaded as it was and wouldn't connect.

[Kakarot]

Sure wish you guys would give up ZA....and after seeing Zyph's log (and seeing that the new version is NO better at logging) I am even more convinced of just what kind of piece of sh!t firewall it is.

Oh really? And is that your professional opinion? What do you base this opinion on? Are you a firewall or network security expert? Personally I could give a rats ass about the log. I don't have time to sit there and sift through 2000 lines of data in my ZA log. All I care is that its doing what its supposed to be doing, protecting my computer from hackers and these stupid virus's knocking on my back door. And it IS doing that.

I do have Conseal, and I tried it out once. I didn't like it at all. It wasn't because it was difficult to setup, I just don't have time to sit there and configure every little thing. I like how ZA you just install it and thats it. As the programs you use that go to the internet(like IE) open, ZA just askes you if its ok for that program to do so. This is very helpful for when you have a trojan on your computer.

well, I started using it when I was a COMPLETE idiot with computers (about 7 months ago)

Ok, where as I'm sure you've come a long way from 7 months ago, I doubt you're exactly an expert now in just 7 months. But you come in here acting like you wrote these firewalls yourself. You'll have to excuse my complete lack of faith in your expert opinion. I've been a network administrator for 3 years now. I've been working on computers professionally for 6 or 7years. But you don't see me coming into a thread telling people to not use one firewall program just because I don't like it compared to another. As long as the program is doing its job then thats good enough for me. Sorry if this is a bit harsh, as you seem to be a very nice person just lookin out for peeps. But I really don't think you're qualified to label Zone Alarm as a piece of shit Firewall. If anything, just state your opinion that you like Conseal's logging abilities a lot better than ZA's and leave it at that. Peace.

Mike


EDIT: LOL, I was just at grc.com and it seems he is not too fond of your Conseal Firewall program. Check it out <a target=new href="http://grc.com/lt/scoreboard.htm">here</a>. Yea, I think I'll stick with ZA, thanks.

[hammer01]

I am telling you guys if you build a linux box for a firewall, it will give you total and absolute control over everything and anything that comes and goes from a network. It can be a bear to figure out IPchains sometimes but you could use a proggie like PMfirewall which will give you nearly the same thing with a simple question and answer basis. Extra expense I know but look at it this way, ya get to build an extra machine and you have another folding, rc5, seti client machine.

[Stacy]

Zyph.....I HAVE ALL OF THESE......FREE I don't/won't pay for ANY software!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

As for DC, I just reinstalled it last week and haven't even been on it.....we would have to set up a time and place.....(possibly by PM's??)


Kak, the 'logic' around allowing a PROGRAM access is NOT efficient AT ALL.....As I had written to Zyph weeks ago on this very subject I explained to him the HOLES in ZA. Whereby you are NOT stealth (no matter HOW much you think you are or that the program is saying you are) having done extensive testing with a friend of mine on this alone proved that ZA is not stealth. All that a hacker or script kiddie needs to do is keep hammering away at all your ports till it finds the OPEN PROGRAM PORT...and bingo they are in.

You're right about the logs, not being all that important, but for those of us who are aware of how to read one, resolve IP's and 'test' our computers, DO use our logs....I had an instance about a month ago in which a friend saw MY IP trying to get at a 'particular' port and through MY ConSeal log we were able to piece together the mystery....(and he thought MY LOG would be USELESS......he thought wrong)

Also the same friend that tested the stealthness of ZA with, together we tested all other settings, especially the 'local zone' and found that it DID NOT keep a THIRD friend OUT. There are MANY HOLES and like I said, YOU DON'T HAVE TO TAKE MY WORD FOR IT....DO THE RESEARCH YOURSELF!!!! I'm just passing along what I already have tested and have found to fail.

