Firewalls

Hey /comp/, ZoneAlarm's bugs are pissing me off. It contstantly hardlocks up windows anytime Truevecor crashes or I shutdown ZA normally. So I had a copy of SPF laying around, last version before Symantec. What do does anonymous suggest?

age
I'll take suggesstions from tripcoders too.

Software firewalls, especially firewalls on a desktop machine, are close to useless. You use a firewall to:

a) Filter incoming traffic. Not that useful for a single machine, particularly one that isn't a server.
b) Filter outgoing traffic. Completely useless since Window's network stack allows anyone to bypass any and all parts of it. Note that this applies to any virus/worm/trojan/bot/etc that wants to listen on a port as well, making a) irrelevant if you're infected.

Don't bother with software firewalls, unless you're connecting to the internet to update a fresh install from one of the early 2K/XP CDs, which have a known RPC vulnerability actively exploited by worms.

How is stack bypassed?

Want source code, or some verifiable description of method used to bypass windows tcp/ip stack in a single app.

kerio 2.15

how do i bypassed stack

By writing a parallel stack and talking directly to the NDIS layer, among many other ways: http://www.vigilantminds.com/files/defeating_windows_personal_firewalls.pdf

I know you guys are a dubious bunch, but be realistic here: an application running as Administrator can do anything, and 99.9% of home users always run as Administrator. This isn't rocket science.

>>8

I knew nothing about this previously, so I asked. Thanks for the answer.

Buy a router and block outbound packets with a software firewall.