how good is the XP firewall

RoS wrote:
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this
nature. If one has something like Partition Magic, is it preferable to use
it?

RoS




WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is protect you from any Trojans or spyware that you (or someone
else using your computer) might download and install inadvertently.
It doesn't monitor out-going traffic at all, other than to check for
IP-spoofing, much less block (or at even ask you about) the bad or the
questionable out-going signals. It assumes that any application you
have on your hard drive is there because you want it there, and
therefore has your "permission" to access the Internet. Further,
because the Windows Firewall is a "stateful" firewall, it will also
assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

Husky, ask yourself this... will a reformat stop a *BOOT* VIRUS?? or will it
only stop viruses that are on your harddrive? use your head

one program that i use that seems to be much better than Zone Alarm is Kerio
Personal Firewall. it's a great program, tells you *everything* that goes on
in your system, such as which programs are starting which programs, whether
you want to start such-and-such program or not, as well as whether you want
such-and-such program to accept connections or send a connection to the
internet.

if you *really* want a solution for viruses, get Linux. it's another OS
(operating system) that's MUCH better than anything windoze has ever been
able to come up with. it's designed after Unix, which is THE most stable OS
*ever* made. best part is, it's too hard to get into, and windoze viruses
don't work on it. even better than that, is that it's FREE. it's shareware,
but it falls nowhere close to categories that include any file-sharing
programs such as Kazaa. there are many distributions of Linux, only a few of
which you have to pay for, like Red Hat, but it's also the most customizable
OS out there. check out Linux.com for some of the various distributions.
Like Ken said, "You are, therefore, much better off devoting your time,
energy, and money to making your system secure than making an insecure system
slightly less insecure." if you Really want to make your system secure, for
one, don't use Internet Explorer. use something like Mozilla, Opera, or
Netscape. another thing you can do is keep an eye on programs that are
installed on your computer (My Computer -- Control Panel -- Add/Remove
Programs), and also keep an eye on what tasks are running (Start -- Run --
taskmgr.exe). if you REALLY want your computer to be secure, disconnect it
from the internet.

Ken, just so you know... windoze ITSELF is insecure... even the xpsp2
firewall sucks, it doesn't stop everything, and many of the things it doesn't
stop can be damaging to your computer. also, if you want to access an ftp
server, you always have to disable the firewall before you can do so. using
something like Kerio saves you from having to continuously open the firewall
settings, disabling it, and then enabling it again, because all you get is a
program-generated popup asking if you want to allow the outgoing connection
once, or if you want to allow it all the time.

Even more generally, a good rule of thumb about XP is that the less you mess
with how it was designed to run, the better it will operate. It is currently
designed to run with the Windows firewall, working in conjunction with an
antivirus program that the user must install separately. It is a good
design. Don't mess with it.

Now, what happens if you want it to run the way that YOU want it to run,
rather than the way the people who wrote the OS want it to run? i'll tell
you, it messes up. when it first came out, i installed xpsp2, which turned
out to be a BIG mistake. my computer started processing a lot slower, ftp
access was denied (happened a few times even when the windoze firewall was
disabled), and when i tried to uninstall it, the uninstaller froze and i had
to re-format and re-install everything. i also tried installing NVidea
drivers on a non-NVidea card, xp messed up. installed IIS so i could run an
ftp server, xp messed up. changed IE settings, IE messed up. think about
those for a while, before you start again to talk about how good windoze is.
note: i have made *many* changes to my Linux box running Mdk (Mandrake), and
nothing's gone wrong so far.

Can you say "Can of worms"?

I have this discussion with my clients on a regular basis. Two questions:

Do you know how to determine if an application requesting outbound
connection is legit?
Do you want to know how to make that determination and are you willing to do
the legwork?

There is also the final issue: Once the nasty is loose on your machine, what
guarantee is there that it hasn't compromised the outbound scanner?

And the challenge for those that are "in the know", can you guarantee that
it is utterly impossible to compromise the outbound scanner? Hint: MD5 is
compromised; piggy backing; proof of concepts already exist to compromise
any client side firewall you care to name some of which have been addressed
and some of which haven't; I can and have hand killed a firewall and had
unfettered access...

I'd leave ZA off unless you want to do the legwork to research polite code
that's attempting to reach out.

