 
Mospaw
I'm Vap-O-riffic
Premium,Mod
join:2001-01-08
Las Vegas, NV | Call me paranoid... ...but I like to know which programs are tyring to get out, as well as limiting any outside connections.
I vote for both ways.
If you're going to run it, you may as well get all the protection you can. | |
|
 | 
Cam
Premium
join:2003-01-25
Luther, OK
clubs: | Re: Call me paranoid... Ok, you are paranoid...
but I agree. Just because I am paranoid, that doesn't mean someone isn't out to get me. | |
|
| |
Mospaw
I'm Vap-O-riffic
Premium,Mod
join:2001-01-08
Las Vegas, NV
 ·Cox HSI
 ·Embarq
Host:
Road Warriors, Not..
All Things Macintosh
Automotive
| Re: Call me paranoid... Very very true.
I've never had a virus, trojan or any other malware at home. My machines are well protected and my users (Mrs. Mospaw and me) are well educated.
Would this be the same without the hardware routers and software firewall? Perhaps. But for the effort and cost, they're both very good insurance.
Of course, a counter argument can be made. To use an analogy: I live in Florida. I keep a banana in my ear. We don't have any penguins. It's obviously the banana in my ear keeping penguins away. | |
|
| | 
AMDUSER
Premium
join:2003-05-28
Earth
clubs: | I agree.
Just because because I'd rather find out from the firewall that someone is out to get me[trying to break in], then have the system get compromised. | |
|
Da Geek Kid
join:2003-10-11
Mclean, VA
| power of mgmt Consider it b/w mgmt... 
Also, when a worm pops up... you'd keep it in house and won't infect yer neighbors... That's a good thing...
Also you ought to know what's running in your Corp. network....
Unless you work fer RIwaaaateva and MPwho then run Kazaa,etc  inhouse... | |
|
Denjin
join:2001-01-18
Schaumburg, IL
| bidirectional... I'm not used to even hearing this term. Any network firewall is just a firewall. By definition it can control traffic both ways.
I guess they are talkin about the crappy software 'firewalls' people install? I think the only reason Microsoft made it just control stuff one way is for simplicity to the end user.
--
Ningen wa, ningen da. | |
|
| 
yock
TFTC
Premium
join:2000-11-21
Fairfield, OH
| Re: bidirectional... said by Denjin  :
I'm not used to even hearing this term. Any network firewall is just a firewall. By definition it can control traffic both ways.
I guess they are talkin about the crappy software 'firewalls' people install? I think the only reason Microsoft made it just control stuff one way is for simplicity to the end user.
Ease of use does not equal security. Egress filtering is of paramount importance to control the spread of malware and to ensure your privacy online. Given the choice, I'll toss away ease of use and read the damn instructions.
--
Statistical correlation need not imply causation.
Technical Nirvana | |
|
| | |
Matt
Quitting Caffeine - Argh
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| Honestly.... They are generally pointless for the majority of users.
I mean, how many people know WTH svchost.exe is and why it's trying to access the internet.
The general computer populace doesn't understand outbound protection, what needs it and what doesn't.
--
TripOnThis.net Administrator
"Security by obscurity is no security at all. Don't believe the hype." (c) MntlCase | |
|
| |
| | |
| | 
jdmurray
Premium
join:2001-03-02
Huntington Beach, CA
clubs: | I take it that her Mac doesn't have a software firewall installed and that's how you got her off your back? | |
|
| | | |
| 
Jason Levine
Premium
join:2001-07-13
Albany, NY
| said by Matt :
They are generally pointless for the majority of users.
I mean, how many people know WTH svchost.exe is and why it's trying to access the internet.
The general computer populace doesn't understand outbound protection, what needs it and what doesn't.
Let's assume that we have two identical clueless users whose PCs are infected by viruses/spyware/trojan/whatever that is trying to connect out to either spread itself or phone home. The user without outbound protection will always let the malicious app connect out. The user with the outbound protection at least has a 50% chance of blocking it (Yes/No). And if the "do you want to let it connect to the Internet" question is phrased right, they might get scared enough to click No or at least ask a PC expert.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
|
| |
Matt
Quitting Caffeine - Argh
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| Re: Honestly.... said by Jason Levine :
The user with the outbound protection at least has a 50% chance of blocking it (Yes/No). And if the "do you want to let it connect to the Internet" question is phrased right, they might get scared enough to click No or at least ask a PC expert.
