Fire walls and networking

Discussion in 'Computer Support' started by ron, Oct 18, 2003.

  1. ron

    ron Guest

    Hi I have Zone Alarm and Sygate firewall as well as Windows XP's own fire
    wall. If I have either the Sygate or Zone Alarm firewall running I cannot
    access the internet over my network from another computer. Yet if I turn
    them off and rely on Windows firewall I can access my network. So I went to
    Sygate's test page and started running the tests using both Sygate's and
    Window's firewall and to my surprise on the first 2 tests there was no
    difference in the results. So why does everyone say that the Windows
    firewall is not any good.

    I did of course not have more than 1 firewall running at the same time. And
    I did test with the firewalls turned off as well as on.

    So if I keep my virus software up to date I cannot see any advantage to
    using another firewall other than Window's own firewall. In fact there are
    disadvantages. i.e. my network does not work if I use Zone Alarm or Sygate.

    Or am I missing something somewhere?

    Opinions welcome Ronald
    ron, Oct 18, 2003
    #1
    1. Advertising

  2. ron

    slumpy Guest

    "So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
    threw back my head and roared with laughter as ron continued:

    > Hi I have Zone Alarm and Sygate firewall as well as Windows XP's own
    > fire wall.


    One at a time, FFS !!!!

    Three help files too !!!!
    --
    slumpy
    no more
    no less
    just slumpy
    slumpy, Oct 18, 2003
    #2
    1. Advertising

  3. ron

    ron Guest

    > > Hi I have Zone Alarm and Sygate firewall as well as Windows XP's own
    > > fire wall.

    >
    > One at a time, FFS !!!!
    >
    > Three help files too !!!!


    I am evaluating them before I get my blueyonder cable broadband. I will just
    use 1 when I find out what is the most suitable.

    Ronald
    ron, Oct 18, 2003
    #3
  4. ron

    °Mike° Guest

    The Windows firewall does not block OUTGOING traffic,
    that is the difference. Any malware that manages to
    get on your computer is free to communicate with the
    outside world, even if traffic back in is blocked.


    On Sat, 18 Oct 2003 16:08:01 +0100, in
    <bmrl0k$q6psl$-berlin.de>
    ron scrawled:

    >Hi I have Zone Alarm and Sygate firewall as well as Windows XP's own fire
    >wall. If I have either the Sygate or Zone Alarm firewall running I cannot
    >access the internet over my network from another computer. Yet if I turn
    >them off and rely on Windows firewall I can access my network. So I went to
    >Sygate's test page and started running the tests using both Sygate's and
    >Window's firewall and to my surprise on the first 2 tests there was no
    >difference in the results. So why does everyone say that the Windows
    >firewall is not any good.
    >
    >I did of course not have more than 1 firewall running at the same time. And
    >I did test with the firewalls turned off as well as on.
    >
    >So if I keep my virus software up to date I cannot see any advantage to
    >using another firewall other than Window's own firewall. In fact there are
    >disadvantages. i.e. my network does not work if I use Zone Alarm or Sygate.
    >
    >Or am I missing something somewhere?
    >
    >Opinions welcome Ronald
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 18, 2003
    #4
  5. ron

    Gitano Guest

    °Mike° came up with this: news::

    > The Windows firewall does not block OUTGOING traffic,
    > that is the difference.


    This is not true. In XP PRO (not HOME) you can construct a firewall in
    which you can control both incoming and outgoing traffic. Read this:
    http://homepages.wmich.edu/~mchugha/w2kfirewall.htm



    --
    "Life is a bitch, and finally you end up marrying one..."
    Gitano, Oct 18, 2003
    #5
  6. ron

    °Mike° Guest

    On 18 Oct 2003 18:20:59 GMT,
    in message <Xns9418CE560F119nono@195.121.6.84>,
    Gitano <> scrawled:

    >°Mike° came up with this: news::
    >
    >> The Windows firewall does not block OUTGOING traffic,
    >> that is the difference.

    >
    >This is not true. In XP PRO (not HOME) you can construct a firewall in
    >which you can control both incoming and outgoing traffic. Read this:
    >http://homepages.wmich.edu/~mchugha/w2kfirewall.htm


    There are two key issues here: "XP Pro" and "CONSTRUCT".
    I'll stick to my statement.

