I’ve had ZoneAlarm installed on my PC for the last few weeks and already it has blocked 3500 attempted intrusions–a good 1000 of them in the past week.
But just how good is ZoneAlarm? My guess is that it’s good enough to stop your garden-variety teen hacker, but child’s play for our friends at the intelligence agencies to do a end run around.
Are there more robust systems available? What are these “intrusions” that ZoneAlarm is stopping? And getting back to my second paragraph, how hard would it be for said intelligence agency to defeat ZoneAlarm and do some low-profile snooping?
Thanks in advance. (P.S. Another 43 attempted intrusions in the last 5 minutes!)
You’d be surprised. Zonealarm is one of the better firewalls available. I’m not sure even a dedicated cracker could get past it, unless you disable much of its protection. I’ve used it for over three years, and no problems thus far.
I often hear about these huge numbers of blocked intrusions after people install ZoneAlarm, and I wonder just what constitutes an intrusion. What’s going on out there that someone’s machine would be getting a thousand or more intrusions a week without a firewall? I have to believe that a lot of these intrusions are innocuous otherwise any non-protected machine would be overwhelmed by nefarious hackers.
And if you need a guide to making an * aluminium * foil hat, (everyone knows aluminium foil works better and is cheaper than tin.) go to http://zapatopi.net/afdb.html .
Also, ZoneAlarm is probably the best software firewall I have seen that is available commercially.
The NSA? I LOVE the NSA!! Do you hear me guys? You’re the best
–THE BEST! Keep up the great work, come on over for a bundt cake, and borrow my Jeep whenever you want. No need to worry about me. Nosiree!! I’ll just be over here saluting the Stars & Stripes, reading my bible, and writing a letter urging my congressman to raise your pay. God bless the NSA!!
Not really. 99.9% of pings to your system are benign. Pings on port 137 are Messenger Service spam, usually. Others are attempts by your ISP to send packets to the user who had your IP address last. Others are websites you’re visiting pinging you for various reasons.
Most pings are benign. Most are not intrusions. But you have to understand that it only takes one ping to alert a cracker to your machine, and one ping can tell him everything from what OS you’re running to what version of Internet Explorer is currently corrupting your disk, er, providing you with a service you could obtain better elsewhere, er, accessing your ports. With that knowledge, a cracker can use one of a list of premade exploits (cracking is not a creative pursuit) against your machine, and have a good chance of compromising your machine.
So the “thousands of attempted intrusions blocked a week” is sort of an unintentional oversellng of it, eh? Are any of these pings not just benign but actually beneficial? Are there some that you actually want to get through?
In my experience with ZA, before I got a hardware firewall, a lot of the “intrusions” were web servers or ad servers that I had actually visited trying to reconnect or something. Not sure of the details, but they were definitely prompted by where I was surfing, rather than random attacks.
No, Q.E.D. is right - benign but not beneficial (unless you are running some specialized software). Generally, no one should be contacting you through a port unless the request was initiated on your end as part of the normal and desired operations of your system. When you need a dynamic IP, your machine contacts the DHCP server. When you need DNS, your machine initiates the contact. If it’s an ICMP packet (ping, or traceroute), you should decide whether or not you exist.
ZoneAlarm is good stuff, and if I didn’t use hardware firewalls exclusively (which I find superior, but that’s a whole other debate), I would use it instead.
No, I honestly don’t think they could. But nor would they really need to. If they wanted the data on your computer, they’d simply come and confiscate it.
ZA is a good program - for programs of its class. I recommend it, though I use a much more sphisticated multi-level hardware/software system for my home LAN. Using it makes you at least 1-2 orders of magnitude more secure than not using a software firewall.
“Stealthing” (failing to respond on ports unless you originate the transaction) is great -I’d say it should be mandatory- but it won’t truly make you ‘invisible’. A script-kiddie running a packet sniffer on your local LAN segment of your cable broadband (to name just one example) would still detect you from the packets you originate (which must of course be return-addressed to you, of necessity, or they would do no good at all) Packet sniffing is barely harder than most script-kiddy hacks (the only added issue is getting around the cable modem, which is easy, if you own your own) and can yield other benefits to a larcenous cracker - like any unencrypted passwords, credit card numbers, or confidential/titillating info you happen to send (and not all so-called ‘secure’ transactions like https are properly implemented. I could cite page after page of incidents where banks and tores screwed up in ways that would not be immediately apparent via most web-browsers.
Basically, no security is absolute, and the more complex methods have a diminishing return that I wouldn’t recommend to most people - 99.9% secure is several times harder than 99%. On the other hand, don’t forget that the good crackers are using computers - and usng them well. The same automation that makes computers useful to you makes it useful to the cracker who’s willing to try 10,000 computers in the hope of finding a door into a handful. Remember the wardialing modem programs of the late 70’s/early 80’s?
The key is: usually it’s much more worth their while to grab many dozens of easy systems (tehre is no shortage) than a single slightly better protected one. Try to keep yourself in the top 10% (i.e. don’t be one of the 90% of people who are idiots) and they’ll probably move to easier prey. It’s the same principle as preventing car theft: you can’re really deter the expert, so make it easier to move on to the next guy
And this is a good point that people often overlook. While I use PGP and encryption and firewalls and the works for everything possible myself, I also hold no illusions that I’m “safe” from anyone who really wants the information. If the government, the “Mafia”, or a well-funded psychopathic “cracker” thinks there’s something on my PC really worth having, they’ll just “disappear” me, and then torture me until I reveal the password.
I have a 3 computer LAN in my little office. I have a proxy server on the hub computer through which the other two computers are connected. I have ZoneAlarm installed on the hub - do I need to install it on the client machines too?
Absolute non-geek here - I’m not even sure whether what I’ve just typed makes sense or not!