And I only said I 'personally' use ConSeal, on a couple threads I have actually suggested @guard, and now the recent addition of Norton 2001. When it comes to PROTECTING YOUR COMPUTER HOW MUCH TRUST ARE YOU WILLING TO PUT INTO A PROGRAM WITHOUT TESTING IT???????????????????

I'm no expert by no means.....and I never said I was, but with what I WITNESSED with ZA....I'll be damned before I put that piece o crap back on here to protect me. Sorry if you disagree with me, but MY MAIN REASON is to HELP not to HINDER.

Edit to say...the caps are not 'yells', just so it stands out more...without being 'bold'.

[MegaVectra]

Stacy, SSSSHHHHHhhhhhhh.

[Jim Z]

YOU DON'T HAVE TO TAKE MY WORD FOR IT....DO THE RESEARCH YOURSELF!!!!

Is there something keeping you from explaining the problems with it?

"It sucks, but I won't tell you why" is not a very effetive argument. You won't even give an inkling of what's truly wrong with it, so I have NO reason to take your word for it.

If it truly sucks so bad, then you'd be doing everyone a service by EXPLAINING WHY instead of saying "I'm not gonna tell you. Find out for yourself."

[Stacy]

Jim, I had just said above, that we ran tests with it. I'm not about to go into 'detail detail' of exactly what we did, for privacy reasons.....but what I did say is ZA is NOT stealth, whether a person configures ZA to 'block always' or you do it manually, the person trying to connect DOES get a response from your computer, meaning NOT stealth. As for the 'local zone' tests we performed we had configured ZA to allow certain IP's in while blocking others...the others that were blocked were also friends, who then tried to connect and WERE able to. THIS should NOT happen. This happened even when NOT allowing a program=having the program disallowed AND IP's.

[CaterpillarAssassin]

Been using Sygate Personal Firewall and it seems to run good. Its free too

http://www.sygate.com/products/shield_ov.htm

[Kakarot]

Apparently you missed the link I provided above?

http://grc.com/lt/scoreboard.htm

I'd be more inclined to take his word for it over yours. Nothing against you personally of course. Its just that he's been doing the technology thang for 20 some years, and you, well 7 months.

but for those of us who are aware of how to read one, resolve IP's and 'test' our computers, DO use our logs

LOL, yea because I don't know how to do these things (next time try actually reading what I posted).

I'm no expert by no means.....and I never said I was

No you're not, and no you didn't. But your attitude in this thread and the things you have posted are making you sound like you think you're the end all be all of firewall solutions and testing them via you're own rudementary hacking skillz. Hell, if ya think you're so good or knowledgable go ahead and hack my computer(or "test" it for holes). Its not like I keep anything important on my computer anyway(this is a lil personal policy I started a long time ago, to make sure I would never be screwed over by some lame hacker or virus). Once you're in go ahead and decompile the C drive or load a trojan on it. Mess it up all you can, I can just do a quick reformat and reload. Doesn't take long and doesn't bother me any. Go for it. I'm using ZA with pretty much all the default settings. 24.183.40.41

[Stacy]

Kak, first you use the word 'expert' in a derogatory way with me, and now you are calling me a hacker. When did I say I was a hacker.....please stop 'assuming' these things. I've owned my own comp for over a year, but only in the past 7 months started 'learning' more about them. Testing programs, apps, utilities.

I don't believe I have come in here with an 'attitude' of knowing everything there is to know about shit. But you have turned what I have said into your own 'misinterpretation' of my words...I think it's time for me to put my old sig back on here. (see below)

My only concern is for everyone protecting their comps the best they can, I came to learn a few unpleasant things about ZA and voiced them.....if this is too much for you to handle then fine, I will take what I know and leave....I'm not here to change people's minds, but to maybe open them up a bit.

And just WHY are you so DEFENSIVE about ZA anyway?? To use your methods of assumption, you 'act' as tho you wrote the damn thing yourself.

