Jump to content

What Firewall do you use in Win9x?

gkar

By gkar
in Malware Prevention and Security

 Share

Recommended Posts

herbalist

herbalist

Posted
Posted

A software firewalls primary duty is controlling traffic, not keeping malware off of your system. If a software firewall is detecting unexpected outbound traffic, then the rest of the security package or the user has failed to protect the system. Hardware firewalls which includes routers, and software firewalls fill different roles. Hardware firewalls can only control traffic on a global level. A software firewall can control traffic for individual applications. Some call that being a control freak. I call internet access control a necessary part of my security policy.

Rick

Link to comment
Share on other sites

gkar

gkar

Posted
  • Author
Posted
A software firewalls primary duty is controlling traffic, not keeping malware off of your system. If a software firewall is detecting unexpected outbound traffic, then the rest of the security package or the user has failed to protect the system. Hardware firewalls which includes routers, and software firewalls fill different roles. Hardware firewalls can only control traffic on a global level. A software firewall can control traffic for individual applications. Some call that being a control freak. I call internet access control a necessary part of my security policy.

Rick

Agreed.....

Link to comment
Share on other sites
Dude111

Dude111

Posted
Posted
ZoneAlarm v4.5.594.000 .... the download link at ZoneAlarm still works ... wouldn't be a bad idea to download a copy and put it away somewhere to have for the future, if you decide one day to check it out. I can't say if it would work "very well" on a newer OS but for Windows 98SE, it's great. It is strictly a firewall ... nothing else ... no anti-virus or other junk included, as I said before, ... before all the bloat was added.
That link doesnt load @ the moment..

Here is a link right to this version > http://oldversion.com/download.php?idlong=...e9744ee5f2a2221

Is this the LAST GOOD VERSION of Zonealarm??

It might run well on a newer OS in "Compatibility mode"..

Link to comment
Share on other sites
Monroe

Monroe

Posted
Posted (edited)

Dude111

.... yes, you are right about that link "not" working anymore. It did work when I posted the earlier message. It has worked for well over a year. Maybe it is only temporary or maybe ZoneAlarm shut it down because of increased traffic for that "older" version. Who knows ...

... I have never tried that version on a "newer" OS ... it may work perfect on a newer OS, I am strictly a "modern day" Windows 98SE person ... meaning I keep up with all MDGx updates and other programs that people mention that sound interesting for 98SE.

.... I remember back when ZoneAlarm started to make some drastic changes in their program .... after the v4.5.594.000 ... people were complaining about all kinds of problems ... it was slow, it didn't work, it was bloated ... they went through one version very fast and started a newer version number very fast to answer some of the complaints. I had read some time back (Google) when I was doing some firewall research that many people liked this older version of ZoneAlarm since it was sort of the last version of a "pure" ZoneAlarm firewall before they started to fool around with it. Also, if I remember ZoneAlarm was bought out somewhere after that version came out and we know what can happen when a company, who has a nice program, changes hands .... things usually go downhill with add-ons and bloat.

As for the newer versions of ZoneAlarm, maybe they are perfect for XP and Vista ... hopefully I will never know ... as long as we have MDGx, herbalist, Charlotte, and so many others, including you ... working to keep Win 98SE humming along in the new century. ... it's not perfect, never was completely perfect ... but considering the alternative ... well, !

..... thanks for posting the new link to v4.5.594.000 ... maybe the old one will work again or it might be gone for good ... ZA could be working on their site over the holiday or perhaps they were "alarmed" at all the interest in an older version of ZoneAlarm ....

Who can say ...

*** I was checking the number of "reads" on this firewall topic ... over 400 ... if 50% of those people decided to download that version, either to try it or just put a copy away .... the page might be gone for good.

Edited by duffy98
Link to comment
Share on other sites
98Guy

98Guy

Posted
Posted

> A software firewalls primary duty is controlling traffic, not keeping

> malware off of your system.

I said exactly that in my previous post, except that I made a distinction between in-bound and out-bound fire-walling.

In-bound fire-walling _will_ keep malware off your system (network worms) but the degree to which your system is vulnerable to them will depend mainly on what OS you're running.

> If a software firewall is detecting unexpected outbound traffic,

> then the rest of the security package or the user has failed

> to protect the system.

I said exactly that.

> Hardware firewalls which includes routers, and software firewalls

> fill different roles. Hardware firewalls can only control traffic on a

> global level. A software firewall can control traffic for individual

> applications.

A software firewall's in-bound filtering is exactly comparable to a hardware device's in-bound filtering in terms of scope and function.

