[WEB4LIB] "personal" firewalls
Thomas Bennett
bennetttm at appstate.edu
Fri Aug 31 12:31:31 EDT 2001
I have not used personal firewalls on public PCs yet but have used Black ICE
Defender on my workstation and switched to Tiny Personal Firewall. While
Black ICE seemed to do the job, there wasn't enough verification there
without having to use a third party program to actually view the packet data
that was received by my PC. Tiny Personal Firewall offers better options
when incoming or outbound data is detected but not for the average public PC
user. Black ICE has a set it and forget setting "Paranoid" but may be cost
prohibitive for multiple licensing. Zone Alarm was the only firewall to
pass Gibson Research's firewall test because it did not compare against a
list of permissible program. Zone Alarm, examines a program's actual code
using a cryptographic standard called an MD5 checksum instead.
As of the writing of the Gibson Research article ( see link below ) the
other firewall products were going to add the MD5 checksum to their programs
and other solutions. Zone Alarm appeared to be a set it and forget it
solution. Personally I would use Tiny Personal Firewall on a test machine
for public while setting port permissions and then ghost the image to all
other public PCs. I found that Tiny Personal Firewall, and maybe all
others, had a delay before it ran. I had accidently blocked the DHCP Server
and name servers here but would get my network connection back by rebooting.
So, the dhcp settings kicked in first which sent a broadcast to
255.255.255.255 basically yelling to the network "Hey look everybody I'm
here" and may be potential for an attack.
One more note, Black ICE did have a good update feature and could be set to
automatically check for an update. I installed Sygate Personal Firewall on
one PC and that PC has not booted since then, not even to DOS. I don't know
if it is because of the firewall software or if that PC was getting ready to
die anyway, haven't had time to perform an autopsy.
Gibson Research tests personal firewalls
http://www.pcworld.com/news/article/0,aid,36418,00.asp
>From the Gibson Research article:
"Only one major firewall vendor--ZoneAlarm--does not use a method that
Gibson claims LeakTest can exploit. Other vendors, including Symantec,
McAfee.com, and Sygate, say they're working on modifications now." Dec. 11,
2000
5 Personal firewalls
http://www.pcworld.com/downloads/article/0,aid,43926,00.asp
Thomas
-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org]On Behalf Of Larry Scritchfield
Sent: Thursday, August 30, 2001 7:44 PM
To: Multiple recipients of list
Subject: [WEB4LIB] "personal" firewalls
I would like to hear from libraries that are running "personal" firewalls -
products like Black ICE Defender or Zone Labs' ZoneAlarm - on public-access
computers. I have checked the archives and there doesn't seem to be
any discussion of this there.
My inquiry is prompted by concerns from our county IT staff has expressed
over perceived security compromises of the library rolling out a
Windows-based interface to our Dynix catalog (PAC for Windows). We won't
be able to use the same NT group-based security model as we use for our
public Internet stations now.
(And to answer a question of Thomas Dowling's from some weeks ago
concerning Dynix Java WebPAC and Netscape 6.x: Of course the vendor,
epixtech, has some responsibility to ensure the product works with
common browsers. My impression is they're fleeing from Java and putting
efforts into "next-generation" products.)
Larry Scritchfield
lscritch at mail.co.washoe.nv.us
Internet Services Librarian (775) 327-8349
Washoe County Library System www.washoe.lib.nv.us
__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop at Netscape!
http://shopnow.netscape.com/
Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
More information about the Web4lib
mailing list