PM is a different story, but that depends on your needs. If you're actively
repartitioning then you'll need a 3rd party tool. Personally I switched to
BootItNG about the time that PM5 came out and haven't looked back since.

--
Walter Clayton
Any technology distinguishable from magic is insufficiently advanced.


"RoS" wrote in message
...
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But
does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of
this
nature. If one has something like Partition Magic, is it preferable to
use
it?

RoS

Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?

I have this discussion with my clients on a regular basis. Two questions:

Do you know how to determine if an application requesting outbound
connection is legit?
Do you want to know how to make that determination and are you willing to
do the legwork?

There is also the final issue: Once the nasty is loose on your machine,
what guarantee is there that it hasn't compromised the outbound scanner?

And the challenge for those that are "in the know", can you guarantee that
it is utterly impossible to compromise the outbound scanner? Hint: MD5 is
compromised; piggy backing; proof of concepts already exist to compromise
any client side firewall you care to name some of which have been
addressed and some of which haven't; I can and have hand killed a firewall
and had unfettered access...

I'd leave ZA off unless you want to do the legwork to research polite code
that's attempting to reach out.

PM is a different story, but that depends on your needs. If you're
actively repartitioning then you'll need a 3rd party tool. Personally I
switched to BootItNG about the time that PM5 came out and haven't looked
back since.

--
Walter Clayton
Any technology distinguishable from magic is insufficiently advanced.


"RoS" wrote in message
...
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But
does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of
this
nature. If one has something like Partition Magic, is it preferable to
use
it?

RoS

"Leythos" schrieb im Newsbeitrag
...
On Tue, 29 Mar 2005 19:40:25 -0700, Bruce Chambers wrote:

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes.

...

Most applications can now create exceptions for their own use, many
applications do it, and users have no clue.

...

Sorry, but that is not true. The exception list (or any setting in regards
to the XP-Firewall) can only be changed while logged on as administrator.
Programms running under a normal user account (or even the user himself)
can't change ANYTHING to the settings of the XPF. So if you have seen this
problems, I ask you why the hell are you working with an administrator
account? It's one of the first things that every professional learns in
regards to security, that you should NEVER EVER work with an account that
has administrator access. Only use that to configure the system, nothing
more.

--
David R.
MCP

On Tue, 29 Mar 2005 19:11:02 -0800, "Use the Penguin, not the Butterfly!" Use
the Penguin, not the wrote:


if you *really* want a solution for viruses, get Linux. it's another OS
A myth. The reason linux boxes aren't a problem is because virii go after the
primary OS worldwide and that's windows.
If the OS can run a program, it can run a virus or a Trojan. No one's building
virus for linux cause it's such a small minority of the usage.

Ken, just so you know... windoze ITSELF is insecure... even the xpsp2
firewall sucks, it doesn't stop everything, and many of the things it doesn't
No disagreement, I switched from ZA to Trends built in everything firewall,
virus, spam filters etc.. It's caught everything.
And then there's the 24 hour FREE email support.
I can only hope they don't change policies and follow the others to bring in
more cash by selling the system in bits and pieces. 24.95 for firewall, 24.95
for spam protection, 24.95 for virus protection. with FREE hourly updates.

stop can be damaging to your computer. also, if you want to access an ftp
server, you always have to disable the firewall before you can do so. using
something like Kerio saves you from having to continuously open the firewall
settings, disabling it, and then enabling it again, because all you get is a
program-generated popup asking if you want to allow the outgoing connection
once, or if you want to allow it all the time.
Or you can switch to Trend. And not mess with any popup's.

disabled), and when i tried to uninstall it, the uninstaller froze and i had
to re-format and re-install everything. i also tried installing NVidea
drivers on a non-NVidea card, xp messed up. installed IIS so i could run an
XP Messed up ? You tried to install incompatible software and the OS messed up
?

ftp server, xp messed up. changed IE settings, IE messed up. think about
those for a while, before you start again to talk about how good windoze is.
note: i have made *many* changes to my Linux box running Mdk (Mandrake), and
nothing's gone wrong so far.

I use windows because the Amiga is no longer supported, and the Macintosh is
just hanging on. Both systems are superior to windows in every way. But I'd no
more consider them, linux, or C= 64, than buying wooden wheels.

Did you use the www.grc.com link and see just how vulnerable you really are
with your not being concerned about outgoing traffic attitude ?

did you learn anything from the www.dshield.org link ?

--
more pix @ http://members.toast.net/cbminfo/index.html

And besides, he screws up all our fun with all that logic stuff!:-)

I have to agree with a lot of what Walter says because it's self-evident.
It doesn't happen as often now, perhaps because users are more experienced.
However, we used to see tons of posts from people with no experience with
firewalls who installed them for the first time asking for information about
what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something, even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing information.
If something is going to try such an exploit, it probably would trigger your
antivirus software and even if it was unable to stop the activity, this
would certainly give the user clear warning something is going on and given
the number of "always on" broadband connections, it gives the opportunity
for user intervention as you can very quickly pull the power plug on that
broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time to do
a little research. There is an upside to that research. You will learn a
lot about your PC, you'll learn a lot about various services, what they do,
what they mean and you will eventually become familiar enough that you will
likely recognize if something strange or unfamiliar is trying to access the
Internet and take appropriate action to stop it until you find out what it
is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Kelly" wrote in message
...
Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?

"Walter Clayton" wrote:

[...]

And the challenge for those that are "in the know", can you guarantee that
it is utterly impossible to compromise the outbound scanner? Hint: MD5 is
compromised; piggy backing; proof of concepts already exist to compromise
any client side firewall you care to name some of which have been addressed
and some of which haven't; I can and have hand killed a firewall and had
unfettered access...

I have used lots of arguments against third party firewalls, but never this
one because I don't have first hand knowledge that any outbound scanner has
been compromised. However, it seems to me that if the crudware gets on your
machine, you are already screwed anyway and you can never trust your computer
again. If this ever happened to me, I would simply invest three or four
hours and do a clean reinstall, then figure out what the heck happened and
resolve never to allow it to happen again.

I'd leave ZA off unless you want to do the legwork to research polite code
that's attempting to reach out.

ZA has caused me more serious problems than this one, but I'll comment
anyway. Crudware never gets on my machine (I use far more effective
defenses than a third party firewall, which is actually no defense at all),
so by definition every outbound communication is legitimate and either
harmless or beneficial to me -- yet I am constantly prompted to decide
whether to allow some particular program to access the Internet.

Ken

Pssst.

Privilege elevation is child's play. ;-)

--
Walter Clayton
Any technology distinguishable from magic is insufficiently advanced.


"David R." wrote in message
...
"Leythos" schrieb im Newsbeitrag
...
On Tue, 29 Mar 2005 19:40:25 -0700, Bruce Chambers wrote:

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes.

...

Most applications can now create exceptions for their own use, many
applications do it, and users have no clue.

...

Sorry, but that is not true. The exception list (or any setting in regards
to the XP-Firewall) can only be changed while logged on as administrator.
Programms running under a normal user account (or even the user himself)
can't change ANYTHING to the settings of the XPF. So if you have seen this
problems, I ask you why the hell are you working with an administrator
account? It's one of the first things that every professional learns in
regards to security, that you should NEVER EVER work with an account that
has administrator access. Only use that to configure the system, nothing
more.

--
David R.
MCP

I hear you, Michael. But "we" know the value of Walter's words. And again,
is always great to read them. Miss him, too! Beings many of the 'greats'
are still in Win98 and never showed via XP, am really starting to wonder if
they will surface during LH. (

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Michael Solomon (MS-MVP)" wrote in message
...
And besides, he screws up all our fun with all that logic stuff!:-)

I have to agree with a lot of what Walter says because it's self-evident.
It doesn't happen as often now, perhaps because users are more
experienced. However, we used to see tons of posts from people with no
experience with firewalls who installed them for the first time asking for
information about what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something, even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing information.
If something is going to try such an exploit, it probably would trigger
your antivirus software and even if it was unable to stop the activity,
this would certainly give the user clear warning something is going on and
given the number of "always on" broadband connections, it gives the
opportunity for user intervention as you can very quickly pull the power
plug on that broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time to
do a little research. There is an upside to that research. You will
learn a lot about your PC, you'll learn a lot about various services, what
they do, what they mean and you will eventually become familiar enough
that you will likely recognize if something strange or unfamiliar is
trying to access the Internet and take appropriate action to stop it until
you find out what it is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Kelly" wrote in message
...
Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?

"David R." wrote in message

Sorry, but that is not true. The exception list (or any setting in
regards to the XP-Firewall) can only be changed while logged on as
administrator. Programms running under a normal user account (or even the
user himself) can't change ANYTHING to the settings of the XPF. So if you
have seen this problems, I ask you why the hell are you working with an
administrator account? It's one of the first things that every
professional learns in regards to security, that you should NEVER EVER
work with an account that has administrator access. Only use that to
configure the system, nothing more.

--
David R.
MCP

How does one change from an Admin. account to a Limited, for Email and Web
access and keep Desktop settings and programs installed under Admin?
K

In response to Michael and Kelly, IMO the "we" Kelly refers to are deserving
of your level of insight and outlook and even an esoteric joke or two on us
fools who jump blindly into the sea of technology and try to get some of it
to work.

For example, I agree with Michael that it is important for an inexperienced
user to explore incoming and outgoing alerts and requests as a means to
learning. After using a college's computers for years with no
responsibilties or authority, I bought this big ol' PC four years ago and
jumped right in, reading Langa and Kelly's website, lurking on forums like
this one, asking questions of you experts, trying every type of security app
anybody recommended until at this point I have a security battery that seems
to work together and is set up to provide alerts to as much info as to what
is going on online as I can get, so far. Beyond that I also scan for malware
on a regular basis with a variety of tools that are supposedly faithful. I
have become very good at using applications of all kinds because I am a
skilled learner.

I am as diligent on a daily basis as I can be because I know, in relative
terms, I am always going to be inexperienced at many, many things. The thing
is, I didn't buy this PC to become a computer scientist, and as amazed with
technology and curious as I am to keep on top of advances, including threats
(I subscribe to more PC newsletters than I have time to read); and
understand all the neat processes, the raison d'etre of this PC is primarily
to do my work.

Inasmuch as there are probably many more people like me than there are
experts, as well as, I'll bet, a majority who will never even read a
newsgroup, there is a burden placed on all of us unecessarily, I think.
Those of you who have expertise give plenty of yourselves on these forums
and newsgroups with endless appreciation from us "...for Dummies" readers. I
myself, a college grad, have to research, often endlessly, for simple
answers (once they are found) to solve what are sometimes huge obstacles
hampering computing, and I am a pretty good researcher. In my opinion it is
the responsibility of the Microsofts, Apples, Mozillas, etc. to employ
educators more effectively--not just scientists and programmers, but
educators that could work on ways to use this enormous tool more
educationally effective.

I can think of as many ways computing for the layman could be made more
simple and more safe as there are problematic situations that appear out of
the blue, and all of them center on getting the right information to the
user more effectively. I can't help but be amazed that a photographic
process that used to take hours in a color lab is now accomplished with a
few mouseclicks, but frustrated that those answers that it takes so much
work to find about this PC could also be a few clicks away if links to them
were always automatically provided in pace with the problematic processes.

One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,
that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server" should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.

Then, why not, "you had a worm because of a buffer overflow and both have
been fixed", or "You have a buffer overflow, (or whatever), click here to
fix it. If you're not a server, forget it. If it messes anything up you can
toggle it on and off as necessary by clicking here" instead of "go to MS
KB 43298056 and read the whole page to see if this only applies to beige PCs
on a LAN with an orange-colored router v. l.3.3.345. Don't know the
version?--get out your manual...". The flow of information needs to follow
levels: Basic first, maybe quick; difficult if you need it. So I can be safe
and still get some work done.

Simplicity and redundancy should be the goal of technology, not
complication. Maybe so long as every new buffer overflow spawns a new
industry, the status quo will self-perpetuate. No mater what, experts like
you all will always be needed that are able to see the larger picture,
because guys like me are trying, but are resigned to barely keeping up
because even brilliant scientific innovators cannot be expected to be
specialists in teaching us the stuff on levels that universally apply.

