Tech Support banner

Status
Not open for further replies.
1 - 20 of 25 Posts

·
Registered
Joined
·
1,691 Posts
absolutely, if you don't your a target.

I use a router, a Linux box running Ipchains for port filtering since the router I use only does the NAT thing.

On the laptop since I cant always be hooked into my secure home network I run Zone-Alarm, IMHO the best software based firewall there ever was ;) (and tis free to)

http://www.zonealarm.com
 

·
Registered
Joined
·
5 Posts
Similar to Tech I route through a linux gate, however since you're new to firewalls I'd suggest Norton Personal Firewall since it has a handy "auto-rule" configurer which allows you; with one click, to setup any software you may require to access the internet. Besides that it also has many more features than zonealarm such as ActiveX/script blocking that will help prevent any little nasties trying to get at you through "innocent" looking web pages. (last version of zonealarm I checked out didn't do this, maybe it does now ? I'm sure I'll be corrected if wrong :D ) Only downside is it's not freeware, but with the license fee you do get 12 months live updates.
 

·
TSF Enthusiast
Joined
·
6,298 Posts
My computer gives me a kernel32.dll error whenever I try to install ZoneAlarm on my other computer :upset:
 

·
Registered
Joined
·
21 Posts
Well about Zone Alarm, i aint trusting it since they found a secuirity hole a mounth or two ago.. if your using XP the better using it's built in fire wall.
 

·
Premium Member
Joined
·
1,611 Posts
well, Bar_Rony, not trying to step on your toes, but in my opinion, XP's firewall kinda sucks. I've played around with it and had nothing but trouble. And from most opinions here I concluded that most people that use it have nothing but trouble. Do you know what the actual security hole for ZA was ? and I think if it was a month or two ago, they probably have it patched, so you can probably run an update to fix it.....besides, every other program out there has a some kind of security flaw...thats why we have bugs, patches fixes...whole nine yards :D
 

·
Registered
Joined
·
1,393 Posts
merlin said:
well, Bar_Rony, not trying to step on your toes, but in my opinion, XP's firewall kinda sucks. I've played around with it and had nothing but trouble. And from most opinions here I concluded that most people that use it have nothing but trouble. Do you know what the actual security hole for ZA was ? and I think if it was a month or two ago, they probably have it patched, so you can probably run an update to fix it.....besides, every other program out there has a some kind of security flaw...thats why we have bugs, patches fixes...whole nine yards :D
In a whole lot of people's opinion XP's built in firewall sucks. M$ <> security. Bar_Rony, your criticizing ZA because there was a hole a month ago!?!? Windows holes are discovered daily, it seems sometimes! I can't point you to links, but google XP firewall and read some comparative reviews - XP's firewall not only sucks, but throughly sucks! Not to mention that I can't help but believe that big Uncle Bill has stuck in some back door ... I mean hole ... on purpose.

I'm using Zone Alarm Pro on my personal and work machines. Using a Linksys "firewall" NAT router - I put firewall in quotes because it's not a real firewall - it does't do stateful packet inspection but only Network Address Translation (NAT) and port forwarding.

At work, we have real firewalls - Checkpoint and PIX.
 

·
Registered
Joined
·
21 Posts
Pseudocyber said:
In a whole lot of people's opinion XP's built in firewall sucks. M$ <> security. Bar_Rony, your criticizing ZA because there was a hole a month ago!?!? Windows holes are discovered daily, it seems sometimes! I can't point you to links, but google XP firewall and read some comparative reviews - XP's firewall not only sucks, but throughly sucks! Not to mention that I can't help but believe that big Uncle Bill has stuck in some back door ... I mean hole ... on purpose.

I'm using Zone Alarm Pro on my personal and work machines. Using a Linksys "firewall" NAT router - I put firewall in quotes because it's not a real firewall - it does't do stateful packet inspection but only Network Address Translation (NAT) and port forwarding.

At work, we have real firewalls - Checkpoint and PIX.
eheh.. well=).. i was sure xp built in was good, guess i was wrong, though i haven't seen any exploit for it yet.
 

·
Registered
Joined
·
1,393 Posts
A little googling ...

http://www.google.com/search?q=XP+ICF+hole+OR+vulnerability+OR+flaw&hl=en&lr=&ie=UTF-8&start=10&sa=N

The Internet Connection Firewall (ICF) included with Microsoft Windows XP is a good start, but it's no substitute for the type of products we review in this story. You enable Windows XP's firewall from the Control Panel's Network Connections applet by choosing the Properties sheet for your Internet connection, going to the Advanced tab, and checking the Internet Connection Firewall checkbox.

Although the ICF does a pretty good job of blocking and hiding your ports from unwelcome probes, it lacks the ability to control programs on your system that are trying to send information out to the Internet. It also doesn't show any information about potential security threats, nor does it give you any means for tracking down their sources.


Although in our testing, ICF itself does a good job of blocking your ports from inbound attacks, the Windows XP operating system hampers some of the firewalls we review from doing so. The same programs had no problem blocking ports under Win 98.
http://www.pcmag.com/article2/0,4149,2230,00.asp

Windows ICF may cause some problems, especially for corporate users and power users who need more control of their firewall. Some of the problems listed below may be difficult for some users to accept.