If you have a NAT router, then half the capability or functionality of a software firewall (in-bound fire-walling) has been rendered irrelavent and useless and nothing more than a drain on system resources.

> Some call that being a control freak. I call internet access control

> a necessary part of my security policy.

You just admitted that a software firewall is not part of a system's security infrastructure, because it doesn't directly detect the presence of malware or keep it off a system. So it's not really part of a system's security infrastructure.

How many times has it alerted you (or anyone else reading this) to suspicious activity that you later discovered was malware related (viral, trojan, etc) ??

You also disregard the fact that software firewalls (like AV software) are usually deactivated by active malware that has just infected a system.

You might consider the automatic contact that certain trusted software makes with the outside world to be a security issue (MS WGA or other checks, Adobe, Quicktime, Java update checks, etc) but it's nothing more than micro-management of the system and has nothing at all to do with security.

This thread started with the question "What firewall do you use in Win9x". A better question would have been "why do you use a firewall with Win9x". I bet many people think that firewall software is as much a normal or necessary part of a (win-98) system as AV software is, which is naturally not correct by a long shot.

Link to comment
Share on other sites
herbalist

herbalist

Posted
Posted (edited)

OldVersion has links to quite a few versions of ZA, all the way back to 2.0. http://oldversion.com/program.php?n=zalarm

You just admitted that a software firewall is not part of a system's security infrastructure, because it doesn't directly detect the presence of malware or keep it off a system. So it's not really part of a system's security infrastructure.

How do you get that out of what I posted? There's more to security than keeping malware from gaining access to your system via an internet connection or detecting its presence on your system. It also includes keeping your data and personal info from being sent out of your system. It includes preventing unwanted changes from being made to your system. It's keeping nosy users out of your data. It's preventing software vendors, websites, etc from monitoring your habits and usage. It's preventing adware and spyware (that an AV doesn't detect) from connecting out and either burying you with popups or downloading more adware. I consider security and privacy to be one and the same. If your PC isn't secure, nothing you do with it or keep on it is private.

How many times has it alerted you (or anyone else reading this) to suspicious activity that you later discovered was malware related (viral, trojan, etc) ??

Yes, I have seen a software firewall alert to the presence of a trojan that the resident AV missed, twice as a matter of fact. On both occasions it was a PC I was servicing for someone else. Both had up to date AVs. When I installed a firewall on them, it immediately alerted to the suspicious traffic.

You also disregard the fact that software firewalls (like AV software) are usually deactivated by active malware that has just infected a system.

Yes, some malware does that. Most of that malware doesn't target 9X. That problem can be somewhat addressed by a system policy that limits what can run, but an application firewall or HIPS gives very good protection against the termination of an AV or firewall on several layers. There's even a system scheduler that has a "watcher" function that can be used to restart an AV or firewall if they're terminated.

You might consider the automatic contact that certain trusted software makes with the outside world to be a security issue (MS WGA or other checks, Adobe, Quicktime, Java update checks, etc) but it's nothing more than micro-management of the system and has nothing at all to do with security.

When "legitimate" software updates or alters your system without asking your approval, it is very much a security issue. It's becoming common for the updates of legitimate software to break functions on 9X systems. Example, Flash Player updates after 9.0.47 makes sites like this one unusable with 9X systems. I don't believe that this is accidental or that it's the result of fixing something for its use on newer systems. I think it's deliberate and is intended to make 9X systems less functional so that users will update. IMO, that makes it a security issue.

Malicious code can also exploit legitimate processes and applications, and not just Internet Explorer. On 9X systems, rundll32.exe is exploited for such purposes, much as svchost.exe is exploited on XP. Hardware firewalls are no help here but a software firewall can be. For me, this comes down to a much more basic issue, namely: who decides what is allowed and what isn't. A software vendor can claim that they own the software but I own the PC it's installed on. I will decide what it does, how it's used, when and if I update, what activities are permitted on it, etc, and I will enforce that on software vendors and users alike. To me, this isn't micromanagement. It's maintaining control over what I own.

A software firewall's in-bound filtering is exactly comparable to a hardware device's in-bound filtering in terms of scope and function. If you have a NAT router, then half the capability or functionality of a software firewall (in-bound fire-walling) has been rendered irrelavent and useless and nothing more than a drain on system resources.

Not true. While both can be configured to permit inbound traffic on a specific port, using a specific protocol, and coming from a specific IP address or range, only the software firewall can allow it for a specific application and not the rest of the applications and system components on the PC.

