My Firewall/Malware Weekend experience

Author	All Replies
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable 1 edit	My Firewall/Malware Weekend experience Since i was getting the BSOD every time i enabled my ethernet adapter due to Zone Alarms VSDATA.SYS component i went on a hunt for another software firewall that would take ZA's Place. In a weeks time i tested out Sygate, Kerio 2.1.5, Kerio 4.3 and Outpost. I really enjoyed Kerio but very quickly noticed that it's inferior to the other firewalls in some respects, Sygate didn't work for me at all and outpost, well outpost was the one who couldn't stop a malware attack by protecting system components from being taken over. The attack was so strong that it shut down Spybot S&D protection and went through NOD32 scanner.... Partly my fault as i downloaded the bad file, and from my experience with nod32, it can only save you so much from being stupid. The Malware planted it's BHO, took over my home page with internet explore and was trying to take over the winlogon.exe, i tried every trick in the book from my experience cleaning out an infection including Safe mode.... but nothing worked. My only remedy was to do a system restore to the day prior and that really saved my a**. In conclusion to this partly my fault attack, i have returned to Zone Alarm pro with advanced settings on program control. if one thing is certain for me is that i survived these type of attacks before with Zone Alarm. To conclude, A good firewall must have good component and process control and for me Kerio and outpost failed when tested in comparison to ZA.
	to forum · permalink · · 2006-04-10 14:20:01 ·
SpannerITWks Premium join:2005-04-22	Hope this isn't AstroTurfing lol Glad you got it sorted ! But if you say that you were having some issues before, what have you done Exactly to resolve them, as you didn't explain ? Astro alert !!! ZA Free has never let me down. Spanner -- I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks/SpannerITWks
	to forum · permalink · · 2006-04-10 14:28:44 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable 2 edits	If you actually test "ZA free" as i like to test my security you will find that ZA Free will not cut it when it comes to more serious attacks. The issues that i was having will have to remain, as long as i don't enable my Adapter and it stays on (It usually is), i will not have a problem.
	to forum · permalink · · 2006-04-10 14:30:51 ·
Jarmo P join:2003-11-12 Finland	reply to ShootToThril Well, all I can say, keep with your firewall. Still, Kerio has a good component control ... if it does not cause you BSOD's. It is a problem with Kerio 4.2 I think, still Sygate is an easy firewall I use with good logging abilities. But, you should understand that even if having 2 diff firewalls installed can cause problems. I think Outpost is a good one too.
	to forum · permalink · · 2006-04-10 14:33:16 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs:	They are all good firewalls in some respect but when i deal with risky files i expect my firewall not to fail me in the time of need other wise i feel like i get the fire but not the wall.
	to forum · permalink · · 2006-04-10 14:37:06 ·
SpannerITWks Premium join:2005-04-22	reply to ShootToThril Hi, You still havn't told us how you resolved your initial problems that you thought were due to ZA, but now it's working fine ? You presume that i havn't tested my defences using ZA Free ! Actually i have many Many times, with every leaktest i could get my hands on. I'm happy to report that along with a Very good and Free Anti EXE, Winsonar, i manage to pass 99% of them ! I also set ZA Free up for Max security from day one. Spanner -- I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks/SpannerITWks
	to forum · permalink · · 2006-04-10 14:39:49 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable 1 edit	as i mentioned before..... I never resolved the issue with zone alarm, but as long as i don't Disable/enable my Ethernet card and just leave it on i don't have a problem. I have been reading about this problem in the ZA tech support forum and it seems there isn't a clear answer how to fix it although many people have experienced this error with VSDATA.SYS not only in relate to Ethernet cards but other hardware too.
	to forum · permalink · · 2006-04-10 14:44:33 ·
hpguru Curb Your Dogma Premium join:2002-04-12	reply to ShootToThril said by ShootToThril : ...and outpost, well outpost was the one who couldn't stop a malware attack by protecting system components from being taken over. Since when is this the task of a firewall?
	to forum · permalink · · 2006-04-10 14:47:34 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable	Most firewalls out there are coming out with component and process control, this due to Internet attacks becoming more and more advanced. A firewall from 5 years ago can not stand up to some type of attacks introduced in today's internet. You might feel that a firewalls purpose is to protect your outgoing and incoming protection but what is that protection worth today without watching for applications that alter and use other applications to connect to the internet. Your question would be equivalent to saying, i think I'll use my Antivirus with definitions from 5 years ago and i don't feel it should be updated since it's doing it's job. Although there are programs out there that do the job of watching system components and processes, i think it's a match made in haven when it's combined in to my software firewall.
	to forum · permalink · · 2006-04-10 14:58:41 ·
gugarci Premium join:2004-02-25 Bergen Co	reply to ShootToThril Outpost is an excellent firewall but in order for it to work properly it needs to be configured manually. If you set it up using the pre-sets or the rule wizard it doesn't protect you as well. At least this is what I've read in the Outpost forums.
