mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   Software (https://www.mersenneforum.org/forumdisplay.php?f=10)
-   -   Firewall program? Contact server after upgrade (https://www.mersenneforum.org/showthread.php?t=799)

markhl 2003-07-09 02:14

Firewall program? Contact server after upgrade
 
If you have a firewall program like ZoneAlarm, and you install or upgrade Prime95,
the next time it tries to contact the server ZoneAlarm will halt it and put up a dialog:
"Do you want to allow Prime95.exe to contact the Internet?".

So it's good to make Prime95 contact the server just after upgrade.
Then you can say Yes on the ZoneAlarm dialog,
and check the box "remember this answer the next time I run the program".

Otherwise, Prime95 may be interrupted when you are not there and get stuck waiting for permission,
and you lose hours of time.

dswanson 2003-07-09 05:34

... or weeks. I once lost 9 days to Zonealarm when I upgraded a Prime95 client just before heading off on vacation. Oops. :(

Xyzzy 2003-07-09 07:50

I've never used ZoneAlarm since I have a Pix, so I'm wondering why ZA would block this traffic since most firewalls permit inbound traffic from the external interface as long as it was initiated from the internal interface... For example, the traffic from the PrimeNet server is not initiated from there... It begins on the local computer and you would think a session would be generated within ZA that would keep track of this...

Or is ZA's default behavior "deny all"? Do you have to manually approve everything?

Prime Monster 2003-07-09 11:32

[quote="Xyzzy"]I've never used ZoneAlarm since I have a Pix, so I'm wondering why ZA would block this traffic since most firewalls permit inbound traffic from the external interface as long as it was initiated from the internal interface... For example, the traffic from the PrimeNet server is not initiated from there... It begins on the local computer and you would think a session would be generated within ZA that would keep track of this...

Or is ZA's default behavior "deny all"? Do you have to manually approve everything?[/quote]

Most personal firewalls provide two distinct functions; Protection from external sources and protection from internal applications that could be trojans or other types of mal-ware. In this case you have to specifically allow the prime client access to the network.

And, yes, most of them are, or should be, set up to deny all, either direction. At least initially. What good is protection if it is turned off by default? :)

heretic

dswanson 2003-07-09 14:14

[quote="Xyzzy"]Or is ZA's default behavior "deny all"? Do you have to manually approve everything?[/quote]
You can tell ZA to remember that an application is an approved one, so you only have to manually approve it one time. From then on it's transparent to both the application and the user that ZA exists. Or at least it's transparent until the next time you upgrade the application, at which time ZA treats the upgrade as a new application. The problem is simply that if you've been using the application for a while, you tend to forget that ZA exists at all.

As long as we're discussing ZA, one other problem I've noted is that it steals a percent or two of the CPU cycles, even when there is no IP traffic. It's annoying, but it's a cost I'm willing to bear to keep unfriendlies out.

Xyzzy 2003-07-10 04:09

[quote="dswanson"]As long as we're discussing ZA, one other problem I've noted is that it steals a percent or two of the CPU cycles, even when there is no IP traffic. It's annoying, but it's a cost I'm willing to bear to keep unfriendlies out.[/quote]
I dislike software firewalls for many reasons, but I suppose you can't beat the price...

Here is a fun article I wrote about my Pix experience... Note that I am not a security expert, I just play one on television...

http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=469092836&m=4700962645

I do like cool gadgets, though... Especially if they are "old school"...

I actually sold that one, why I do not know, but I missed it so much I bought another recently to replace it... I figure anything I'm willing to buy twice must be a good value!

QuintLeo 2003-07-10 14:06

Technically, my firewall is a "software" one - but it's based on LINUX IPTables, and quite a few of the "hardware" firewall devices out there use the SAME underlying firewall software....

8-)

Xyzzy 2003-07-10 16:17

I've run a similar Linux-based firewall before too...

While they work great, you still have the underlying OS to worry about...

Yes, a great amount of work has been put into them to harden them, but that still can't change the fact that the basic *nix kernel is designed to "be open" and to communicate... The Pix software, OTOH, is hardened from top to bottom from the very beginning...

Of course, everything is relative, and obviously a Linux solution is more cost effective, so the actual decision is very complex...

I don't think it is possible to say which is better in a blanket statement... Everyone has different needs and different levels of expectation...

I know if I needed a gigabit-ethernet-capable Pix I wouldn't be able to afford it in a million years... As it is, a 501 is at the very extreme end of my price comfort zone...

markhl 2003-07-10 21:13

You also need to contact the server if you upgrade the software firewall, and choose not to keep the old security settings.

I.e. you discard the list of software trusted to access the Internet.

PageFault 2003-07-11 01:12

That is why a router is preferred ... no OS to compromise, plus no stupidity from software firewalls. I'm in a relatively big city and in 15 minutes I have logged over 1000 hack attempts, with zero success ... surprising I have any bandwidth left judging by the activity lamps on the switch ...

[quote="Xyzzy"]

While they work great, you still have the underlying OS to worry about...

[/quote]

dswanson 2003-07-11 03:19

[quote="PageFault"]That is why a router is preferred ... no OS to compromise, plus no stupidity from software firewalls.[/quote]
Wait a minute. You're saying that if I have a router then I don't NEED a software firewall? That I've been losing cycles to ZA needlessly for 3 years?


All times are UTC. The time now is 20:02.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.