ICF breaks a lot of applications. This is arguably a good feature for a firewall, after all, firewalls are designed to stop traffic. However, the inability to create granular access rules and specify “trusted” hosts encourages users to just shut it off. ICF doesn’t support RPC, so message notification in Outlook will not function properly. In addition, services such as file sharing won’t work.
ICF does not perform any outbound filtering. This is by design; however, it makes ICF useless against Trojans and other malicious applications that “phone home”.
ICF lacks real-time notification of attacks. ICF can be configured to log allowed or denied traffic in a file; however, no real time notification is available.
The ability of applications to dynamically open ports requires administrative-level privileges. If you’re applying the "Principle of Least Privileges" and your account is only a “limited” account, the applications you run will not be able to take advantage of the ICF programmatic API and open up ports dynamically.

Conclusion

ICF is an excellent security tool for most people. It blocks most attacks from the Internet. And it works automagically with applications that are aware of the ICF API. It has support for industry standard protocols like FTP, H.323, and PPTP. However, if you are a corporate user and/or a power user, you’ll probably want another personal firewall that allows more granular control. Without the granular control, power users are forced to disable the firewall in order to get some applications to work. My advice: use ICF if it works for you; if you have been forced to turn off the firewall (like I have), go out and buy a personal firewall with more buttons that you can tweak. For more information on alternative firewalls, the following SecurityFocus article is an excellent discussion: Securing Privacy, Part Two: Software Issues.
http://www.securityfocus.com/infocus/1620

Microsoft Security Bulletin MS01-059 Print


Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
Originally posted: December 20, 2001
Updated: May 09, 2003

Summary
Who should read this bulletin: Customers using Microsoft® Windows® ME or XP, or who have installed the Windows XP Internet Connection Sharing client on Windows 98 or 98SE.

Impact of vulnerability: Run code of attacker’s choice.

Maximum Severity Rating: Critical

Recommendation: Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if Universal Plug and Play support is installed and running.

Affected Software:

Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows XP
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp

Microsoft XP Firewall ICF Crumbles from L33tdawg
Wed May 21 @ 10:45 (Reads: 231)
Source: support.microsoft.com
Microsoft has released a knowledge base article in which the Redmond based company admits that their integrated firewall solution, which customers have inadvertently been encouraged to use, lacks the ability to block suspicious data traffic using Internet Protocol version 6 (IPv6). This is a small but embarrasing statement by Microsoft, which has been working on IPv6 since 1998. Not only Windows XP is affected by the issue but the recently released Windows Server 2003 versions are as well. IP version 6 (IPv6) is a new version of the Internet Protocol, designed as the successor to IP version 4 (IPv4) which allows expanded addressing capabilities, header format simplification and improved support for extensions and options among a variety of other new features.
http://hackinthebox.org/article.php?sid=9935
 

·
Premium Member
Joined
·
1,611 Posts
well, its not that we dont trust micro$oft (more or less than any other software vendor... :rolleyes: ). If you look at the stats on this forum, about 85.53 % of visitors use Windows OS. In my opinion, most of MS software is easy to use...if it works and you dont loose your nerves setting it up...IMO, the problem is that they are pushing it as this marvelous do-it-all, kick butt product. They dont spend much time testing it and working the bugs out. They rush it out on the market and then people buy it, get a laundry list of issues with it and....you know what happens then...
 

·
Citizen of the world
Joined
·
51,041 Posts
I think the "guess you just shouldn't trust ms" comment was actually right on target. If you look at how MS is trying to dominate the market to the exclusion of any other O/S vendor, you should find that frightening. Look at their Palladium initiative, you'll see what I mean. Here's a few references, nice light reading. :rolleyes:

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

http://www.internetnews.com/ent-news/article.php/1378731

http://zdnet.com.com/2100-1107-939817.html

http://www.pbs.org/cringely/pulpit/pulpit20020627.html

http://www.extremetech.com/article2/0,3973,263367,00.asp

You should be able to see where this is going. :angry2: :no:
 

·
Premium Member
Joined
·
1,611 Posts
well, johnwill, I know. But I tried..can you blame me ? :tongue2:
speaking of which, I was on the msn.com and I've found this tidbit...

Critical’ flaw found in Windows

July 9 — Microsoft on Wednesday warned of three new security gaps in its software, including one “critical” Windows flaw that could allow a hacker to run unauthorized code on victims’ PCs.


THE MOST SERIOUS of the flaws is what is known as a buffer overrun vulnerability, which could allow an attacker to use an unchecked buffer to run their own executable code.
This flaw, located in the HTML converter in Microsoft’s Windows operating system, could be used by hackers to spread the code either by sending an HTML e-mail or by creating a special Web page that triggers a download of the code.
(MSNBC is a Microsoft - NBC joint venture.) *ARGH*
Because the security hole can be exploited without any action on the part of the user, Microsoft described it as critical, the highest rating in the software maker’s four-level system.
The vulnerability exists in many recent versions of Windows, including Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003. However, the flaw is only rated moderate in Windows Server 2003, because that software ships with a setting known as Enhanced Security Configuration designed to minimize the risk of unauthorized code being launched.


http://www.msnbc.com/news/936840.asp?0dm=N217T


*sigh* :rolleyes:
 

·
Citizen of the world
Joined
·
51,041 Posts
When you go to download the patch for the new buffer O/F issue, it's pretty amusing. For XP or 2K, it's a nice convenient download link. For W98, there are about 25 links, and no explanation of which you need! :D I think W98 has really fallen out of favor!
:rolleyes:
 
1 - 20 of 25 Posts
Status
Not open for further replies.
Top