Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zone Alarm 5 Beta Review

Posted by timothy on from the permeable-membrane dept.

An anonymous reader writes "ZoneAlarm is getting ready to announce version 5 of its security software firewall, ZoneAlarm. Though there are a few changes that are presently available on the new beta, this review mentions that there are still many security issues to resolve. Grc.com scan reveals that ZoneAlarm Beta 5 failed to close port 25 and fails to give useful information to the user about possible security services being shut off."

34 comments

  1. Wait, do we respect Gibson now? by WereTiger · · Score: 4, Interesting

    IIRC GRC.com was the haven of a sanctimonious blow-hard, why would anyone go so far as to use tools provided by him as a defacto security test of a new firewall?

    Just my 2 cents.

    Wonder if Zonealarm has addressed the issue that was brought forth about version 4, which is that it's hook into the tcp/ip stack could be hijacked by malware.

    --
    If you're hearing rhetoric about Linux, open source, or Mac and everyone's bashing Microsoft, you've found Slashdot.
    1. Re:Wait, do we respect Gibson now? by Captain+Splendid · · Score: 4, Insightful
      He might be a little strident, but he's willing to educate and help people. Contrast this with AV and Firewall companies who are simply content to ram their products down your throat.

      IMO, we need more guys like him.

      --
      Linux, you magnificent bastard, I read the fucking manual!
    2. Re:Wait, do we respect Gibson now? by WereTiger · · Score: 2, Informative

      don't get me wrong, I'm all about educating the masses. Gibson's efforts to do so are admirable.

      That aside, I don't like Gibsons personality. The guy just rubs me the wrong way. I guess I shouldn't let that reflect on my opinion of his website, but I'm only human.

      I'm still waiting for his.. what were they called? nano-packets? The ability to portscan an entire systems in a second.

      --
      If you're hearing rhetoric about Linux, open source, or Mac and everyone's bashing Microsoft, you've found Slashdot.
    3. Re:Wait, do we respect Gibson now? by phaze3000 · · Score: 5, Informative
      Wouldn't say this was a troll at all, just a fair comment about a man with a massively over-inflated opinion of his capabilities:

      Remember the time he 'invented' TCP SYNcookies six years after they were actually created?. To be fair to him, his SYNcookies proposal wasn't the same as what had already been suggested - his had some pretty major omissions that made it unworkable.

      Or the time he predicted the end of the Internet with the introduction of raw sockets into Windows XP, or earlier because of Code Red?

      If one is supposed to be doing a firewall test then a *proper* port scanning utility such as the excellent nmap should be used, rather than a tool on the website of a known netkook.

      --
      Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
    4. Re:Wait, do we respect Gibson now? by WereTiger · · Score: 2, Interesting

      Exactly what I was trying to relate. I couldn't remember the specifics, thank you for bringing them up!

      I'm sorry if you're getting modded as Troll, cause we aren't. Mods need to learn what Trolling is :P

      I'd mod you up if I could ;)

      --
      If you're hearing rhetoric about Linux, open source, or Mac and everyone's bashing Microsoft, you've found Slashdot.
    5. Re:Wait, do we respect Gibson now? by Spoing · · Score: 4, Insightful
      I've always had respect for Steve Gibson, though I can understand why he gets such flack from technically knowledgeable people.

      He is one of those people who you have to adjust for, and if you don't you'll just miss the point of what he's trying to say. Once you do, what he says makes a whole lot of sense and he does not come off as a light-weight tech by any means.

      His main focus, for many years, seems to be this;

      1. Explain technical issues to moderately technical people so that they do not consider themselves idiots.

      2. Hype it up a bit for effect.

        Important: Tell the nit-pickers to #uck off.

      The hype rubs many geeks the wrong way since we want to know the real details and with those details we can figure out for ourselves if something is important or not.

      When his errors or lack of total completeness is brought up, he drops into #uck off mode. Yep, he is a bit arrogant, though most techies are. He does have an ego and will snipe back if sniped...so?

      I have friends who I don't agree with, who do things I don't like, though if it's in character I let it pass; "Jack is being Jack".

      Hammer Steve Gibson when he deserves it, though consider that most of the time he's not so horribly off the mark when you consider his audience and basic attitude.

      --
      A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
    6. Re:Wait, do we respect Gibson now? by Nasarius · · Score: 1
      I'm still waiting for his.. what were they called? nano-packets? The ability to portscan an entire systems in a second.

      Apparently, he thinks asynchronous sockets are so neat, he calls them "NanoProbe".

      --
      LOAD "SIG",8,1
    7. Re:Wait, do we respect Gibson now? by Monkelectric · · Score: 1

      Steve gibson is a mixed blessing. He's informing people, thats important ... but Have you ever used his Spinrite software? the software *ACTUALLY* grandstands, its insane.

      --

      Religion is a gateway psychosis. -- Dave Foley

    8. Re:Wait, do we respect Gibson now? by Beryllium+Sphere(tm) · · Score: 2, Interesting

      It's tough to write good material for a mass audience. I've had to oversimplify my non-technical work to keep it accessible. (Detailed criticism welcome even if rude).

      Where I think grc.com does readers a disservice is by steering them away from good products. Look at the flexbeta review that marked products "Failed" in red letters because they closed ports as opposed to dropping packets, or because they answered on port 113. Both of those are perfectly valid policy choices.

      It's good that Gibson highlights the need for outbound controls, but the approach he suggests is doomed. Zone Alarm helps with today's malware but tomorrow's won't be so wimpy. Hostile code with Administrator privileges, once it evolves to full capability, means Game Over. Prevention is the long-term answer. Does grc.com advise people not to run as Administrator? Not that Google can find.

    9. Re:Wait, do we respect Gibson now? by tr33limbz · · Score: 1

      what do you mean by "grandstands"?

      --
      -end of post.
    10. Re:Wait, do we respect Gibson now? by drinkypoo · · Score: 2, Funny
      I think we should have a quiz before people are allowed to moderate. Multiple-choice is acceptable, no one's going to want to grade essays anyway.

      Trolling is:

      1. A method of fishing in which a line with bait or a lure is drug through the water behind a boat
      2. Constructing or repeating an argument you know to be false in order to elicit a desired response
      3. Living under a bridge and jumping out and demanding money from people attempting to cross it
      4. Answering a question incorrectly, or in a way moderators don't agree wiith.

      If they answer anything other than two, delete their slashdot account. :P

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Overblown, but helpful. by Futurepower(R) · · Score: 2, Insightful

    Gibson has been very helpful to the Windows and novice computing community. All the magazines have been taken over by the do-anything-for-money people; they cannot be trusted. Where does a Windows novice get information?

    When you are new to computing it is difficult to believe that Windows is as vulnerable as it is. A novice keeps saying, "Microsoft is a big, successful company, why would they be so self-destructive?"

    It's true that Gibson is amazingly overblown at times.

  3. Hmm... Use ZoneAlarm? by base3 · · Score: 0, Troll

    Or just use an OS that doesn't attract worms, viruses, and spyware applications that call home. Tough decision, that is.

    --
    One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
  4. Farewell to "Fair well". by Futurepower(R) · · Score: 2, Funny

    From the Flexbeta review, "Zone Alarm 4 did not fair well..."

    First, maybe we should not be accepting advice from journalists who don't know their own language well.

    Second, I read the ZoneAlarm 4 review and it didn't seem to uncover anything that would cause someone to stop using ZoneAlarm.

    I suppose a fair well is a deep hole filled with water at a fair.

    Fare: To progress or perform adequately, especially in difficult circumstances.

    Farewell to Flexbeta.

    1. Re:Farewell to "Fair well". by Laebshade · · Score: 1

      If you want to nitpick, we can pick at your title. A space should be between Fare and well in Farewell.

      So it's a typo. Yes, it's a typo. It happens. Sometimes when I'm typing the same thing happens: I hear the sound of the word in my head and associate it with a certain spelling. Sometimes I don't associate in correct context.

    2. Re:Farewell to "Fair well". by drinkypoo · · Score: 1
      A typo is a typographical error. This is a grammatical error. Thinking one thing and typing another is not a typographical error. While it is ostensibly not in the dictionary (and I am not going to look it up for fear I might find it) such an error is commonly referred to as a braino.

      Missing one key and hitting another is a typo. Missing one word and typing another is something entirely different, something which the author of the article should have caught, and barring that, the editor.