	to forum · permalink · · 2006-04-10 15:06:30 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to ShootToThril Your firewall didn't fail. I agree with hpguru: said by hpguru : said by ShootToThril : ...and outpost, well outpost was the one who couldn't stop a malware attack by protecting system components from being taken over. Since when is this the task of a firewall? A firewall will not stop you from downloading a bad file and then executing it. said by ShootToThril : . The attack was so strong that it shut down Spybot S&D protection and went through NOD32 scanner.... Partly my fault as i downloaded the bad file, and from my experience with nod32, it can only save you so much from being stupid. In fact, the best way to get infected is to download cracks and/or files through p2p networks and expect your software to "catch" it as you open it. The newest variants of spyware/malware/trojans spread in this fashion and count on the user being stupid. But again, it is not the firewall's function to stop the infection when YOU download a file and open it. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2006-04-10 15:28:11 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable 1 edit	But it is it's job to watch for components getting effected by the attack and at least notify or ask you for a response. as i said before, watching processes opening other processes and altering them is something the New age firewalls need to be integrated with as an understanding of the newest spyware/malware/trojans threats. You can see ZA and Kerio sure understand that approach.
	to forum · permalink · · 2006-04-10 15:33:33 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	said by ShootToThril : But it is it's job to watch for components getting effected by the attack and at least notify or ask you for a response. as i said before, watching processes opening other processes and altering them is something the New age firewalls need to be integrated with as an understanding of the newest spyware/malware/trojans threats . Nope, wrong again. It should have alerted you if it tried to connect to the internet, but the infection and "taking over" of your PC was already done and not the firewall's job. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2006-04-10 15:37:04 ·
hpguru Curb Your Dogma Premium join:2002-04-12 1 edit	reply to ShootToThril said by ShootToThril : Most firewalls out there are coming out with component and process control, this due to Internet attacks becoming more and more advanced. This has more to with marketing than what makes a good firewall. said by ShootToThril : A firewall from 5 years ago can not stand up to some type of attacks introduced in today's internet. While I agree in part this has more to do with where the FW filters traffic rather than how it does it. For instance Atguard was one of the best personal firewalls in its day but it filters traffic at the TDI layer which will not stop malware which uses its own driver, etc. to communicate with your hardware. said by ShootToThril : You might feel that a firewalls purpose is to protect your outgoing and incoming protection but what is that protection worth today without watching for applications that alter and use other applications to connect to the internet. That is precisely the purpose of a firewall - to filter in/outbound IP protocols. In fact the firewall I currently use doesn't do any application filtering whatsoever yet I have no issues with malware and no issues in stopping legit applications from calling home without permission. said by ShootToThril : Your question would be equivalent to saying, i think I'll use my Antivirus with definitions from 5 years ago and i don't feel it should be updated since it's doing it's job. Apples to oranges. IP protocols being standards based haven't changed in the last five years nor is their detection signature based. said by ShootToThril : Although there are programs out there that do the job of watching system components and processes, i think it's a match made in haven when it's combined in to my software firewall. Unless of course malware kills your firewall's system component/process watcher and your firewall goes down with it. FWIW ZA is okay and I recommend it to folks who I think would be completely overwhelmed by a real firewall but you are more advanced than that. There are much better ways of keeping our systems malware free but a firewall isn't one of them, no matter what the firewall marketing department would like us to think. Edit: Spelling. -- Get hpHOSTS! Member ASAP hpHOSTS Online Paranoia is no substitute for understanding.
	to forum · permalink · · 2006-04-10 15:39:10 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable	reply to CalamityJane I understand your approach of having a firewall securing your outgoing connection. But since the new age attacks of spyware/malware/trojans threats are becoming smarter in getting around your firewall by using the stupidity of a user, the concept of the firewall watching processes changing or launching other processes is inevitable. As i said..... ZA and Kerio seem to understand that need very well.
	to forum · permalink · · 2006-04-10 15:44:23 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs: ·RoadRunner Cable	reply to hpguru I could always have 5 or more security programs running on my system as a line of defense for each type of attack. I will find myself using more resources running the security apps and making sure they are up to date and working... taking a lot of my time in the process. You say it's marketing for a firewall to watch processes.... and i say say this is the inevitable future of firewalls due to today's type attacks that are designed to bypass the firewall. You are talking about the basic works of a firewall and I'm talking about where firewalls are headed and how they are evolving to better understand today's security needs.
	to forum · permalink · · 2006-04-10 16:00:19 ·
lawrence171 Evilly Yours - Evilness join:2001-12-24 Canada	reply to ShootToThril You have not enabled program control in Kerio, or config. it to ask you.
	to forum · permalink · · 2006-04-10 16:43:10 ·
AB Premium join:2006-04-04 Leesburg, VA	reply to ShootToThril Sygate didn't work for you at all? I'm just curious what the issue was. I use Sygate; it's the only one I have ever used, so I can't speak to how it compares with others, but it's never failed to alert me about outgoing traffic or about pings to my machine. Like I say, just wondering.
	to forum · permalink · · 2006-04-10 16:43:43 ·
ShootToThril Tell The Truth Premium join:2004-06-07 Sherman Oaks, CA clubs:	reply to lawrence171 Umm.... Yes i have.
	to forum · permalink · · 2006-04-10 16:46:30 ·
Just Basics join:2003-06-08 Painter, VA	reply to ShootToThril So just run a firewall such as Kerio 2.1.5 and another program such as Process Guard to protect your programs. I doubt the resources used will be greater than running a firewall that tries to do both. It's been my experience that security programs that try to do everything are mediocre at best and could be more easily compromised. I could hang a belly mount mower under my Jeep to mow my lawn in addition to providing daily transportation but the maintenance would be a nightmare and the Jeep would not do either very well.
	to forum · permalink · · 2006-04-10 16:49:37 ·


Monday, 30-Nov 01:51:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF