Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Is it possible to block all incoming/outgoing traffic, except traffic you want to allow?

  1. #11
    monster_z Guest

    Default Re: Is it possible to block all incoming/outgoing traffic, except traffic you want to allow?

    Hi, Oldsod!

    1.I'm grateful you have answered me on these questions.
    However, I must note that you might misunderstood me.
    I'm using ZA Pro and Nod32 antivirus-to me this is the is the best combination you can get.
    Since the first time I came in the first contact with computers, when I was a total newbie, my friends have advised me get ZA Pro or ZA Internet Security Suite.
    I might say that I become a ZA fanboy, I trust the company and have never experienced computer slowdowns except when ZA 7.0.302.000 was buggy.
    That's why I will never use an hardware firewall or router or anything like, there is no need to.

    The question I asked you for opinion regarding that ZA doesn't protect from these internet worms is because I was extremely suspicious about this thing.
    I was using ZA for over 2 years, I've been visiting ALL KINDS OF WEBSITES, BECAUSE I decided that this was the best way to test ZA's inbound protection-nothing could pass through ZA, literally notihing.
    My friend Tony who basically recommended ZA to me, has asked his cousins who are supposed hackers and supposedly they have developed a program for breaking in into any computer.

    Now, my friend said to me that this was great opportiunity to test ZA's version 6.5.737.
    He gave them his IP address, and tried to break into his Windows XP for over an hour.
    Guess what?
    Not only ZA blocked about 1000 intrusions of whatever malware they tried to sneak inside his computer, but also computer was 100% invisible and all ports were closed.
    Now, please take into the count that these attacks and attempts to install these malware
    were REAL, not some leak-tests.

    That's why I'm extremely suspicious about what poster named Santucci on CNet.com said that ZA is vulnerable to Internet worms-honestly I don't know what he was talking about at all.

    Simply put:ZA has never failed me or my friend, that's why we use it.


    2.Regarding leak-tests. I completely agree with you. There are other serious security vendors as well who said these same thing about leak-tests and who test the real malware.
    I think that whole leak-test histeria is responsible about why many vendors have left inbound protection.
    Many vendors and leak-testers don't realize that when you buy PC it's 100% clean-which means you need inbound protection much more than outbound protection.
    This is my view.

    Also regarding website you gave the link is "blind".
    http://www.personalfirewall.**bleep**.com/leaktest.html

    It seems to me that some of the words can't be written in this message boards.


    3.One question regarding users having problems with ZA (computer slowdowns, incmpatibility with other security softwares, CPU and memory usage and etc...).
    Oldsod, I've read many of the users or some of them at least are having problems with installations/uninstallation with ZA, CPU and memory usage, or they are thinking ZA is buggy.
    Here is what is weird here-I HAD NEVER ANY PROBLEM WITH ZONE ALARM-never, that's why I can't understand other users what they are talking about.
    Since you're one of the moderators, you might know what are the main reasons.

    4.I don't know how much you read PC magazine's reviews, but ZAISS is always on the top more or less, but it seems to me that Neil Rubenking only uses defalut settings to test ZA, that's why some of the malware he tests enter isnde this computer-like the performance blocking/preventing the installation of 17 malwares samples of 20 of them.

    Or ZA Anti-Spyware blocked 6 of 8 spyware samples-again I think it's on default level.


    P.S.:
    I just hope you'll be around here in about 2 months when I ask you how to configurate ZA Pro.


    Thank you for your time and patience, again.
    I just hope I didn't take too much time from you since thread is quite big.

  2. #12
    Join Date
    Dec 2005
    Posts
    8,985

    Default Re: Is it possible to block all incoming/outgoing traffic, except traffic you want to allow?

    Hi Monster-Z

    First, I have to say I am not a Moderator (employed by ZA) , just a Guru (helper for free).

    ZA has been a very reliable firewall for years. The driver has excellent self protection or unstoppable by malware infections or attacks. Even if the ZA is attacked and the GUI does not work, the vsmon.exe still keep on working. The ZA in this situation will either do a complete lockup (nothing will get in or out) or the GUI will not appear and the firewall will not allow any new entries and continue to do firewalling duties. It is that solid.

