mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > Software

Reply
 
Thread Tools
Old 2003-07-09, 02:14   #1
markhl
 
Apr 2003
California

1348 Posts
Default Firewall program? Contact server after upgrade

If you have a firewall program like ZoneAlarm, and you install or upgrade Prime95,
the next time it tries to contact the server ZoneAlarm will halt it and put up a dialog:
"Do you want to allow Prime95.exe to contact the Internet?".

So it's good to make Prime95 contact the server just after upgrade.
Then you can say Yes on the ZoneAlarm dialog,
and check the box "remember this answer the next time I run the program".

Otherwise, Prime95 may be interrupted when you are not there and get stuck waiting for permission,
and you lose hours of time.
markhl is offline   Reply With Quote
Old 2003-07-09, 05:34   #2
dswanson
 
dswanson's Avatar
 
Aug 2002

20010 Posts
Default

... or weeks. I once lost 9 days to Zonealarm when I upgraded a Prime95 client just before heading off on vacation. Oops. :(
dswanson is offline   Reply With Quote
Old 2003-07-09, 07:50   #3
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

27·61 Posts
Default

I've never used ZoneAlarm since I have a Pix, so I'm wondering why ZA would block this traffic since most firewalls permit inbound traffic from the external interface as long as it was initiated from the internal interface... For example, the traffic from the PrimeNet server is not initiated from there... It begins on the local computer and you would think a session would be generated within ZA that would keep track of this...

Or is ZA's default behavior "deny all"? Do you have to manually approve everything?
Xyzzy is offline   Reply With Quote
Old 2003-07-09, 11:32   #4
Prime Monster
 
Prime Monster's Avatar
 
Aug 2002

22·5·13 Posts
Default

Quote:
Originally Posted by Xyzzy
I've never used ZoneAlarm since I have a Pix, so I'm wondering why ZA would block this traffic since most firewalls permit inbound traffic from the external interface as long as it was initiated from the internal interface... For example, the traffic from the PrimeNet server is not initiated from there... It begins on the local computer and you would think a session would be generated within ZA that would keep track of this...

Or is ZA's default behavior "deny all"? Do you have to manually approve everything?
Most personal firewalls provide two distinct functions; Protection from external sources and protection from internal applications that could be trojans or other types of mal-ware. In this case you have to specifically allow the prime client access to the network.

And, yes, most of them are, or should be, set up to deny all, either direction. At least initially. What good is protection if it is turned off by default? :)

heretic
Prime Monster is offline   Reply With Quote
Old 2003-07-09, 14:14   #5
dswanson
 
dswanson's Avatar
 
Aug 2002

23×52 Posts
Default

Quote:
Originally Posted by Xyzzy
Or is ZA's default behavior "deny all"? Do you have to manually approve everything?
You can tell ZA to remember that an application is an approved one, so you only have to manually approve it one time. From then on it's transparent to both the application and the user that ZA exists. Or at least it's transparent until the next time you upgrade the application, at which time ZA treats the upgrade as a new application. The problem is simply that if you've been using the application for a while, you tend to forget that ZA exists at all.

As long as we're discussing ZA, one other problem I've noted is that it steals a percent or two of the CPU cycles, even when there is no IP traffic. It's annoying, but it's a cost I'm willing to bear to keep unfriendlies out.
dswanson is offline   Reply With Quote
Old 2003-07-10, 04:09   #6
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

27·61 Posts
Default

Quote:
Originally Posted by dswanson
As long as we're discussing ZA, one other problem I've noted is that it steals a percent or two of the CPU cycles, even when there is no IP traffic. It's annoying, but it's a cost I'm willing to bear to keep unfriendlies out.
I dislike software firewalls for many reasons, but I suppose you can't beat the price...

Here is a fun article I wrote about my Pix experience... Note that I am not a security expert, I just play one on television...

http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=469092836&m=4700962645

I do like cool gadgets, though... Especially if they are "old school"...

I actually sold that one, why I do not know, but I missed it so much I bought another recently to replace it... I figure anything I'm willing to buy twice must be a good value!
Xyzzy is offline   Reply With Quote
Old 2003-07-10, 14:06   #7
QuintLeo
 
QuintLeo's Avatar
 
Oct 2002
Lost in the hills of Iowa

44810 Posts
Default

Technically, my firewall is a "software" one - but it's based on LINUX IPTables, and quite a few of the "hardware" firewall devices out there use the SAME underlying firewall software....

8-)
QuintLeo is offline   Reply With Quote
Old 2003-07-10, 16:17   #8
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

780810 Posts
Default

I've run a similar Linux-based firewall before too...

While they work great, you still have the underlying OS to worry about...

Yes, a great amount of work has been put into them to harden them, but that still can't change the fact that the basic *nix kernel is designed to "be open" and to communicate... The Pix software, OTOH, is hardened from top to bottom from the very beginning...

Of course, everything is relative, and obviously a Linux solution is more cost effective, so the actual decision is very complex...

I don't think it is possible to say which is better in a blanket statement... Everyone has different needs and different levels of expectation...

I know if I needed a gigabit-ethernet-capable Pix I wouldn't be able to afford it in a million years... As it is, a 501 is at the very extreme end of my price comfort zone...
Xyzzy is offline   Reply With Quote
Old 2003-07-10, 21:13   #9
markhl
 
Apr 2003
California

10111002 Posts
Default

You also need to contact the server if you upgrade the software firewall, and choose not to keep the old security settings.

I.e. you discard the list of software trusted to access the Internet.
markhl is offline   Reply With Quote
Old 2003-07-11, 01:12   #10
PageFault
 
PageFault's Avatar
 
Aug 2002
Dawn of the Dead

5·47 Posts
Default

That is why a router is preferred ... no OS to compromise, plus no stupidity from software firewalls. I'm in a relatively big city and in 15 minutes I have logged over 1000 hack attempts, with zero success ... surprising I have any bandwidth left judging by the activity lamps on the switch ...

Quote:
Originally Posted by Xyzzy

While they work great, you still have the underlying OS to worry about...
PageFault is offline   Reply With Quote
Old 2003-07-11, 03:19   #11
dswanson
 
dswanson's Avatar
 
Aug 2002

23·52 Posts
Default

Quote:
Originally Posted by PageFault
That is why a router is preferred ... no OS to compromise, plus no stupidity from software firewalls.
Wait a minute. You're saying that if I have a router then I don't NEED a software firewall? That I've been losing cycles to ZA needlessly for 3 years?
dswanson is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant contact seventeenorbust.com Unregistered Information & Answers 2 2012-04-16 23:51
Everything will be down for server upgrade Joe O Sierpinski/Riesel Base 5 2 2010-12-05 15:14
Contact Us Unregistered Information & Answers 1 2010-09-14 23:27
Upgrade to v5 server -- v4 completion not sent OzoneTom Information & Answers 3 2009-08-05 15:14
Kerio Enterprise Firewall 6 BranMuffin Software 2 2004-06-23 02:44

All times are UTC. The time now is 15:59.

Thu Nov 26 15:59:45 UTC 2020 up 77 days, 13:10, 4 users, load averages: 1.21, 1.37, 1.40

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.