Very True, but the majority of users are simply going to remember, "When I say no, things don't work." and are conditioned to say yes.
--
TripOnThis.net Administrator
"Security by obscurity is no security at all. Don't believe the hype." (c) MntlCase | |
|
| | | deway2
join:2004-01-12
Roanoke, VA | Re: Honestly.... Don't forget the 50/50/90 rule. If there is a 50/50 chance 90% chose the wrong answer, statistically! | |
|
woody7
Premium
join:2000-10-13
Torrance, CA | Hmmmmmmmmmm.... Maybe the "end user" awareness is improving....I get a lot of "Starbucks cards" for cleaning up messed up computers....I don't do it for free, cause if they feel a little "pain" it helps in the awareness...JMT
--
BlooMe | |
|
| RogerB34
Premium
join:2004-07-01
San Diego, CA | Re: Hmmmmmmmmmm.... I wouldn't bet on pain causing awareness.
Good for business though. | |
|
|
woody7
Premium
join:2000-10-13
Torrance, CA | in the pocket book i mean.....heh heh
--
BlooMe | |
|
lefty1
join:2002-10-25
Clay, NY
| Call me paranoid, too I can't believe this question is even being seriously asked. A firewall won't necessarily stop malware from getting on your computer, but a software firewall, such as Zone Alarm, can keep a trojan from phoning home.
It's true that most people won't know the difference between svchost.exe and mxtarget.dll, but does that mean no one should have the opportunity to make that decision?
Only a true internet moron would opt for uni-directional protection. | |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| Both Ways. Saying an inbound-only firewall is sufficient is like saying a customs check is only needed for those entering a country, and those leaving it are free to enter neighboring countries unchecked. An inbound firewall is ineffective against viruses/trojans/malware on CDs, floppies and USB memory devices, and items slipping by email defenses.
You need security checks both ways.
--
Aaron Hulett | Trojan Analyst | Mischel Internet Security | |
|
| dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
| Re: Both Ways. said by ahulett :
Saying an inbound-only firewall is sufficient is like saying a customs check is only needed for those entering a country, and those leaving it are free to enter neighboring countries unchecked.
And that's how customs works for the majority of travellers.
Fly from USA to UK? You're inspected by UK customs. USA customs doesn't look at you.
Return from UK to USA? You're inspected by USA customs. UK customs doesn't look at you. | |
|
| |
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| Re: Both Ways. I was using the customs checkpoint as a whole as the comparison to firewalls.
You may not get "thoroughly checked" by a customs agent, but your passport's still processed, right?
--
Aaron Hulett | Trojan Analyst | Mischel Internet Security | |
|
| 
blackjeep
join:2001-07-12
Atlanta, GA
| Have you ever been thru a customs check? Try going across the border into mexico. You can drive right across or walk across with virtually not even a glance from the mexicali police. But try just driving back from Mexico, or carrying a bag walking across the border and see what happens. They are going to stop you, and search you, and if they find ANYTHING suspicious, they'll strip search your car for contraband. Unidirectional border. | |
|
| |
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| Re: Both Ways. "Have you ever been thru a customs check?" My passport says I have. That's fun, getting your bag's contents spread across a table in front of everyone. At least I haven't had that happen to me, yet. But I've seen it happen to people I know.
"You can drive right across or walk across with virtually not even a glance from the mexicali police."
Guess you could compare that to a security hole in a firewall.
Is there some reason we're taking this so literally? It was a comparison to help understand my point, not a "this is exactly how firewalls work... just like customs checkpoints" statement.
So....... imagine that the ONLY way from one country to another is ONLY by going through a boarder crossing. No illegal methods. Does that help bulletproof the comparison?
Sheesh.
--
Aaron Hulett | Trojan Analyst | Mischel Internet Security | |
|
IamZed
Premium
join:2001-01-10
Dayton, OH
| Interesting idea Still, I thought it was an interesting thread in security when I read it last night. Mosesr was requesting if and outbound only application to complement the XP SP2 firewall existed, as well as wether outbound was overkill. I side with the “There is no such thing as overkill” crowd, but an outbound only app was an interesting question.