    Routers? I use two routers chained together both doing SPI/NAT.
    Some do not like/use routers and some do. I have always at least one one router and find the home network is a lot quieter with just one in front of the PC

    Internet worms should be easily blocked by any firewall for any home user - either by any hardware or software firewall. Even Windows built-in firewall will stop internet worms.

    Hacker attempts only succeed if there are open ports and something is responding to the open port (if there is an application using the open port). Or if the user has installed malicious software or if there was some driveby/self install from either the email or web-browsing.

    I really doubt the ZA would allow a hacker in unless the user really tried hard to help the hacker. Or got fooled by the hacker and did something silly.


    oops sorry about the link. I thought you might have guessed it.

    http://www.personalfirewall.c****o.com/leaktest.html

    My gripe with the magazines- they only use 20 samples, whereas a proper test wpuld use thousands. Twenty is too selective - it can either make a scanner look good or bad depending on the choices of samples. Plus often they are swayed by money - the usual sponsors or regular advertisers will get good reviews. Some of the independant blogs and small time reviewers may get some sort of fiancial incentive from vendors to show favorable reviews for their products.

    Bad ZA issues start with bad downloads (not the proper download site or used web acceleraors/ download managers), bad installs (remmants of other uninstalled fws or networking applications), too many security applications (two fws or two av or too many active spyware scanners) running, windows is mismanaged or has been abused (files damaged or missing) by either the user or from malware, bad hardware (failing hdd or bad memory cards, failing vide/audio cards, etc), old or outdated drivers (these need to get updated from time to time) and even from running an applications while installing or some not even letting the installation finish properly. It is usually a user error or windows issue.
    FWs in general work intensely at certain levels in the OS and if there is something wrong there, then the firewall will have issues as a result.

    Read any forum and see there are always issues - for either the fw or the av or both. Forums are sometimes the worst place to see if a product is good or bad - all the users posting usually post because they have some sort of problem, not because they have no issues.

    These replies do not take too much time and if it did take time, I would still reply in full.

    Okay back to your first post:

    block these by both TCP and UDP in the ZA | Main | Internet Zone Security | Custom, if you still need to permanently close ports in the firewall:

    7 (echo)
    9 (discard)
    13 (daytime)
    17 (qotd)
    19 (chargen)
    23 (telnet)
    37 (time)
    70 (golpher)
    79 (finger)
    88 (kerberos)
    113 (ident)
    119 (nntp)
    135 (epmap)
    137 (netbios-ns)
    138 (netbios-dgm)
    139 (netbios-ssn)
    194 (irc)
    389 (ldap)
    445 (microsoft-ds)
    500 (isakmp)
    515 (printer)
    530 (courier)
    531 (chat)
    554 (rtsp)
    604 (tunnel)
    631 (ipp)
    647 (dhcp-failover)
    1067 (instl_boots)
    1068 (instl_bootc)
    1900 (ssdp)
    2689 (fastlynx)
    3389 (ms-wbt-server)
    4500 (ipsec-nat-t)
    5000-65535 (blocks all unneeded, including some P2P, the rest of the IRC and some games, and the 5000 is commplex-main or UPnP)

    The above list is a paranoid list.
    If there is no application(s) to respond to the port(s) or using the port, then there never was a risk to begin with.
    The ZA always keeps all port stealthed and closed by default.

    Plus I am guessing these ports are ok for you to block. If something goes wrong ( does not connect ) then check the ZA logs in the Log Viewer and see what got blocked. Then make the appropiate changes to allow the needed port.
    Also this is almost a backwards attempt, because the Expert of the Firewall should be used to allow the required port ranges for the destination and/or sources. Along with the internet servers IPs, in many of the Expert rules of the Firewall.

    Oldsod.

    Message Edited by Oldsod on 03-03-2008 05:27 AM
    Best regards.
    oldsod

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •