GoodGuy
Posts: 1506
Joined: 5/17/2006 From: Cologne, Germany Status: offline
|
quote:
ORIGINAL: LarryP I used ZoneAlarm Pro for a couple of years and had nothing but troubles on two machines with different systems. Never again. I guess you're still using Windows' firewall and nothing else? Don't do that. On a sidenote, until around 3 or 4 yrs ago, ZoneAlarm used to have a few security holes, in particular where ZA wouldn't report/deny outbound traffic from local services and/or apps. ShieldsUp and other pages reported about that. They (ZA) did do their homework, so it had been fixed a while ago. I'm using a pretty old version (version 2.0.15A from 2001) of "Tiny Personal Firewall", which is an ultra-light firewall. It's almost impossible to find this particular version, so the usual version still floating around (eg. here: http://www.pctipp.ch/downloads/internet/23786/tiny_personal_firewall.html) may be 2.1.15 . Both versions also have a port monitor (right-click -> "FW status window") showing all opened connections on your computer ["localhost"], and even tasks that are "listening" on say port 135. Geez, that reminds me of having to close that sucker. If I could only remember how, now hahaha, hmmm might deal with alg.exe . Oh well, that happens if your brain has to memorize a shytload of tweaks in order to make things safer these days. Anyway, so this port monitor is almost as good as a stand-alone monitor (eg. "ActivePorts"). Tiny also disables and blocks NetBIOS (packets), which can be used to gain remote access. Kerio Personal Firewall isn't a bad FW either, actually they tried to include a warning list, and a more simplified approach for less tech savyy people (like in Zone Alarm), while keeping a lightweight structure. Actually, although KerioPF used to be based on the same engine as TPF, newer versions may not have the possibility to restrict apps to certain ports (say firefox to port 80), and I really need/want that feature. It also adds another level of security. Quite some trojans edit the registry to disable common firewalls. The user won't figure it, as often the icons in the system tray are still active/visible. There's a neat registry entry you can add to avoid that, and it should work for both, TPF and (older?) versions of KPF (in cases where Kerio uses the same driver/entry "fwdrv") Under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fwdrv just add a new D-Word and name it "AlwaysSecure" (without the ""), then double-click on the new parameter and set it to 1 (decimal). This will cause your system to shut down the internet connection the second you shut down your firewall engine/driver (or if it had been disabled by a trojan/virus). If you use that switch, it will be active on next reboot. Deleting the D-Word entry or setting the value to 0 (ZERO = off, 1 = on) will disable that feature. EDIT: I didn't use this registry switch before .... but I just added it, rebooted, and wow, that's neat. Although the DSL status window is still visible, the connection is dead after I shut down the Firewall. Nice ! Trojan programmers can change the value, but this entry shouldn't be targeted by too many hackers, as the FW is old and not really common anymore. I prefer such dino firewalls to recent "hightech" firewalls, as you are actually the boss, and not some halfassed automated rule-settings thingy. I recommend that you try tiny personal FW. My old version works on XP like a charm, I'm not 100% sure about 2.1.15. There is a rare chance that you get a bluescreen (I think it used to deal with XP's SP1 or SP2) , if so you'd have to uninstall it and switch to my version. I could send it to you, if you can't find it, so you could give it a try. Btw, you should know a little bit about the basics regarding ports and system processes, before using such "simple" but effective firewalls, but ShieldsUp and Google should provide sufficient info, in case a port or EXE file catches your attention. Since you said you printed out my collection of tips, I'd say such a lightweight fw should work out for you. Once you've created a few rules (you get popups for each and every access to the internet until you have set say 5 or 10 rules, which is easy) the fw won't bother you anymore, as you will "just" get a few popups once in a while when hackers or automated trojan/worm routines try to attack your computer. You create a rule and deny such attempts, and for outgoing connections you may have to evaluate if you really need that particular service/application to access the net, once in a while. With this type of firewall, you'll get to know (and you'll be surprised) more about what apps (and what ports) are trying to access the net, as nothing is automated, except for the enforcement of the rules you set. HOI III's launcher for example tries to connect to a server when you get to the launcher screen, and it will display an Internet Explorer page (funny I am using firefox exclusively) "this page cannot be displayed", if you don't permit the launcher to establish an outgoing connection. If you're offline, the launcher will display the proper image. A tiny lesson on how to use such ultra-light but powerful firewalls: |