I suspect ZoneLabs will find they’ve pulled a major blunder with their new all-in-one approach – I for one will not upgrade my ZA any more unless and until they back off and once again offer ZA by itself, and I’d bet they lose a lot of other faithful users too.
I’ll stick with my 6.5.737 as long as it stays functional, but I’m fairly sure its days are numbered.
I know there’s been suggestions here and there for other free firewalls, but it would be handy to see a nutshell summary here of the more popular ones along with a comparison of their respective pros and cons.
Many of the old timers on the ZA forum think that 5.5.094 was the last good version of the “pure” firewall. If you remember correctly, the majority of the vsmon problems started with version 6.
After trying 6.something, which was an absolute mess, I reverted back, and have been using it ever since. It does it’s job, no more, no less. If you’re interested, you can find it here:
My ZA free functions fine, but I have added some goodies into the proggie: fwconwatch, ipfilter, paranoid_conf, secure router, and a personal flaw of IPF WADM of a ZAL-O-FIREWALL inside ZoneAlarm free as it comes by default. So I have some extra protection in the lower realms. No problems or hick-ups,
polonus
Just a taste:
#!/usr/local/bin/perl
#----------------------------------------------------------------------------
#
# fwconwatch.pl - Monitor FireWall-1 connection table
#
# www.sabernet.net
#
#
# By default this script checks the status of the connection table every
# 60 seconds. The administrator will be notified by page/email if the
# connection table has reached the warning percentage.
#
# The -f switch causes an output line to be displayed for each check.
# The -F switch causes an output line to be logged via syslogd.
#
# Distributed under the terms of this General Public License
# http://www.gnu.org/copyleft/gpl.html
#
# Revision History:
# 11-Jun-2000 1.3 Added switch info for fwtable.pl ver1.1beta
# 08-Sep-1999 1.2 Added features provided by masato@mulan.aero.org
# 30-Jul-1999 1.1 Added cpu utilization check (SunOS 5.x)
# 30-Jul-1999 1.0 Script completed
#
#----------------------------------------------------------------------------
#
# TARGET : Target FW host
#
# LIMIT : Number of slots in the connection table. Details can be found
# in PhoneBoy's FW1 FAQ: http://www.phoneboy.com/fw1/faq/0289.html
#
# WARN : Percentage at which a page/email will be sent
#
# SRC_MAX : Number of connection sources to report on
#
# SCRIPT : Path to Lance Spitzner's fwtable.pl script
# http://www.enteract.com/~lspitz/fwtable.html
#
# PAGE : Address to send warning page to
#
# EMAIL : Address to send connection report to
#
# SLEEP : Number of seconds to sleep between checks
#
#----------------------------------------------------------------------------
$TARGET = "localhost";
$LIMIT = 25000;
$WARN = 20;
$SRC_MAX = 100;
$SCRIPT = "/etc/fw/bin/fwtable.pl -c $LIMIT"; # < ver 1.1beta
#$SCRIPT = "/etc/fw/bin/fwtable.pl -s -c $LIMIT"; # >= ver 1.1beta
$PAGE = "pager\@example.com";
$EMAIL = "infosec\@example.com";
$LOGGER = "/usr/bin/logger -p local1.info -t FWD";
$SLEEP = 60;
# main
{
while(1)
{
$conns = get_conns();
$percent = ($conns / $LIMIT) * 100;
if ($ARGV[0] eq '-f')
{
$date = `date`;
chop($date);
print "$date $percent% $conns\n";
}
elsif (($ARGV[0] eq '-F') && defined($LOGGER))
{
system("$LOGGER connections=$conns $percent%");
}
if ($percent >= $WARN)
{
`echo \"fw conn $percent%\" | mailx $PAGE`;
report_top();
}
check_cpu();
sleep($SLEEP);
}
}
#
# get_conns : returns the number of slots filled in the connection table
#
sub get_conns
{
$_ = `/etc/fw/bin/fw tab -t connections -s $TARGET | tail -1`;
chop();
$_ =~ /(\d+)$/;
$1;
}
#
# report_top : reports the top n connection sources
#
sub report_top
{
my ($top, %table);
open(DATA, "$SCRIPT |");
while(<DATA>)
{
if ($_ =~ /^(\d+\.\d+\.\d+\.\d+)/)
{
$table{$1}++;
}
}
close($DATA);
my($i) = 0;
foreach $key ( sort { $table{$b} <=> $table{$a} } sort(keys %table) )
{
if ($i < $SRC_MAX)
{
$top .= sprintf(" %-20s %-8d\n", $key, $table{$key});
