So I’ve been using zonealarm for a long time. It’s good, but since I want to save system resources, I’ve been wondering if the built in firewall is good enough?
No.
the above post brought to you by the makers of zone alarm.
One advantage ZA has over XP firewall and for that matter routers with nat firewalls is that is doesn’t protect you from applications within your computer from connecting to another via the net. ZA asks you if you want to permit such a connection
Would you mind expanding on that? A bit more information might actually be helpful (to me if not anyone else) rather than a flat “no”.
Tis simple. XP’s own firewall only blocks unwanted incoming traffic. An additional Firewall, such as Zone Alarm, blocks unwanted OUTGOING traffic, such as might be generated by Trojans, Spyware, or even XP itself in any of the , I think, seven ways it connects to the net that have nothing to do with internet surfing. It also alerts you to the fact that such software is attempting connection.
Thanks folks. I use ZA myself rather than XP’s firewall but assumed the latter would still have thorough controls on ougoing traffic.
I think I should have used more capitol letters in that post. Don’t you?
In the vast majority of cases, ANY firewalls you run on your computer are doing absolutely nothing besides wasting resources. I would recommend that you uninstall ZoneAlarm, disable XP’s built in firewall, then disable all unnecessary services. This will accomplish much the same function as a restrictive firewall: If the services aren’t running, no one can access them, and they can’t be exploited. This will also increase your computer’s overall performance. If you do feel the need for a firewall, purchase a router with a built in firewall. You’ll have to pay for it, but it won’t suck up resources on your computer and will be much more secure.
I’d also like to mention that in reality, most exploits work by convincing the user to run a malicious program, or running malicious code via a web browser or e-mail security vulnerability. A firewall cannot protect against this.
After the user is ‘convinced’ to run a malicious program, a good firewall, zone alarm in particular, will ask the user if it’s ok to allow the newly installed mal-ware to access the internet. So you get one more chance to prevent gator from sending it’s payload home. A few cpu cycles wasted? Most up to date PCs can handle that. Catching all the crap-ware that tries to call home? Well worth it. Try zone alarm and see for yourself.
It’s also pretty easy to have services/ports/listeners unprotected without knowing it, microsoft is certainly guilty of this, and many linux distros install lotsa server type crap too. Better to have some middleware close those ports for you.
That is simply wrong. First off, Windows itself is full of holes waiting to be exploited. Firewalls help to stop this. Sure, if you know how to configure Windows, you can reduce this, but not to the same degree as having a firewall. Secondly, good firewalls stealth your ports. Thirdly, unless you have a broadband or leased line connection, where are you going to pluf your router? Forthly, dedicated firewalls are not necessarily more secure than software firewalls. They are just software running on their own machines.
While you should close all the windows at night doesn’t mean you don’t need to lock the door.