      Finally, there is nothing wrong with the word farewell, though your attempts to argue otherwise are clearly inspired, though brief. Fare well is accurate, but farewell is now a word. Unless you're saying fare thee well, which is (well, was) grammatically accurate and perhaps even desirable, you really don't need a space. In that case, you will need two.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Farewell to "Fair well". by drinkypoo · · Score: 1
      Even more finally*, if you are going to make a link in a slashdot comment, you will need a , or put another way, to close your anchors. Someday I will start using preview, honest.

      * Obviously I misspoke in the PP.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Kerio by kayen_telva · · Score: 4, Informative

    I have found that Zone Alarm (in past versions) would sometimes block ALL traffic on a whim.
    No explanation from the software, no warning, and damned difficult to figure out what to to correct it.

    There were other odd issues that resolved themselves after uninstalling.
    I tried Kerio because they took over an awesome product (TinyPF 4) .

    I was pleasantly surprised to find that Kerio is the nicest firewall software I have ever used.
    Includes pop-up blocking, application level permissions with MD5, and is very configurable. Nice looking (very important to style conscious surfers;). Low resource usage.

    ZoneAlarm is gonna have to knock my socks off to get me to switch.

    p.s. Has anyone tried TinyPF 5 ?? Im wondering how it compares.

    1. Re:Kerio by Anonymous Coward · · Score: 0

      Since I reloaded my system and set up ZA 4.5, it blocks everything when I boot up, and I have to shut it down and restart it before it starts working normally. This happens every single time I reboot. I have no idea why, and I haven't found any info on it anywhere yet.

    2. Re:Kerio by Anonymous Coward · · Score: 2, Informative

      Kerio 4 is generally accepted to be beta software passed off as stable. Bugs galore which haven't been fixed after 16+ different versions of 4.

      Kerio PF 2.15 is the best rule based firewall I have used.

      Tiny PF is a full blown sandbox and firewall.
      Apparently has a steep learning curve.

    3. Re:Kerio by NexusTw1n · · Score: 3, Interesting

      Tiny 5 is excellent. Applications are MD5'd on full path plus file size, it contains a full sandbox mode, as well as registry protection. ("Spyware.exe is trying to write to HKLM.SYSTEM do you want to allow this?")

      The application level firewall is completely configurable, you can control which TCP & UDP ports each individual application can use and which it can't.

      It can be complicated if you want to dig into it, but the default setup is perfectly acceptable if you just want to install and forget about it.

      ZoneAlarm trashed the TCP/IP stack on my home network, preventing Internet Connection Sharing, which is inexcusable. Disabling or uninstalling ZA does not resolve the problem you have to hack the registry and reset the stack (NETSH IP RESET) to recover the damage.

      If you google you'll find hundreds of people with hosed machines thanks to ZA. Firewalls and virus scanners are products I do expect to behave 100% reliably and when you lose that trust you are going to have a hard time winning me back. So despite a few quality versions in the early days, ZA have more than likely lost me as a customer for life.

      --
      It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein
  6. Sky is falling attitude by bangular · · Score: 4, Insightful

    I wouldn't exactly say what he does is education. Many times he just scares users by taking a security situtation and blowing it out of proportion. For example, the XP raw sockets fiasco, or syn flooding routers with a spoofed source address of the host being attacked. Both of those are problems, but the way he talked about them, he acted like they would bring the internet to a stand still.

    1. Re:Sky is falling attitude by DigiShaman · · Score: 2, Insightful

      So far, nothing else is working as far as getting the message out. Joe Shmoe still doesn't get it! Viri run wild, Windows constantly being exploited, and user are being hasty on clicking through all of those pop-ups (Spyware anyone). I'm sad to say, but there is no other choice to reach the masses then with mass hysteria that GRC provides. It's too bad really, but at least he provides a means at getting the message out even it it's a bit over zealous.

      --
      Life is not for the lazy.
  7. Does it run on WINE? by The+MESMERIC · · Score: 0

    I would feel so much safer ...

  8. This is an example from GRC.com by DAldredge · · Score: 2, Informative

    This provides full and direct "packet level" Internet
    access to any Unix sockets programmer.

    Beyond their use for supporting simple "ping" and "traceroute" commands, the original Berkeley designers intended Raw Sockets to be used for Internet protocol research purposes only. Because they fully appreciated the inherent danger of abuse of Raw Sockets, they deliberately denied Raw Socket access to any applications not running with maximum Unix "root" privileges. User-level applications were thus prevented from accessing and potentially abusing the Raw Sockets capability. (See asterisk '*' in diagram above.)

