OldVersion has links to quite a few versions of ZA, all the way back to 2.0. http://oldversion.co...am.php?n=zalarm
You just admitted that a software firewall is not part of a system's security infrastructure, because it doesn't directly detect the presence of malware or keep it off a system. So it's not really part of a system's security infrastructure.
How do you get that out of what I posted? There's more to security than keeping malware from gaining access to your system via an internet connection or detecting its presence on your system. It also includes keeping your data and personal info from being sent out of your system. It includes preventing unwanted changes from being made to your system. It's keeping nosy users out of your data. It's preventing software vendors, websites, etc from monitoring your habits and usage. It's preventing adware and spyware (that an AV doesn't detect) from connecting out and either burying you with popups or downloading more adware. I consider security and privacy to be one and the same. If your PC isn't secure, nothing you do with it or keep on it is private.
How many times has it alerted you (or anyone else reading this) to suspicious activity that you later discovered was malware related (viral, trojan, etc) ??
Yes, I have seen a software firewall alert to the presence of a trojan that the resident AV missed, twice as a matter of fact. On both occasions it was a PC I was servicing for someone else. Both had up to date AVs. When I installed a firewall on them, it immediately alerted to the suspicious traffic.
You also disregard the fact that software firewalls (like AV software) are usually deactivated by active malware that has just infected a system.
Yes, some malware does that. Most of that malware doesn't target 9X. That problem can be somewhat addressed by a system policy that limits what can run, but an application firewall or HIPS gives very good protection against the termination of an AV or firewall on several layers. There's even a system scheduler that has a "watcher" function that can be used to restart an AV or firewall if they're terminated.
You might consider the automatic contact that certain trusted software makes with the outside world to be a security issue (MS WGA or other checks, Adobe, Quicktime, Java update checks, etc) but it's nothing more than micro-management of the system and has nothing at all to do with security.
When "legitimate" software updates or alters your system without asking your approval, it is very much a security issue. It's becoming common for the updates of legitimate software to break functions on 9X systems. Example, Flash Player updates after 9.0.47 makes sites like this one
unusable with 9X systems. I don't believe that this is accidental or that it's the result of fixing something for its use on newer systems. I think it's deliberate and is intended to make 9X systems less functional so that users will update. IMO, that makes it a security issue.
Malicious code can also exploit legitimate processes and applications, and not just Internet Explorer. On 9X systems, rundll32.exe is exploited for such purposes, much as svchost.exe is exploited on XP. Hardware firewalls are no help here but a software firewall can be. For me, this comes down to a much more basic issue, namely: who decides what is allowed and what isn't. A software vendor can claim that they own the software but I own the PC it's installed on. I will decide what it does, how it's used, when and if I update, what activities are permitted on it, etc, and I will enforce that on software vendors and users alike. To me, this isn't micromanagement. It's maintaining control over what I own.
A software firewall's in-bound filtering is exactly comparable to a hardware device's in-bound filtering in terms of scope and function. If you have a NAT router, then half the capability or functionality of a software firewall (in-bound fire-walling) has been rendered irrelavent and useless and nothing more than a drain on system resources.
Not true. While both can be configured to permit inbound traffic on a specific port, using a specific protocol, and coming from a specific IP address or range, only the software firewall can allow it for a specific application and not the rest of the applications and system components on the PC.
A firewall like Kerio 2.1.5 is extremely light and has little if any effect on system resources. On my 98 box, Kerio uses 1.7MB, slightly over 1% of my physical memory. I've installed in on Win98 PCs with 32MB of RAM and had no problems. When well configured, a software firewall can actually speed up your browser slightly by preventing other processes from wasting the bandwidth. A DSL user won't notice it, but a dialup user can feel the difference.
9X users are faced with many vendors dropping support. There aren't many AVs left to choose from. It's also a fact that AVs don't catch everything, especially adware. IMO, the loss of AV support makes a software firewall more important. When combined with an application firewall, the user has a very effective security package. A software firewall may not be the solution to all security problems, but they're by no means useless. Given a choice between an AV and a software firewall, I'll choose the firewall.
Edited by herbalist, 28 November 2008 - 06:51 PM.