[Kakarot]

testing them via you're own rudementary hacking skillz

As you can plainly read in the above quote I did not call you a hacker. Everyone will have SOME kind of hacking skills(whether they be practically nothing or extremely in depth). Even I have hacking skills. That in no way makes me or you a hacker. In order for that to be true you'd have to be purposely trying to get into computers for whatever your own reasons would be.

I never said you do that. I said go ahead and try to find the holes or hack my computer(which uses ZA) to prove to me about these so called holes or security breaches in ZA. You apparently have already found them and know where they are, so go ahead.

I have no delusions that ZA or any other firewall program are perfect. I'm sure they all have "holes" or "problems". Not once did I say ZA or any other program was the absolute best or totally sucks. You're the one that started bashing in on ZA. The reason I am defending it is not because I'm in love with it or think I wrote it... Its because you base your opinion of it on what a few people said on some newsgroups and your own "supposed" testing of it(which you still refuse to explain fully). So I am only challenging the basis of your opinion, not necessarily the validity of it.

Also, don't forget that any TRUE hacker can get past any of these firewalls(even the $10,000 Cisco one's over time). So there isn't much we can do about that. But as long as I'm protected from the general port scans of the script kiddies and wannabe hackers I'm fine with that. And I'm sure ZA and most of the other software firewalls do just fine in that role.

My only concern is for everyone protecting their comps the best they can, I came to learn a few unpleasant things about ZA and voiced them.....if this is too much for you to handle then fine, I will take what I know and leave....I'm not here to change people's minds, but to maybe open them up a bit.

I have no problem with you voicing your opinion on ZA or anything else. But if you're gonna come in and say stuff like: "Sure wish you guys would give up ZA....and after seeing Zyph's log (and seeing that the new version is NO better at logging) I am even more convinced of just what kind of piece of sh!t firewall it is. " I'm going to ask, well ok and whats the evidence or proof you have in order to back a statement like this up? So far I have not seen anything worth while from you to believe what you say about ZA. If I did then I'd seriously look at that and consider using something else.

And on a last note, I don't dislike you or anything to that effect Stacy. I'm sure you're a very intelligent person who just cares about people. And I in no way want to take that away from you and try to make you look bad. I am sorry if I have done so, honestly. And I appreciate you taking the time to discuss these issues with me and share your experience with me and the rest of the community. I got a little hot headed as you did a bit too, which allowed this to get a little out of hand. But I'd still like to listen if you have some actual evidence of ZA sucking bad as a firewall or can prove it to me in some way. If I am indeed wide open to the internet then I'd like to fix that. As it stands right now I'll continue using it until I feel that it is unsafe. Thanks, peace out.

Mike

[Sloopyman]

I don't pretend to be an expert on anything but sitting on my ass but I can tell you that for my purposes ZA sucks and it sucks bad.
My issue with ZA mostly involves the use of proxies. With @Guard I can allow programs to connect to the internet on one specific port and one specific IP addie. Connecting through a proxy server and running @Guard is about as secure a way to use a browser as I can imagine and I was able to set up Bulletproof with seperate rules for each server ... even seperate rules for inbound and outbound connections on each individual server. ZA won't let you specify which IP address it's connecting to and with the free version won't even let you specify what port it's connecting on.

[Kakarot]

Last I checked ZA isn't a Proxy program. It's a small firewall meant for home use to protect against port scans and hackers(and in the case of code red virus's). So its not really fair to say ZA sucks just because it doesn't perform the proxy functions you like when it was never meant to or advertised to do so.

[poop]

A well-maintained system needs no firewall. If you are just a web user, then you shouldn't have any services running that allow attackers in. You let them in by running trojans. Hence, don't run trojans. If you need web services, learn Unix speak and install NetBSD. Firewalls are extra fluff. A good OS should have all the logging most average users need. Just install a bot to parse those files, and you are good to go.

The best defense is to be well-informed and maintain your system. Firewalls are overkill for most. A simple netstat very now and then should tell you all you need to know. Open ports you don't need are bad. That is it.