    Full Raw Sockets were created as a potent research
    tool. They were NEVER INTENDED to be shipped in a
    mass-market consumer operating system.

    1. Re:This is an example from GRC.com by Spoing · · Score: 1

      OK, you're right.

      --
      A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
    2. Re:This is an example from GRC.com by Anonymous Coward · · Score: 2, Insightful

      A good example of how Gibson entirely missed the point. Raw Sockets are restricted to Administrator users. The real issue is that XP gives users Admin access by default, not that it has raw sockets.

      If he had flamed MS for their poor out-of-box user configuration, he would have had 100% of the techie world behind him.

    3. Re:This is an example from GRC.com by LostCluster · · Score: 3, Informative

      A good example of how Gibson entirely missed the point. Raw Sockets are restricted to Administrator users. The real issue is that XP gives users Admin access by default, not that it has raw sockets.

      If he had flamed MS for their poor out-of-box user configuration, he would have had 100% of the techie world behind him.

      He is constantly harping on Microsoft's poor-out-of-the-box configuration, it's just the way he goes about it that seems a bit Tabloid-ish.

      For example, his tool called "Shoot The Messenger" simply turns the Messenger Service off, which should be its default setting on XP Home since the average user doesn't need it and it only gets used to annoy. By comparison, TechTV hosts just regularly remind people how to turn off the service by going through the Control Panel. Same net result, the same flags in the registry get changed no matter what way you attack it in the GUI.

      Instead of calling on Microsoft to make changes, he writes assembly-coded programs to do the changes and convinces people that there's such a gaping hole in their systems that need to be fixed by his magic bullets. For him, security is a side interest... his real business is built around SpinRite, the definitive hard-drive testing tool.

      So, really, he's in line with the main stream community in his beliefs on security, it's just that he has an unusual way to promote them which is more aimed at the "dumb public" than the secuirity elite.

  9. Reviewed previous article, found it misleading. by Futurepower(R) · · Score: 1

    It's not just a typo. There are several mistakes like that. Generally, people who are accurate with technical details take the time to be accurate with their use of language, I've found.

    Also, I reviewed the previous article, and found it misleading. Remember that a Slashdot comment is not a complete record of what someone thinks, it is only an indication.

    Also, farewell is correct: Farewell: Interjection used to say good-bye.

    1. Re:Reviewed previous article, found it misleading. by Laebshade · · Score: 1
      Farewell is an interjection, yes but it can be spelled Fare Well or Farewell, depending on who says so. Perhaps an English lesson is in order. First let's look at the sentence.
      An In-depth Look at Firewalls (view article), Zone Alarm 4 did not fair well under the security tests we put it through.
      Farewell: Fare can mean several things. None of those meanings apply to the sentence. Let's move onto the correctly used word.

      Fairwell: Fair, in the context of the sentence, means Moderately good; acceptable or satisfactory: ex. gave only a fair performance of the play; in fair health. Source - dictionary.com We have to look at the meaning of well too. So basically, the article DID use fairwell correctly.
    2. Re:Reviewed previous article, found it misleading. by Anonymous Coward · · Score: 0

      Thanks for the link to dictionary.com. I thought I should point out that when I used this excellent Internet resource you recommend for the word "Fairwell", which you used in your reply, I received:
      "No entry found for fairwell."

      I suggest you have this oversight by dictionary.com corrected and get back to us when this has been done.

      The Management

    3. Re:Reviewed previous article, found it misleading. by grepistan · · Score: 1

      So you're basically saying that it's not a mistake to type 'fairwell' because the two words which have arbitrarily been shoved together are both proper English words? By that principle, we can gain useful new compounds like 'noodlefission' or 'givepurple' at will! What a useful idea that could be.

      --
      Real stupidity beats artificial intelligence every time.
      -- Terry Pratchett, Hogfather
    4. Re:Reviewed previous article, found it misleading. by Laebshade · · Score: 1

      I suggest you have the oversight in your head fix. The definition, as clearly stated, was for "Fair" not "Fairwell". Fairwell is a compound word. Simply looking up the meanings of each word in a compound word gives you the meaning.