Avast or Zone Alarm using proxy server?

Discussion in 'Computer Security' started by Zak, Feb 13, 2005.

  1. ZoneAlarm has asked permission to go out on two occasions for me that were
    unknown programs. Symantec research identified them as viruses and I was
    able to kill them off. They both came through the browser. That alone
    gives ZA an advantage over MS FW - IMO
     
    ROBERT S AMP BA Drake, Feb 21, 2005
    #61
    1. Advertisements

  2. ROBERT S AMP BA Drake skrev:
    Of course not. But if you are awake you CAN do without anything. I
    have never gotten any virus on my computer because I never run risky
    programs. The alerts I get are from the e-mail virus scanner, but
    those messages would never have been opened by me anyway :)

    But with a router/firewall, ZoneAlarm, avast! anti-virus, and regular
    scan with AdAware and Spybot S&D the system should be fairly clean :)
     
    Lars-Erik Østerud, Feb 21, 2005
    #62
    1. Advertisements

  3. Zak

    Roger Wilco Guest

    Sorry - XP's firewall and "another" PFW.
    How is it "less vulnerable" to have a PFW bundled with an OS as popular
    as XP? Wouldn't a certain anount of diversity be better? Aside from the
    integration with the OS being better, what else is there about the XP
    firewall that makes it better?
    That is what I meant - these "value-added" featues aren't really what
    firewalls are all about, and what firewalls are all about isn't covered
    by having PFW software running on the machine you hope to protect. How
    is XP's any better in this respect than any "other" PFW?
     
    Roger Wilco, Feb 21, 2005
    #63
  4. Zak

    Roger Wilco Guest

    [snip]

    The thing about viruses is that they can make any program "risky".

    Not running "risky" programs will help you to avoid trojans and some
    worms that arrive as programs, and scanning these program files will
    usually identify them if known to the scanner. A virus can be inside a
    program (or document) that you have trusted for years.
     
    Roger Wilco, Feb 21, 2005
    #64
  5. Zak

    Gerald Vogt Guest

    Roger, could you please update your OE, I think you are not running the
    lastest version and you may be vulnerable to known security exploits.
    Second please try to get QuoteFix or something similiar. Your OE does
    wrap quoted text...

    The better integration and less functionality aka less lines of codes.
    The PFW does, well, everything what you could imagine. The XP SP2 FW
    does packet filtering. Nothing more.
    Well, these "value-added" features are integrated with the PFW. They
    combine into a large complex product. These different features have
    dependencies and interactions. Higher complexity is more difficult to
    manage and more vulnerable to bugs. A proper design should not mix
    security related functionality like the firewall protection with
    anything else. A bug in some pop-up blocker of your PFW may cause to
    instability of the PFW including your firewall. The IE pop-up blocker -
    if you use IE - is not linked in any way with the XP SP2 FW.

    It seems so nice to have a "security suite" which provides you with any
    imaginable security gadget. It is useless in absolutely contradictory to
    good security design which limits itself to what is actually necessary
    and makes sure that this is working properly and securely...

    Gerald
     
    Gerald Vogt, Feb 22, 2005
    #65
  6. Zak

    James Egan Guest

    Nope. You must be wrong 'cos it says so on the zonelabs website.
    http://download.zonelabs.com/bin/promotions/btyahoo/index.html

    "Hacking is on the rise. And not just in the business sector. It¹s
    relatively easy for online interlopers to hop the standard router
    firewall and gain access to your financial information, your personal
    identification numbers, your passwords and more."

    Perhaps one of the many zonealarm promoting posters can explain how
    this router firewall hopping is so easily accomplished.

    Or maybe the zonelabs website is as full of shit as their firewall.


    Jim.
     
    James Egan, Feb 22, 2005
    #66
  7. Zak

    Gerald Vogt Guest

    First: you had the virus already. Why do you run viruses in the first
    place. A virus running on your computer can do whatever you can do on
    the computer. Including reconfiguring ZoneAlarm.

    Second: you do not know that ZoneAlarm "killed them off". You know maybe
    the some communication attempt was blocked. You do not know what other
    attempts have been made as well which ZoneAlarm did not detect. How do
    you know that this was not a probe message for you to catch so that you
    think "ZA protected me. I am safe".

    Third: This killing off only leads you to the conclusion that you are
    safe and protected for now. This is wrong. A compromised computer is a
    compromised computer. If you already had two viruses and will expect
    more to come soon. And I would not wonder that this may be due to some
    backdoor or similiar that goes undetected in ZoneAlarm.

    Fourth: I know the truth is hard to grasp and you won't like it, surry,
    but: It is most likely your fault of lacking precautions on your actions
    that you got that virus. Either you run it or installed it with some
    dubious software or you got it because you did not keep your system
    up-to-date. The occasions where an unknown/not-yet-patched security
    vulnerablity are not impossible but yet pretty rare.

    Gerald
     
    Gerald Vogt, Feb 22, 2005
    #67
  8. Zak

    Gerald Vogt Guest

    This is exactly the sentence that people want to believe so that they do
    not have to worry about security. If you computer is clean or not
    depends on what the user does...

    Gerald
     
    Gerald Vogt, Feb 22, 2005
    #68
  9. Zak

    Gerald Vogt Guest

    Well, I don't know if ZA does have a privacy protection function, but
    Symantec Norton Internet Security has. You can enter all your sensitve
    data like credit card numbers etc. there and NIS blocks attempts to send
    this data out. NIS has been vulnerable to hacking and has been exploited
    in the past. With all these personal data collected in one place (our
    PFW) it is really easy to "gain access"...