Buddy



"Kelly" wrote in message
...
I hear you, Michael. But "we" know the value of Walter's words. And
again,
is always great to read them. Miss him, too! Beings many of the 'greats'
are still in Win98 and never showed via XP, am really starting to wonder
if
they will surface during LH. (

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Michael Solomon (MS-MVP)" wrote in message
...
And besides, he screws up all our fun with all that logic stuff!:-)

I have to agree with a lot of what Walter says because it's
self-evident.
It doesn't happen as often now, perhaps because users are more
experienced. However, we used to see tons of posts from people with no
experience with firewalls who installed them for the first time asking
for
information about what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which
you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something, even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing
information.
If something is going to try such an exploit, it probably would trigger
your antivirus software and even if it was unable to stop the activity,
this would certainly give the user clear warning something is going on
and
given the number of "always on" broadband connections, it gives the
opportunity for user intervention as you can very quickly pull the power
plug on that broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or
not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time
to
do a little research. There is an upside to that research. You will
learn a lot about your PC, you'll learn a lot about various services,
what
they do, what they mean and you will eventually become familiar enough
that you will likely recognize if something strange or unfamiliar is
trying to access the Internet and take appropriate action to stop it
until
you find out what it is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Kelly" wrote in message
...
Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?

On Thu, 31 Mar 2005 14:34:35 -0600, "Buddy" wrote:


One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,
That's one of ZA's drawbacks. I can hand you my daily logs, I average maybe
1-2000 hits a day.
On average only about 5 or 6 of those can be classified as malicious.
I used to use ZA. It's got hundreds of bells and whistles. And there's no
disagreement that it has a very simple user interface and even simpler setup.
Making it ideal for beginners with firewall's.
Trouble is when you're only getting maybe 5 or 6 attempts daily to access your
machine, and those may be attempting to access a number assigned previously
IOW: false attacks also, on dial up if you follow even one of ZA's alerts,
that's most likely overkill on your part.
But ZA is ultra programmable by the user so you can put those alerts on ignore.
Making ZA worthwhile as a firewall.
And if you want a report on this, add www.dshield.org to your paranoia arsenal
and help those that don't believe in firewall's or don't think they need one.

that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server" should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.
Read above, most of those alerts you get aren't worth bothering with.


--
more pix @ http://members.toast.net/cbminfo/index.html

Yes, the goal of keeping it simple seems to have been lost over the years.
That and it seems the system designers have forgotten the greatest single
reason for devices such as PCs and virtually all modern appliances,
"convenience."

We don't purchase a PC to work on it, we purchase a PC to work for us. If a
user wishes to work on it, there are plenty of options for the "backyard
mechanic" and he certainly can purchase a PC for whatever reason. However,
the primary reason these devices exist is to provide us with a convenience
and perform services for us.

That said, much as I agree with you about what should be done with regard to
errors, I think it is important to understand how difficult what you suggest
might be to put in place. First, there are often many things that can lead
to the same generic error. One of the reasons for the error reports is to
build a database of known issues and what applications, drivers, DLLs, etc.
might be involved. One, this gives Microsoft information about what it
needs to address and two, it alerts them to problem software or hardware.

And, therein lies the tail of the dog. Not to be argumentative and please
don't take anything I'm saying as disagreement with your primary premise as
I agree, what you say is how it should be. However, because the platform is
not generic and the multitude of hardware and software variations, heck an
OEM driver can differ from a retail driver for what is otherwise the same
device, the whole idea becomes extremely problematic.

When people talk about a Mac not having the same types of conflicts as the
PC and ask why the PC cannot match a Mac for stability they are speaking
either from ignorance or they are trolls looking to stir up an argument in
newsgroups such as these. The Mac has its legendary stability because Apple
keeps tight control over the platform. It's easier to write help files,
easier to write specific references with regard to errors, it's easier to
create drivers, write applications and maintain overall system integrity.

With a PC, I'm amazed sometimes that it works at all given all the different
hardware, software, chipsets, motherboards and on and on. That doesn't mean
I think the error reference handling for users cannot be improved, I'm just
stating the reasons why it's so difficult. Further, these are not closed
systems and when they attempted to sell such systems that could not be
upgraded, users rebelled and wouldn't buy them.

