navalpatel
join:2003-07-28
Lubbock, TX | Compentant Security
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall). |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| said by navalpatel  :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
There's one in every crowd, huh?
... and it's strange how they usually can't spell. |
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| reply to navalpatel
said by navalpatel :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
No, XP's firewall did exactly what it was designed to do; block unsolicited incoming connections. It just didn't do what you wanted it to do; block outgoing connections.
--
Japan-- Now with 30% more climbable telephone poles!! |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to dave
said by dave :
There's one in every crowd, huh?
at least he didn't spell "Microsoft" with a $ |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| reply to navalpatel
Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
--
Jimmysquid.com - I take pictures. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| said by Rhobite :
Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
...and it's not clear that ZA does not have the same exposure (see Security forum posts passim). |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
·Qwest.net
1 edit | reply to navalpatel
said by navalpatel :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
Don't compare the lame Windows Firewall as it is now with
what in included on the SP-2 Beta it works as well as any software firewall I have used.
--
»www.gobpl.com |
|
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs: | reply to Steve
at least this hasn't turned into a fight between Microsoft and Linu$ Torvald$' wares.
--
Be patriotic or I'm reporting you to Ashcroft. |
|
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA | reply to dave
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online. 
/linuxrave |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by SpitefulCrow :
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave> |
|
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA
| said by Steve :
said by SpitefulCrow :
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave>
Yay for firewalls that give the user more control than "On" and "Off". /linuxrave |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | <xprave>Yay for firewalls that have more than two users</xprave> |
|
keyboard5684
join:2001-08-01
Youngsville, PA | reply to SpitefulCrow
Windows firewall allows you to modufy it to "open ports" or do what you wish. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
1 edit | said by keyboard5684 :
Windows firewall allows you to modufy it to "open ports" or do what you wish.
The one in XP/SP2: yes. The older firewall really sucked (even though it did what it claimed).
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs: | Even the older one lets you open ports individually. |
|
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA
| said by Rhobite :
Even the older one lets you open ports individually.
Ooh wow, opening ports. That's so great.
iptables supports connection tracking and customized matching based on almost every field in the packet/frame. |
|
keyboard5684
join:2001-08-01
Youngsville, PA
 ·Teliax VOIP
 ·WestPAnet Inc.
 ·WestPAnet Inc. CA..
| iptables, a Linux thing. Completely off base. We are not talking about complex firewall operations (which in my opinion the FreeBSD ipfw is far superior to a simple iptables function in linux), we are talking about Windows firewalls.
Zone alarm compared to the Windows firewall that is built in. In my eyes the Windows firewall is better because it shuts up. I do not think you should have to watch a firewall, it should just do its job. How many people go through there firewall logs and actually do something about it?
PIX firewall can track and customize matching/action on every field of the frame. Even a Cisco router can do what you stated without the firewall feature set. Checkpoint firewall can do it all to. I can go on and on about how many different firewall setups are better but since you learned how to write an iptable rule congrats. |
|
dumbTNtech
join:2003-04-29
Knoxville, TN
| reply to Steve
Say what you will, I've been doing ISP support for four years now and I haven't seen the ICF keep anyone offline. I have seen Zone Alarm suddenly block ALL incoming and outgoing traffic for no apparent reason. Then it's a real pain to remove. The ICF in WindowsXP seems to do a very good job. The only situation where it's not helpful is when you have a trojan on your system letting someone or something in. Of course, that never happens to anyone here.......
--
"Don't try to explain computers to a layman-easier to explain sex to a virgin."-R.A. Heinlein |
|