    Gerald
     
    Gerald Vogt, Feb 22, 2005
    #69
  10. Zak

    Roger Wilco Guest

    My OE is just fine, thanks for your concern.
    I'll look into that, someone else suggested that I wrap at 72 and so I
    do. Looks okay from here.
    What it gains in lack of complexity - it loses as bundled software.

    [snip]
    <sarcasm>
    ....and Microsoft has such a good reputation for achieving this.
    </sarcasm>
     
    Roger Wilco, Feb 22, 2005
    #70
  11. Zak

    Gerald Vogt Guest

    Here a original quote from your posting:
    ------------------ quote -------------------
    ------------------ quote end -------------------

    you see the "popular", "the" and "XP. OE does the wrapping when you
    send. You won't see it on your screen while typing, I think. Just look
    at a couple of your postings...
    That does not change anything about the XP SP2 FW efficiency.
    If you don't believe that Microsoft does anything right, then do not use
    their software...

    Gerald
     
    Gerald Vogt, Feb 22, 2005
    #71
  12. Gerald Vogt skrev:
    You still have to worry about security (not running every program you
    find or click every attachement you get) BUT your are better protected
    than with nothing (someone else COULD click an attachment, or is there
    no one else other than yourself using your computer). Alternatives?
     
    Lars-Erik Østerud, Feb 23, 2005
    #72
  13. First - Why run viruses? Because you catch them as you do a cold.

    Second - ZA did not kill them off, it simply alerted me that an unknown
    program was trying to get out. I had to get the fix from Symantec to kill
    them off.

    Third - there are ways to vaildate your security

    Fourth - I don't agree that you rarely that you get a virus, worm, spyware,
    or other demon that has not been identified and put into the vendor
    signature files. Do you remember the I Love You virus that nearly put down
    the world? Virus protection is only as good as the signature file - if it
    is not updated before the virus is in the wild, you have a problem. You are
    never totally protected.

    On this computer I look for trouble and do not practice safe hex. The the
    computer is locked down as tight as I can get it and I work on getting it
    tighter all the time.

    I think you may be over simplifying the issues a little, hey but what do I
    know.
     
    ROBERT S AMP BA Drake, Feb 23, 2005
    #73
  14. Zak

    Gerald Vogt Guest

    Strange. Strange. Maybe I am of particular good health...
    Again: you killed something. You don't know if it was "everything"...
    Elaborate please. How do you validate "your security" of a compromised
    system?
    I don't. How often do you install new software? Every day?
    Yes, I do remember. Classic example for my point: you receive a VBS
    script as attachment to your e-mail. Nobody forces me to open an
    attachment to an e-mail I never asked for from an unknown source with a
    weird contents and strange attachment. The user has to open the attachment.
    No. You are not. But you do not understand what a virus scanner does. A
    virus scanner is not the mean to free you from the decision whether or
    not to open a particular attachment. It may or may not intervene. But
    the basic decision is yours. If you just open attachments and think, the
    virus scanner will prevent it if is a virus, it is still all your own
    fault. So, if I don't have a virus scanner I still don't have a problem
    that you claim I would have. It is still the users you has to open the
    attachment.

    The only malware that you are totally unprotected against is malware
    that exploits a security vulnerablity which has not been fixed, yet.
    (O.K., Internet Explorer always falls into this category because it has
    unfixed vulnerablities for years now) If you keep your system updated
    with current security updates pretty much most of the known
    exploit-viruses & worms won't work. Most of the last epedemics where due
    to unpatched computers which haven't been updated for months or years.
    These could have been easily prevented (O.K., I see the impacts of
    certain updates for businesses which let's them hesitate to run the
    updates...). The other epedemics where those attachment etc. worms which
    were due to the user.
    Well, if you look for trouble you certainly get it. If you even know
    that you are doing that, then it is IMHO irresponsible behaviour because
    some of that "trouble" will most likely affect other people as well.
    To me it seems you are simplifying the issue if you don't even care
    about what you do...

    Gerald
     
    Gerald Vogt, Feb 24, 2005
    #74
  15. I work security. You have to get in their world to build defense
    mechanisms.
     
    ROBERT S AMP BA Drake, Feb 24, 2005
    #75
  16. Zak

    Gerald Vogt Guest

    You claim ZA "kill them off". I wrote that you don't know that for sure.
    You don't give any hints how you want to verify that ZA got everything.

    And even if you verify it, let's say, by comparison with a mirror if you
    work security you should know that there is no security-by-example. One
    prevented attack does not tell anything about the quality of your security.

    Gerald
     
    Gerald Vogt, Feb 24, 2005
    #76
  17. You're not reading my response nor understanding. ZA kills nothing - it
    detects.
     
    ROBERT S AMP BA Drake, Feb 24, 2005
    #77
  18. Zak

    Gerald Vogt Guest

    O.K. You don't read mine either. But anyway, how do you know for sure,
    in general, that ZA does detect all and you was able to kill everything
    off? What is it worth to have some insight in two occasions? What are
    the implications of these two occasions for the general security on a
    compromised machine? What are the implications for general security?
    What are the implications of these "detection" messages to users and
    users' behaviour?

    Gerald
     
    Gerald Vogt, Feb 25, 2005
    #78
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.