Then, there's the cost/price benefit which in and of itself has exacerbated
the very issues of which you speak. While manufacturer's have used all
sorts of schemes to lower their costs, everything from not supplying the
user with a CD of the OS to using cheap parts suppliers who may not be as
well schooled in writing drivers or as good about maintaining and updating
their drivers, one of the single greatest causes of problems on a PC, they
have nonetheless, used these cost benefits to lower the price and that has
turned the PC into a mass market item and frankly, the PC is too complex for
that. And, that exacerbates the problem, making user error a major cause of
problems as well.

In addition, there are all sorts of applications that can help the unwary
user get into a lot of trouble, all sorts of utilities, registry cleaners,
utilities that modify files or make modifications to the setup, all of which
are things over which Microsoft has no control and would be virtually
impossible for them to anticipate and, as such, write a useful response.
Hence, we have things such as System Restore which is sort of a catch all
but basically is meant to restore system settings and the registry, a repair
install, something the user only has if they have a retail CD or an OEM that
is equivalent and identical to a retail CD and the recovery console which is
not only too complicated for most users but often requires access to help
files and explanations that can only be had if the system is booted...in
other words, useless if they can't boot, yet, that is the primary reason for
its existence. That one, Microsoft can control and I expect it will improve
in future iterations of Windows.

I agree almost totally with what you see as problems and certainly see the
value of the types of responses you have outlined, some of which can be
implemented. Unfortunately, I think you and many others would still find
the system woefully lacking because of all the variables that cannot be
anticipated.

You don't need to be a mechanic to drive a car. Unfortunately, we have not
quite gotten to the point where you truly need no computer knowledge in
order to operate a PC. A user may start out that way but, eventually, the
very nature of the system, updates, upgrades, etc. will eventually catch up
with them.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Buddy" wrote in message
...
In response to Michael and Kelly, IMO the "we" Kelly refers to are
deserving
of your level of insight and outlook and even an esoteric joke or two on
us
fools who jump blindly into the sea of technology and try to get some of
it
to work.

For example, I agree with Michael that it is important for an
inexperienced
user to explore incoming and outgoing alerts and requests as a means to
learning. After using a college's computers for years with no
responsibilties or authority, I bought this big ol' PC four years ago and
jumped right in, reading Langa and Kelly's website, lurking on forums like
this one, asking questions of you experts, trying every type of security
app
anybody recommended until at this point I have a security battery that
seems
to work together and is set up to provide alerts to as much info as to
what
is going on online as I can get, so far. Beyond that I also scan for
malware
on a regular basis with a variety of tools that are supposedly faithful. I
have become very good at using applications of all kinds because I am a
skilled learner.

I am as diligent on a daily basis as I can be because I know, in relative
terms, I am always going to be inexperienced at many, many things. The
thing
is, I didn't buy this PC to become a computer scientist, and as amazed
with
technology and curious as I am to keep on top of advances, including
threats
(I subscribe to more PC newsletters than I have time to read); and
understand all the neat processes, the raison d'etre of this PC is
primarily
to do my work.

Inasmuch as there are probably many more people like me than there are
experts, as well as, I'll bet, a majority who will never even read a
newsgroup, there is a burden placed on all of us unecessarily, I think.
Those of you who have expertise give plenty of yourselves on these forums
and newsgroups with endless appreciation from us "...for Dummies" readers.
I
myself, a college grad, have to research, often endlessly, for simple
answers (once they are found) to solve what are sometimes huge obstacles
hampering computing, and I am a pretty good researcher. In my opinion it
is
the responsibility of the Microsofts, Apples, Mozillas, etc. to employ
educators more effectively--not just scientists and programmers, but
educators that could work on ways to use this enormous tool more
educationally effective.

I can think of as many ways computing for the layman could be made more
simple and more safe as there are problematic situations that appear out
of
the blue, and all of them center on getting the right information to the
user more effectively. I can't help but be amazed that a photographic
process that used to take hours in a color lab is now accomplished with a
few mouseclicks, but frustrated that those answers that it takes so much
work to find about this PC could also be a few clicks away if links to
them
were always automatically provided in pace with the problematic processes.

One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an
alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,
that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and
be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server"
should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for
viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.