    --
    Basic Computer Maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 18, 2003
    #6
  7. ron

    Gitano Guest

    °Mike° came up with this: news::


    >
    > There are two key issues here: "XP Pro" and "CONSTRUCT".
    > I'll stick to my statement.
    >


    Your statement was that the XP firewall was not capable in prohibiting
    outbound traffic. Well, it is.

    --
    "Life is a bitch, and finally you end up marrying one..."
    Gitano, Oct 18, 2003
    #7
  8. ron

    °Mike° Guest

    On 18 Oct 2003 21:30:59 GMT,
    in message <Xns9418EEDA82CACnono@195.121.6.83>,
    Gitano <> scrawled:

    >°Mike° came up with this: news::
    >
    >
    >>
    >> There are two key issues here: "XP Pro" and "CONSTRUCT".
    >> I'll stick to my statement.
    >>

    >
    >Your statement was that the XP firewall was not capable in prohibiting
    >outbound traffic. Well, it is.


    No, the "XP PRO" firewall is capable of being CONSTRUCTED - not
    something most people would relish.

    --
    Basic Computer Maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 18, 2003
    #8
  9. ron

    Gitano Guest

    °Mike° came up with this: news::

    > On 18 Oct 2003 21:30:59 GMT,
    > in message <Xns9418EEDA82CACnono@195.121.6.83>,
    > Gitano <> scrawled:
    >
    >>°Mike° came up with this: news::
    >>
    >>
    >>>
    >>> There are two key issues here: "XP Pro" and "CONSTRUCT".
    >>> I'll stick to my statement.
    >>>

    >>
    >>Your statement was that the XP firewall was not capable in prohibiting
    >>outbound traffic. Well, it is.

    >
    > No, the "XP PRO" firewall is capable of being CONSTRUCTED - not
    > something most people would relish.
    >


    I agree with that. But, it IS possible to block outbound traffic in the XP
    firewall! With all respect, you replied to the OP :

    The Windows firewall does not block OUTGOING traffic

    and IMHO this is not correct, you can configure XP's firewall to block any
    outgoing traffic to suit your configuration.
    Not for the fainthearted, though....

    --
    "Life is a bitch, and finally you end up marrying one..."
    Gitano, Oct 18, 2003
    #9
  10. ron

    °Mike° Guest

    On 18 Oct 2003 22:06:41 GMT,
    in message <Xns9419C4019D5nono@195.121.6.83>,
    Gitano <> scrawled:

    >°Mike° came up with this: news::
    >
    >> On 18 Oct 2003 21:30:59 GMT,
    >> in message <Xns9418EEDA82CACnono@195.121.6.83>,
    >> Gitano <> scrawled:
    >>
    >>>°Mike° came up with this: news::
    >>>
    >>>
    >>>>
    >>>> There are two key issues here: "XP Pro" and "CONSTRUCT".
    >>>> I'll stick to my statement.
    >>>>
    >>>
    >>>Your statement was that the XP firewall was not capable in prohibiting
    >>>outbound traffic. Well, it is.

    >>
    >> No, the "XP PRO" firewall is capable of being CONSTRUCTED - not
    >> something most people would relish.
    >>

    >
    >I agree with that. But, it IS possible to block outbound traffic in the XP
    >firewall! With all respect, you replied to the OP :
    >
    >The Windows firewall does not block OUTGOING traffic
    >
    >and IMHO this is not correct, you can configure XP's firewall to block any
    >outgoing traffic to suit your configuration.
    >Not for the fainthearted, though....


    Ok, semantics apart, nobody but a very few are going to go
    through all of that trouble, are they? Also, my reply was not
    incorrect, per se, as the XP firewall does not block outgoing
    traffic. Now if I had said "CAN NOT block outgoing traffic"....