--
Relax | |
|
| B
Premium,MVM
join:2000-10-28 | Re: Interesting idea
Yes, there has been at least one, called "ZoneAlarm". No, I'm not being clueless -- please see my response in that thread.
-- B
--
In a realm outside causality and function | |
|
| |
IamZed
Premium
join:2001-01-10
Dayton, OH | Re: Interesting idea That was a good post. I got onboard ZA later than that. | |
|
raydog1
Feel Secure
Premium
join:2003-07-10
La Vergne, TN
| Here's a kick in the pants. . . Two nights ago, there was an update to Snapstream Media's Beyond TV3. For those who don't know, this is an application that essentially gives your computer Tivo-like capabilities, allowing you to record tv shows on your pc, use time-shifting, etc.
This was a major update and those of us in the BTV3 community have been waiting a long time for some of the new features offered by this update. Even better it was free to those of us who purchase the previous version.
One of the new features is an enhanced error-reporting capability. I know this because I saw it in action the moment after installation. A little yellow triangle with an exclamation appeared in the task tray. After clicking on it, I get a window that says something like,
"Beyond TV3 installation has detected vsmon.exe. This may be a component of the Zonealarm firewall. There have been memory leaks reported with this firewall while Beyond TV3 is running. We recommend using the Windows XP firewall."
It's incompatibilities like this that turn people away from firewalls. Kerio had similar problems with Nero's InCD. I've installed ZA on friends' PCs or recommended them. Most of the time, they get uninstalled very quickly because they can be very annoying to the average user. Especially when they start getting errors or the BSOD when there is a conflict with another application.
Face it. If you're a member of this forum, then you probably have a software firewall or you're knowledgable enough to manage without one. But, the average user is rarely going to use one. Most people don't even use an up-to-date antivirus app.  | |
|
|
jdmurray
Premium
join:2001-03-02
Huntington Beach, CA
clubs:
| Re: Here's a kick in the pants. . . Does ZA still have memory leak problems? It seems like I've been hearing this for years. I don't use ZA because its user interface isn't nearly as useful as those of Kerio and Sygate.
Also, I don't think a memory leak problem causes incompatibility; instead, it causes instability, which Snapstream Media's product may be incorrectly blamed as causing. | |
|
| 
BUGZILLA 57
Don't Get Uranus Ablaze
Premium
join:2004-06-10
out there
clubs:
 ·Cingular Wireless
·AT&T Southwest
| said by raydog1 :
I've installed ZA on friends' PCs or recommended them. Most of the time, they get uninstalled very quickly because they can be very annoying to the average user. Especially when they start getting errors or the BSOD when there is a conflict with another application.
Face it. If you're a member of this forum, then you probably have a software firewall or you're knowledgable enough to manage without one. But, the average user is rarely going to use one. Most people don't even use an up-to-date antivirus app.
I've set up firewalls, tea timers, etc. for friends who were plagued with dialers, malware, or just bogged down with bad cookies. In a week they are begging me to turn it off because of the alerts.
It's like our old high school ag teacher Titus Ballsac used to tell us about horticulture. "Ya' can lead a hor'ta culture, boys, but ya' can't make her think."
--
Anything good in life is either illegal, immoral, or fattening. -Murphy's Law- | |
|
vernalex
Premium
join:2000-10-19
Manchester, CT
| Overkill for most I personally believe that two-way firewalls have their use. Such as in a corporate environment where you want to limit Internet use or network segment to network segment communication through the use of VPNs or proxy servers. But, for the average home user I believe that outgoing firewalls are more burdensome than they are worth. They have a use for the paranoid, but I think the firewall in SP2 is more than enough for my mom. Because asking to open listening ports is already too confusing for her. The problem exists with the metaphorical explanation of computers and the ethereal existence of ports/sockets. I have also seen firewalls break far too often and leave the computer unable to communicate with the Internet without an uninstall of the firewall, especially with the Norton based firewalls. But, I believe that most people should use the SP2 firewall if they have Windows XP. And the paranoid can use ZoneAlarm. But, I personally like home NAT routers, patching my computer, running a real-time virus scanner and not running stuff I shouldn't.
I agree with my Windows Security Guide:
»www.vernalex.com/guides/winsetup···ty.shtml
And I agree with my Malware Removal Guide:
»www.vernalex.com/guides/malware/index.shtml | |
|
|
|
|
Bi-Directional Firewalls
