Thread: Microsoft Windows Vista includes a two-way firewall. TO THE TOP
View Single Post
  #18 (permalink)  
Old February 18th 09, 02:18 PM posted to microsoft.public.vb.vista.compatibility,microsoft.public.windows.vista.general,microsoft.public.windows.vista.performance_maintenance,microsoft.public.windows.vista.security
mayayana[_3_]
external usenet poster
  
Posts: 7
Default Microsoft Windows Vista includes a two-way firewall. TO THE TOP

Apparently the makers of ZoneAlarm fixed such a problem by
preventing ZoneAlarm from being shut down.

What makes you believe shutting it down is the only possible way to
circumvent it? And why would malware writers choose a method which
makes you as a user suspicious to what is going on. No, no. They will
of course just circumvent your illusionware why letting you continue
to believe all is fine and well.


That's quite a strong statement to make, implying
that 2-way firewalls are basically useless. If you're
going to claim that you should provide some evidence
and explanation. Otherwise you're just adding confusion.

In my experience, ZA has no trouble blocking unauthorized
software from going online. There is a wrinkle, though,
with XP. XP, and NT systems in general, are a security risk
in that they're designed as corporate workstations, with
various vulnerable network-related services that are
unnecessary on Win9x but are typically running, and may
even be critical, on NT (RPC, for example.)

Complicating matters, Microsoft shrouds a number of
services in the svchost.exe process, which can run in
multiple instances. So if you allow svchost through the
firewall it's not so easy to know exactly what you're
allowing. And ZA can't differentiate between the actual
processes running under the svchost "hat".

That wouldn't be a problem if you just block svchost altogether,
except that if you block svchost and use highspeed then you
may block a service critical to your connection! So in most
cases it's difficult to really block Microsoft's stuff and control what
goes out on NT systems. (NT4,2000,XP,Vista.)

Another complication involving different ZA versions:

If you use the earlier ZA versions that were compatible
with XP (v. 2.6.x) you can block svchost, but as noted above,
that might be a problem on highspeed.

With later versions of ZA, ZoneLabs apparently cooperated
with Microsoft and will override your settings. Later versions will
put svchost into the allowed list without telling you, and
put it back again if you remove it. However, I think that someone
using dial-up, and using ZA 2.6 could block all outgoing MS
processes. (Though I don't know whether v. 2.6 runs on Vista.)

I haven't tried more recent versions of ZA. It bloated from
a 2 MB program to a monstrosity of 50 MB in recent versions.
Personally I'd look elsewhere these days if I felt a need for a
new firewall and for some reason didn't think ZA 2.6 was
adequate.