    --
    Basic Computer Maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 18, 2003
    #10
  11. ron wrote:
    > Hi I have Zone Alarm and Sygate firewall as well as Windows XP's own fire
    > wall. If I have either the Sygate or Zone Alarm firewall running I cannot
    > access the internet over my network from another computer. Yet if I turn
    > them off and rely on Windows firewall I can access my network. So I went to
    > Sygate's test page and started running the tests using both Sygate's and
    > Window's firewall and to my surprise on the first 2 tests there was no
    > difference in the results. So why does everyone say that the Windows
    > firewall is not any good.
    >
    > I did of course not have more than 1 firewall running at the same time. And
    > I did test with the firewalls turned off as well as on.
    >
    > So if I keep my virus software up to date I cannot see any advantage to
    > using another firewall other than Window's own firewall. In fact there are
    > disadvantages. i.e. my network does not work if I use Zone Alarm or Sygate.
    >
    > Or am I missing something somewhere?
    >
    > Opinions welcome Ronald
    >
    >


    ZoneAlarm does what is called "MP5 checksumming"; this means that if a
    trojan masquerades as a legitimate application, by name, ZA will still
    let you know that something is wrong (that the app has changed.)

    ZoneAlarm also provides much more fine-tuning, depending on version.

    To fix your problem with ZA, you have to put the other local computers
    into the "trusted" zone. In the ZA control center, under Firewall,
    Zones tab, Add button, select an IP range that represents your home
    network -- the router address on up through the highest system address
    that your router hands out -- for example, 192.168.1.0-192.168.1.10.

    This tells ZA that your other systems are "safe" for access, while
    anything else will still be subject to normal firewall scrutiny.

    Sygate has a similar feature, but I find that most users feel it is much
    harder to configure.

    The built-in XP firewall is VERY basic although it's far, far, better
    than nothing at all.

    -- DE
    Tergiversative, Oct 18, 2003
    #11
  12. ron

    Mara Guest

    On Sat, 18 Oct 2003 23:20:11 +0100, °Mike° wrote:

    <snip>
    >Ok, semantics apart, nobody but a very few are going to go
    >through all of that trouble, are they? Also, my reply was not
    >incorrect, per se, as the XP firewall does not block outgoing
    >traffic. Now if I had said "CAN NOT block outgoing traffic"....


    The average luser isn't even going to know how to get to the thing, let alone
    how to configure it. And if they screw it up....

    "Gah."

    --
    I've always wanted to be an executioner, that's why I became a sysadmin.
    -- Jim Howes, nanae
    Mara, Oct 18, 2003
    #12
  13. ron

    °Mike° Guest

    On Sat, 18 Oct 2003 17:50:32 -0500,
    in message <>,
    Mara <> scrawled:

    >On Sat, 18 Oct 2003 23:20:11 +0100, °Mike° wrote:
    >
    ><snip>
    >>Ok, semantics apart, nobody but a very few are going to go
    >>through all of that trouble, are they? Also, my reply was not
    >>incorrect, per se, as the XP firewall does not block outgoing
    >>traffic. Now if I had said "CAN NOT block outgoing traffic"....

    >
    >The average luser isn't even going to know how to get to the thing,
    >let alone how to configure it. And if they screw it up....
    >
    >"Gah."


    It's kind of like expecting a person to be able to build a lock, when
    all they need to do is turn the damned key.

    --
    "That's what locksmiths are for."
    °Mike°, Oct 18, 2003
    #13
  14. °Mike° wrote:

    > Ok, semantics apart, nobody but a very few are going to go
    > through all of that trouble, are they? Also, my reply was not
    > incorrect, per se, as the XP firewall does not block outgoing
    > traffic. Now if I had said "CAN NOT block outgoing traffic"....


    No XP here...is the configuration process any more difficult than it is
    in, for instance, Kerio?

    --
    Blinky Linux RU 297263
    NEW 9/25/03:
    MS Class Action Award Vouchers for California Residents
    Detail --> http://snurl.com/settlement
    Blinky the Shark, Oct 19, 2003
    #14
  15. ron

    Mara Guest

    On Sat, 18 Oct 2003 23:55:54 +0100, °Mike° wrote:

    >On Sat, 18 Oct 2003 17:50:32 -0500,
    > in message <>,
    > Mara <> scrawled:
    >
    >>On Sat, 18 Oct 2003 23:20:11 +0100, °Mike° wrote:
    >>
    >><snip>
    >>>Ok, semantics apart, nobody but a very few are going to go
    >>>through all of that trouble, are they? Also, my reply was not
    >>>incorrect, per se, as the XP firewall does not block outgoing
    >>>traffic. Now if I had said "CAN NOT block outgoing traffic"....

    >>
    >>The average luser isn't even going to know how to get to the thing,
    >>let alone how to configure it. And if they screw it up....
    >>
    >>"Gah."

    >
    >It's kind of like expecting a person to be able to build a lock, when
    >all they need to do is turn the damned key.


    When they don't even know what a key is, let alone how to use it in a lock (or,
    for that matter, what a lock is.) Perhaps some posters tend not to remember that
    this group, because of it's list position, is usually the first group newbies
    encounter. Sometimes, newbies so luserish that they think the page they're on
    must be the entire internet. That everything comes directly from their own host.

    (Oh yes, it happens - you should meet some of my lusers.)

    "What operating system am I running? Uh...."

    --
    I've always wanted to be an executioner, that's why I became a sysadmin.
    -- Jim Howes, nanae
    Mara, Oct 19, 2003
    #15
  16. ron

    °Mike° Guest

    On 18 Oct 2003 23:25:04 GMT, in
    <>
    Blinky the Shark scrawled:

    >°Mike° wrote:
    >
    >> Ok, semantics apart, nobody but a very few are going to go
    >> through all of that trouble, are they? Also, my reply was not
    >> incorrect, per se, as the XP firewall does not block outgoing
    >> traffic. Now if I had said "CAN NOT block outgoing traffic"....

    >
    >No XP here...is the configuration process any more difficult than it is
    >in, for instance, Kerio?


    I don't use XP and I don't use Kerio, but take a look at
    the link - it's quite convoluted.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 19, 2003
    #16
  17. °Mike° wrote:

    > On 18 Oct 2003 23:25:04 GMT, in
    > <>
    > Blinky the Shark scrawled:


    >>°Mike° wrote:


    >>> Ok, semantics apart, nobody but a very few are going to go
    >>> through all of that trouble, are they? Also, my reply was not
    >>> incorrect, per se, as the XP firewall does not block outgoing
    >>> traffic. Now if I had said "CAN NOT block outgoing traffic"....


    >>No XP here...is the configuration process any more difficult than it is
    >>in, for instance, Kerio?


    > I don't use XP and I don't use Kerio, but take a look at
    > the link - it's quite convoluted.


    Looks similar to Kerio, although the FAQ's examples of rules just lists
    the actual settings, since for each rule, they're all on one page of the
    GUI, as versus being spread over several tabs/windows/whatever.

    Scroll down a bit for what I'm talking about:

    http://www.blarp.com/faq/faqmanager.cgi?file=kerio_genrules&toc=kerio#q1

    Of course, these settings aren't buried as they seem to be in XP --
    rules are on click away from the main window of the application.

    --
    Blinky Linux RU 297263
    NEW 9/25/03:
    MS Class Action Award Vouchers for California Residents
    Detail --> http://snurl.com/settlement
    Blinky the Shark, Oct 19, 2003
    #17
  18. ron

    °Mike° Guest

    On 19 Oct 2003 06:17:50 GMT, in
    <>
    Blinky the Shark scrawled:

    >°Mike° wrote:
    >
    >> On 18 Oct 2003 23:25:04 GMT, in
    >> <>
    >> Blinky the Shark scrawled:

    >
    >>>°Mike° wrote:

    >
    >>>> Ok, semantics apart, nobody but a very few are going to go
    >>>> through all of that trouble, are they? Also, my reply was not
    >>>> incorrect, per se, as the XP firewall does not block outgoing
    >>>> traffic. Now if I had said "CAN NOT block outgoing traffic"....

    >
    >>>No XP here...is the configuration process any more difficult than it is
    >>>in, for instance, Kerio?

    >
    >> I don't use XP and I don't use Kerio, but take a look at
    >> the link - it's quite convoluted.

    >
    >Looks similar to Kerio, although the FAQ's examples of rules just lists
    >the actual settings, since for each rule, they're all on one page of the
    >GUI, as versus being spread over several tabs/windows/whatever.
    >
    >Scroll down a bit for what I'm talking about:
    >
    >http://www.blarp.com/faq/faqmanager.cgi?file=kerio_genrules&toc=kerio#q1
    >
    >Of course, these settings aren't buried as they seem to be in XP --
    >rules are on click away from the main window of the application.


    I fail to see why any firewall should make it's configuration
    that tortuous.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 19, 2003
    #18
  19. °Mike° wrote:

    > On 19 Oct 2003 06:17:50 GMT, in
    > <>
    > Blinky the Shark scrawled:


    >>°Mike° wrote:


    >>> On 18 Oct 2003 23:25:04 GMT, in
    >>> <>
    >>> Blinky the Shark scrawled:


    >>>>°Mike° wrote:


    >>>>> Ok, semantics apart, nobody but a very few are going to go
    >>>>> through all of that trouble, are they? Also, my reply was not
    >>>>> incorrect, per se, as the XP firewall does not block outgoing
    >>>>> traffic. Now if I had said "CAN NOT block outgoing traffic"....


    >>>>No XP here...is the configuration process any more difficult than it is
    >>>>in, for instance, Kerio?


    >>> I don't use XP and I don't use Kerio, but take a look at
    >>> the link - it's quite convoluted.


    >>Looks similar to Kerio, although the FAQ's examples of rules just lists
    >>the actual settings, since for each rule, they're all on one page of the
    >>GUI, as versus being spread over several tabs/windows/whatever.


    >>Scroll down a bit for what I'm talking about:


    >>http://www.blarp.com/faq/faqmanager.cgi?file=kerio_genrules&toc=kerio#q1


    >>Of course, these settings aren't buried as they seem to be in XP --
    >>rules are on click away from the main window of the application.


    > I fail to see why any firewall should make it's configuration
    > that tortuous.


    As XP's, I agree. As for Kerio, it seems simple to me -- LIS, each rule's
    settings are all in one window.

    --
    Blinky Linux RU 297263
    NEW 9/25/03:
    MS Class Action Award Vouchers for California Residents
    Detail --> http://snurl.com/settlement
    Blinky the Shark, Oct 19, 2003
    #19
  20. Blinky the Shark wrote:
    > °Mike° wrote:
    >
    >
    >>Ok, semantics apart, nobody but a very few are going to go
    >>through all of that trouble, are they? Also, my reply was not
    >>incorrect, per se, as the XP firewall does not block outgoing
    >>traffic. Now if I had said "CAN NOT block outgoing traffic"....

    >
    >
    > No XP here...is the configuration process any more difficult than it is
    > in, for instance, Kerio?
    >


    It doesn't matter, because it still doesn't do application checksumming!

    So it's pretty easy for a trojan to replace an existing legit-named file
    on your system & be allowed through, despite any detailed config.

    That's why one should use ZoneAlarm or some other program that does MP5
    checksumming.

    -- DE
    Tergiversative, Oct 20, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mr Pat Pending

    compilation of all the bathroom walls of the world

    Mr Pat Pending, Oct 21, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    544
    Rick Merrill
    Oct 22, 2003
  2. Replies:
    3
    Views:
    494
    Fred Tehbot
    Sep 14, 2005
  3. W. Wells

    Wireless through thick walls?

    W. Wells, May 16, 2006, in forum: Wireless Networking
    Replies:
    5
    Views:
    13,116
    Diamontina Cocktail
    May 16, 2006
  4. Little Green Eyed Dragon

    Fire with fire

    Little Green Eyed Dragon, Aug 16, 2006, in forum: Digital Photography
    Replies:
    0
    Views:
    388
    Little Green Eyed Dragon
    Aug 16, 2006
  5. Richard G Carruthers

    Fire Walls

    Richard G Carruthers, Jul 5, 2005, in forum: Windows 64bit
    Replies:
    13
    Views:
    636
    Charlie Russel - MVP
    Jul 6, 2005
Loading...

Share This Page