Then, why not, "you had a worm because of a buffer overflow and both have
been fixed", or "You have a buffer overflow, (or whatever), click here to
fix it. If you're not a server, forget it. If it messes anything up you
can
toggle it on and off as necessary by clicking here" instead of "go to MS
KB 43298056 and read the whole page to see if this only applies to beige
PCs
on a LAN with an orange-colored router v. l.3.3.345. Don't know the
version?--get out your manual...". The flow of information needs to follow
levels: Basic first, maybe quick; difficult if you need it. So I can be
safe
and still get some work done.

Simplicity and redundancy should be the goal of technology, not
complication. Maybe so long as every new buffer overflow spawns a new
industry, the status quo will self-perpetuate. No mater what, experts like
you all will always be needed that are able to see the larger picture,
because guys like me are trying, but are resigned to barely keeping up
because even brilliant scientific innovators cannot be expected to be
specialists in teaching us the stuff on levels that universally apply.

Buddy



"Kelly" wrote in message
...
I hear you, Michael. But "we" know the value of Walter's words. And
again,
is always great to read them. Miss him, too! Beings many of the
'greats'
are still in Win98 and never showed via XP, am really starting to wonder
if
they will surface during LH. (

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Michael Solomon (MS-MVP)" wrote in message
...
And besides, he screws up all our fun with all that logic stuff!:-)

I have to agree with a lot of what Walter says because it's
self-evident.
It doesn't happen as often now, perhaps because users are more
experienced. However, we used to see tons of posts from people with no
experience with firewalls who installed them for the first time asking
for
information about what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which
you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something,
even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you
are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing
information.
If something is going to try such an exploit, it probably would trigger
your antivirus software and even if it was unable to stop the activity,
this would certainly give the user clear warning something is going on
and
given the number of "always on" broadband connections, it gives the
opportunity for user intervention as you can very quickly pull the
power
plug on that broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or
not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time
to
do a little research. There is an upside to that research. You will
learn a lot about your PC, you'll learn a lot about various services,
what
they do, what they mean and you will eventually become familiar enough
that you will likely recognize if something strange or unfamiliar is
trying to access the Internet and take appropriate action to stop it
until
you find out what it is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Kelly" wrote in message
...
Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?

Wow, you are some writer, Buddy. ) As for the "we" only meant that
Walter isn't known in the XP groups. Nothing harmful or insulting from it,
was my intention.

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Buddy" wrote in message
...
In response to Michael and Kelly, IMO the "we" Kelly refers to are
deserving
of your level of insight and outlook and even an esoteric joke or two on
us
fools who jump blindly into the sea of technology and try to get some of
it
to work.

For example, I agree with Michael that it is important for an
inexperienced
user to explore incoming and outgoing alerts and requests as a means to
learning. After using a college's computers for years with no
responsibilties or authority, I bought this big ol' PC four years ago and
jumped right in, reading Langa and Kelly's website, lurking on forums like
this one, asking questions of you experts, trying every type of security
app
anybody recommended until at this point I have a security battery that
seems
to work together and is set up to provide alerts to as much info as to
what
is going on online as I can get, so far. Beyond that I also scan for
malware
on a regular basis with a variety of tools that are supposedly faithful. I
have become very good at using applications of all kinds because I am a
skilled learner.

I am as diligent on a daily basis as I can be because I know, in relative
terms, I am always going to be inexperienced at many, many things. The
thing
is, I didn't buy this PC to become a computer scientist, and as amazed
with
technology and curious as I am to keep on top of advances, including
threats
(I subscribe to more PC newsletters than I have time to read); and
understand all the neat processes, the raison d'etre of this PC is
primarily
to do my work.

Inasmuch as there are probably many more people like me than there are
experts, as well as, I'll bet, a majority who will never even read a
newsgroup, there is a burden placed on all of us unecessarily, I think.
Those of you who have expertise give plenty of yourselves on these forums
and newsgroups with endless appreciation from us "...for Dummies" readers.
I
myself, a college grad, have to research, often endlessly, for simple
answers (once they are found) to solve what are sometimes huge obstacles
hampering computing, and I am a pretty good researcher. In my opinion it
is
the responsibility of the Microsofts, Apples, Mozillas, etc. to employ
educators more effectively--not just scientists and programmers, but
educators that could work on ways to use this enormous tool more
educationally effective.

