Zone Alarm

[GOSCO]

I recently installed Zone Alarm on one of my workstations. Initially I was impressed "Wow look at all ping and telnets it stops!"

My question, without a firewall can anyone really cause any malicious damage to my workstation?

I’m interested to hear what other peoples thoughts are.

 

[SteveTheGeek]

The short answer is "yes". The ease of which someone could do it depends upon the NAT/firewalls/filters/proxies between your workstation and the internet, the security configuration of the workstation itself (file sharing, services, password guessability, etc), and whether your co-workers (if it is part of a business network) are technically-oriented and hostile to you. Zonealarm is just one more layer of defense, hopefully not the only one.

An example of malicious damage might be to map to your shared C-drive and start deleting files, or uploading a virus that will execute on the next reboot.
-Steve

 

[jpm121]

For most users, the big reason for using Zone Alarm or other software firewall is to keep an eye on what's going OUT as much as what's coming in. Trojans and worms can be installed on your machine any number of ways, but having a good firewall running will instantly alert you when one tries to use your internet connection to phone home or cause other trouble.

 

[NickFerrar]

Zone Alarm itself doesn't even guarantee you security. It's hackable and is also attacked by Trojans.

A firewall simply 'filters' IP traffic depending on rules you configure. If you download a file infected with a Trojan the firewall of course won't do anything about it, at least not until the Trojan activates.

Zone Alarm (and other firewalls) come into play when the Trojan activates, as invariably it will try and communicate externally via IP and hence go through the firewall. If the firewall is configured correctly then it will block the Trojan and in Zone Alarm's case warn you that an unauthorised application is trying to access the Internet.

However, as with all the most popular programs, Zone Alarm has been targetted by hackers and it's weaknesses found. I was using Zone Alarm v2.6 and managed to get a Trojan on my PC (I was sloppy for a couple of months getting virus signatures updated on my AV software). Unfortunately the Trojan first attacked popular firewall software (including Zone Alarm) and although I had the Zone Alarm icon still flashing away it wasn't actually working and was allowing the Trojan to communicate externally. Even worse I'd shared the C: drive on that PC to transfer some files easily to another PC on my network and had forgotted (been too lazy...) to stop sharing it - which meant all my data was fully readable/deleteable without security checks, by even the most basic of 'hackers' using simple scripting tools.

So basically if you don't care about the data on your PC, don't need security (for example you don't need to do on-line banking), don't care about having to rebuild it should someone delete system files etc then you don't really need a firewall - but then who does that apply to?

 

[fxcolin]

Jpm121 makes a good point.
I recently installed Sygate Firewall on my brothers PC.
He has had his computer for a year with no firewall and a cable connection (7/24) to the internet.
Within a minute of installing, the firewall notified of a program trying to access the internet. so I did a search for the file. It was only one file and searched the internet to find out what it was and sure enough it was a trojan used to gather information (spyware)

"In life there are 3 types of people. Some that MAKE it happen, Those that WATCH it happen and some that say... hey! WHAT happened ???"

http://www.chefmedia.ca