[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Black-Ice vs. ZoneAlarm



PureBytes Links

Trading Reference Links

ZA is probably fine behind the Linksys router, especially with NAT, which 
is an excellent shield in itself.

As I mentioned previously, the big problem with ZA is the single-thread 
code bringing all network activity to a standstill, if you inadvertently 
run a non-permissioned application that tries to access the Internet.

The best defense against Trojans is an up-to-date anti-virus program. If a 
Trojan slips through, it sets up shop by listening on a "secret" port for 
an external activation code. A stateful filter will note that the 
activating packet is not in response to a valid session originating on the 
LAN and drop the packet (logging the event). In fact, the firewall won't 
even allow a response to a ping. Thus, it's totally invisible except for 
LAN-initiated activity.

Allan

At 11:14 AM 6/25/2000, Bob Scott wrote:
>On Friday, June 23, 2000 9:20 AM Allan Kaminsky wrote:
> >Here's the best solution. Use a hardware firewall. I just installed
> >SonicWALL SOHO and it's a dream. None of the problems of the software
> >firewalls. Also, this box is configurable to provide NAT and/or DHCP, as
> >well as stateful packet filtering, content filtering, address list
> >maintenance, etc
>
>I use a Linksys router with ZoneAlarm as a secondary shield.  When I was
>using only ZA I was recording intrusions several times a day.  Since I added
>the router ZA has only detected one intrusion and I think it was someone
>that somehow "latched on" to one of my web searches.  It apparently planted
>several trojans which were trying to "call home" but ZA halted the activity.
>Would "stateful packet filtering" of the SonicWALL have helped in this
>situation?  For the time being I'll continue to run ZA behind the router.
>
>Bob