I can think of as many ways computing for the layman could be made more
simple and more safe as there are problematic situations that appear out
of
the blue, and all of them center on getting the right information to the
user more effectively. I can't help but be amazed that a photographic
process that used to take hours in a color lab is now accomplished with a
few mouseclicks, but frustrated that those answers that it takes so much
work to find about this PC could also be a few clicks away if links to
them
were always automatically provided in pace with the problematic processes.

One good example is the user you describe who gets alerts but doesn't know
what to do with them: following the "INFO" tab in ZoneAlarm after an
alert
is, more often than not, meaningless. What good is that alert to me when I
am busy in the middle of a job if ZA can't even explain it? Like you say,
that may be just a repeat alert that has come up benignly in the past, but
today it may have turned deadly. Why can't I right-click on ANYTHING and
be
connected to an "answer-machine" that has been set up by a department of
educational experts cooperating with scientists so I can solve a problem
right now? An alert that says "explorer.exe wants to act as a server"
should
be right-clickable for an immediate answer, and not from ZA's programmers,
but from an MS department-- and for safety, analyzed right there for
viruses
that are trying to spread. In my mind Microsoft gets paid well enough to
accept that responsibility.

Then, why not, "you had a worm because of a buffer overflow and both have
been fixed", or "You have a buffer overflow, (or whatever), click here to
fix it. If you're not a server, forget it. If it messes anything up you
can
toggle it on and off as necessary by clicking here" instead of "go to MS
KB 43298056 and read the whole page to see if this only applies to beige
PCs
on a LAN with an orange-colored router v. l.3.3.345. Don't know the
version?--get out your manual...". The flow of information needs to follow
levels: Basic first, maybe quick; difficult if you need it. So I can be
safe
and still get some work done.

Simplicity and redundancy should be the goal of technology, not
complication. Maybe so long as every new buffer overflow spawns a new
industry, the status quo will self-perpetuate. No mater what, experts like
you all will always be needed that are able to see the larger picture,
because guys like me are trying, but are resigned to barely keeping up
because even brilliant scientific innovators cannot be expected to be
specialists in teaching us the stuff on levels that universally apply.

Buddy



"Kelly" wrote in message
...
I hear you, Michael. But "we" know the value of Walter's words. And
again,
is always great to read them. Miss him, too! Beings many of the
'greats'
are still in Win98 and never showed via XP, am really starting to wonder
if
they will surface during LH. (

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Michael Solomon (MS-MVP)" wrote in message
...
And besides, he screws up all our fun with all that logic stuff!:-)

I have to agree with a lot of what Walter says because it's
self-evident.
It doesn't happen as often now, perhaps because users are more
experienced. However, we used to see tons of posts from people with no
experience with firewalls who installed them for the first time asking
for
information about what they should allow and what they should block.

It's not that difficult to figure out but it does take time before you
understand what things should have access or to be more precise are
relatively benign, hence no harm in allowing them versus things which
you
might not recognize and need to do some research.

Of course, that opens another can of worms, if you allow something,
even
something you understand and realize is necessary for you to be able to
access most websites or do so without being shortchanged on what you
are
able to view at most websites, is it not possible that any one of those
things might be exploited and the answer is yes.

That said, I think I would rather know when there is outgoing
information.
If something is going to try such an exploit, it probably would trigger
your antivirus software and even if it was unable to stop the activity,
this would certainly give the user clear warning something is going on
and
given the number of "always on" broadband connections, it gives the
opportunity for user intervention as you can very quickly pull the
power
plug on that broadband modem and shutdown all activity.

So, I guess to some extent, it's a matter of personal taste whether or
not
you are willing to pay the price in the beginning, not panic over the
inundation of alerts of outgoing connections and wish to take the time
to
do a little research. There is an upside to that research. You will
learn a lot about your PC, you'll learn a lot about various services,
what
they do, what they mean and you will eventually become familiar enough
that you will likely recognize if something strange or unfamiliar is
trying to access the Internet and take appropriate action to stop it
until
you find out what it is and what it's all about.
--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/


"Kelly" wrote in message
...
Nice to see your great info, even though via a cross, Walter. w

--
In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Walter Clayton" wrote in message
...
Can you say "Can of worms"?