$i++;
}
}
open(MAIL, "| mailx -s \"FW Connection Table $percent%\" $EMAIL");
print MAIL "Top $i connection sources:\n\n$top";
close(MAIL);
}
#
# check_cpu : checks the cpu stats and sends an alarm if warranted
#
sub check_cpu
{
$_ = `iostat -c 5 2 | tail -1`;
my(@stats) = split;
if ( ($stats[0] > 85) || # user
($stats[1] > 85) || # kernel
($stats[2] > 70) ) # iowait
{
`echo \"fw cpu us:$stats[0] ke:$stats[1] io:$stats[2]\" | mailx $PAGE`;
}
}
Wow, I didn’t know that. I haven’t paid any attention to ZA for ages. I think the last time I was on their forum is when you and I tag teamed, and went after them…
So, to get up to speed, I just cruised through several pages on their forum. What a mess. It seems to go from bad to worse for Check Point doesn’t it? Well, if you’re on XP or 2000, 5.5.094 is still the best choice in my opinion (All firewall - All the time).
I stopped upgrading ZA Free at version:6.1.744.001 which has worked perfectly since I installed it. I have no plans to upgrade ZA until all the junk is taken out of it. This version works well for me.
Outpost pro isn’t Vista compatible either, not that that concerns me, but it is a poor excuse they are saying it takes time to make the firewall compatible with a new OS, I guess a 5 year run up isn’t enough for them to start planning.
Outpost Pro is a good firewall but many users are very disappointed at this Vista compatibility, pathetic I call it.
[b]Vista Support Plans[/b]
The current version of Outpost Pro 4.0 and the first version of the upcoming Outpost Pro Security Suite 2007 will not be Vista-compatible. Converting security products to run smoothly on Vista is a long a complex task, and we will keep you posted via this newsletter and blog postings as we move towards beta versions of both products.
Vista compatibility is a huge challenge for the entire information security industry. Vista is a completely new operating system with a significantly different and more complex architecture. This means that Outpost Pro Firewall and the Security Suite for Vista must be completely new applications, with new engines and a user interface to provide the level of protection and usability you’ve come to expect from Agnitum.
I think they have really shot themselves in the foot, spending time in developing a new product to the detriment of Vista Compatibility, who is going to but a product that isn’t Vista compatible ?
Come to think of it, Neither is Comodo. Does anyone have any experience with Vista’s firewall? I’ve read that it’s hard to configure it to block outbound traffic.
To justin, do you know that your e-mail address is being shown?
No idea if its Vista-compatible but another contender is R-Tools at: http://www.r-firewall.com/
BTW, their ‘R-Drive Image’ is better (and cheaper) than latest Symantec ‘Ghost’.
The really irritating thing with ZoneAlarm is that TrueVector will collaps when using the Torpark anonimity browser, and I haven’t read the cause of this anywhere on the net. Bad point for ZA there.
As for me I’m get used to Comodo, it works fine with Win xp, more over I don’t have money & don’t want to swich on Vista.
Besides I’ve tried ZA & it sloweddown my PC very much
Hi guys.
I have good experiences with a chinese firewall called Filseclab 3.0
Works well and has a “don’t nag me” option to block any new progs without asking permission.
It can be found at www(dot)filseclab(dot)com
Agreed. I don’t know what the other vendors were doing, but I think in Check Point’s case, they were desperately trying to get their arms around the products they already have. Many problems with ZA.
To your first comment, I wouldn’t touch a new Windows operating system until at least SP1. As far as I’m concerned, you’re just an unpaid beta tester until they issue the first service pack.
That is correct, Comodo does not support Vista, however when 3.0 is released (within the next month or so) it will support both 64 bit XP/Vista along with 32 bit Windows XP and Vista.
No I didn’t, thank you very much for that, I believe its fixed now though :).