Is your firewall spying on you? [Zone Alarm gets rumbled]

theinquirer.net ^ | Sunday 22 January 2006 | Paul Hales

[Dallas59]

Thanks!

[snarks_when_bored]

I hadn't seen that little hosts file editor. Looks nice (although Notepad works fine for me).

[B4Ranch]

Check your FReep mail, please.

[The Westerner]

I have a Linksys router. Do I really need Zone Alarm, too? Anybody have a clue?

[thinking]

Download a copy of tcpview, then you can see what is
connected to your PC....

[snarks_when_bored]

A useful article from Wikipedia on the hosts file:

Hosts file

[jayef]

I'm using both. The software tells me how good I am and it pleases me. :-D

[Shadow Deamon]

This is from the ZA help file, perhaps this is what he was seeing:

Joining the DefenseNet community Zone Labs security software users can help shape the future of Zone Labs security products by joining the DefenseNet community protection network and periodically sending anonymous configuration data to Zone Labs for analysis. By joining DefenseNet, you can help us focus our attention on the features and services that you use most often and to introduce new functionality that will provide even smarter security.

Configuration data is not collected from ZoneAlarm or ZoneAlarm Anti-virus users.

Even with the "Alert me before I make contact" preference selected in the Overview|Preferences tab, you will not be alerted before sending configuration data to Zone Labs.

The data collected is completely anonymous and is for Zone Labs internal use only and will not be shared with others. Of the millions of Zone Labs security software users, only a small percentage of users will have their information collected. The frequency of data transmission depends upon the configuration of your computer. For most users, data will be sent once per day.

To send configuration data to Zone Labs, select Yes, automatically and anonymously share my settings in the Configuration Wizard.

If you later decide that you do not want to send anonymous data, select Overview|Preferences, in the Contact with Zone Labs area, then clear the Share my settings anonymously... check box.

[B4Ranch]

I added the entire list from "Blocking ads on the Internet with a list of ad server hostnames and IP addresses." to my hosts file. Here's hoping that cuts down on the garbage that builds up in my Temporary Internet file.

[B4Ranch]

Maybe so.

[Snoopers-868th]

I have XP Pro and use IE. I cannot open a PDF file but I can save it and open it. What is up with that? What was your work-a-round?

[palmer]

lots of solder

[hiredhand]

OpenBSD is one of the most hardened "out of the box" operating systems on the planet. The developers have included a facility called "pf". It's a very configurable firewall package.

I run three of them on a site that I have. One is supporting a private (RFC 1918) LAN behind a static netblock via NAT/PAT for hosts on the LAN.

Another is in front of the netblock and it does everything except for NAT/PAT and traffic redirection because it's running in bridge mode and doesn't even have any IP addresses. It "looks" like a layer two device (switch or hub) to those machines around it.

The third supports a second WAN connection via a RoadRunner broadband connection that my employer (most graciously) provided to me. That one is like the one that does NAT/PAT, except that if the IP address changes, it's set up such that none of the firewalling features are affected.

There is ONE more OpenBSD host on the site that uses pf, but it's simply a SMTP server (PostFix) and runs OpenBSD because of greylisting and spamd (anti-spam system) for e-mail.

It's a rock solid operating system. They tout the fact that they've only had one remote root exploit in a default install in over eight years. No other operating system even comes close to being able to say that, except for maybe OSs like Inferno (Lucent Brick), and VX-Works (used by the Nortel CES). But most people will have never heard of these, nor would they really want to use them anyway.

But OpenBSD is not a user's operating system (IMHO). All of the systems that us people here touch are Linux systems. Debian to be specific. But they're all protected by the OpenBSD firewalls running pf.

The "pf" how-to is linked from http://www.openbsd.org.

[bobdsmith]

Software firewalls suck. Nothing can beat hardware.

It doesn't matter what medium the firewall is built on. Whether it sucks or not has nothing to do with whether it is a software application on a pc or a dedicated device.

[SeaBiscuit]

Thats true, a router is a must, especially for 24/7 cable connections. But, a software firewall is also important, not for incoming which is the router's job, but to keep a check on outgoing connections, though I don't use ZA.

[bobdsmith]

I doubt this is anything serious at all. A well known software product like ZoneAlarm simply cannot send information to somewhere covertly without someone finding out about it pretty quick by simply looking at what data is being sent out. The people who make zone alarm would realise this and so I don't believe they would even think about attempting it.

[SeaBiscuit]

See my post #55. I use the old free version KPF 2.15, highly configurable and uses little resources.

[KillTime]

My firewall: a Hub, an old Pentium III PC, pulled out the CDRom, HardDrive, Video and Sound cards, 8 megs ram, and have two NIC cards. Basically it's a stripped down computer. Then I use http://www.coyotelinux.com/ free firewall. Everything is blocked; everything. The firewall runs off the floppy disk into Ram. Completely invisible from the outside world. I packed up my LinkSys; ppl can still get to ya. Software Firewalls eat system resources, KT recommends to get a real hardware firewall (linksys are pseudo hardware fw...it is really still primarily a software fw) and use your old PC to make a killer FW.

[dynoman]

127.0.0.1 is listed as "loopback adapter" under the firewall and zones area in ZA 6.xx

[dynoman]

Loopback Adapter on IP 127.0.0.1