A firewall like Kerio 2.1.5 is extremely light and has little if any effect on system resources. On my 98 box, Kerio uses 1.7MB, slightly over 1% of my physical memory. I've installed in on Win98 PCs with 32MB of RAM and had no problems. When well configured, a software firewall can actually speed up your browser slightly by preventing other processes from wasting the bandwidth. A DSL user won't notice it, but a dialup user can feel the difference.

9X users are faced with many vendors dropping support. There aren't many AVs left to choose from. It's also a fact that AVs don't catch everything, especially adware. IMO, the loss of AV support makes a software firewall more important. When combined with an application firewall, the user has a very effective security package. A software firewall may not be the solution to all security problems, but they're by no means useless. Given a choice between an AV and a software firewall, I'll choose the firewall.

Rick

Edited by herbalist
Link to comment
Share on other sites
98Guy

98Guy

Posted
Posted
The moment the thread gets moved out of the 98 section of the forum, the "get with the times" posts start.

Why was it moved?

Who moved it?

This was specifically a win-98 discussion about firewall software. Moving it to a non-win-98-centric forum has the effect of watering it down and introducing tangents.

> > A software firewall's in-bound filtering is exactly comparable to a

> > hardware device's in-bound filtering in terms of scope and function.

> > If you have a NAT router, then half the capability or functionality

> > of a software firewall (in-bound fire-walling) has been rendered

> > irrelavent and useless and nothing more than a drain on system

> > resources.

> Not true. While both can be configured to permit inbound traffic

> on a specific port, using a specific protocol, and coming from a

> specific IP address or range, only the software firewall can allow

> it for a specific application and not the rest of the applications

> and system components on the PC.

Give me an example of opening up a *specific port* on a router for inbound connections, aimed directly at a specific machine on the local lan, where that open port will pose a risk to that specific machine because a specific app on that machine can't be isolated as the only app that should receive connections on that port.

In other words, if I am running an app that expects unsolicited inbound connections on a certain port, and if I enable that port on my router to pass those unsolicited connections through to the machine in question, then what are the odds that some future piece of malware will be running on the machine and also be expecting unsolicited inbound connections *on the same port* ? That is the *only* situation where a NAT router is different than a software firewall.

The overwhelming majority of people with nat-routers never configure them to allow unsolicited inbound connections anyways because they never have any reason to do so.

I still say that the inbound firewalling that a NAT-router does is exactly equivalent to what a software firewall does, and that if you already have a NAT-router then half of the functionality of a software firewall will never be used, but that half will still be present and will be degrading system performance. And I still say that the other half of what a software firewall does (out-bound filtering) is one of the most useless things that can be running (on a win-98 system) in the name of system security.

Link to comment
Share on other sites
Monroe

Monroe

Posted
Posted (edited)

I am wondering why this discussion was moved out of the Windows 98SE forum ... If it had never started there I probably would have never seen it at all. It was mostly dealing with the Windows 98SE OS .... a good chance other 98SE people would or will miss it completely in the future ... myself, I pretty much stay with the 9x and 98SE postings. I feel it was the wrong decision for this discussion to be moved. ... no one (98SE people) was complaining about it being in the wrong area.

* thanks Dude111 for the info on the ZA link working again .... maybe they were doing some maintenance over the holiday.

Edited by duffy98
Link to comment
Share on other sites
herbalist

herbalist

Posted
Posted

There is no way to even guess what the odds would be. It's estimated that between 66% and 91% of all PCs are infected with something. There are thousands of trojans. Many will use whatever port the sender chooses. Here's a list of some of them.

Quite a few apps need to listen on certain ports. These include:

P2P apps, can use any port the user chooses.

Some games. I not a gamer so don't ask which ones.

Some IM programs. When I last used Yahoo, it listened on port 5051.

Call Wave internet answering machine.

VOIP software

Remote access software.

The overwhelming majority of people with nat-routers never configure them to allow unsolicited inbound connections anyways because they never have any reason to do so.

If that router is also connected to an XP unit, UPnP will do most of that for them. The average user is not aware of any of it.

It's clear that we're not going to agree on this. You have no use for outbound control while I consider it necessary. If that makes me a control freak, fine.

Rick

Link to comment
Share on other sites
  • 2 weeks later...
SeeAScot

SeeAScot

Posted
Posted

I use Zone Alarm. IIRC the last version which works with Windows 98 is 6.1.744.001. (I use the most recent on my XP installations.)

I use 98Lite to remove IE and WMP, and I ran 98SE up until around the middle of 2006 with no firewall or anti-virus software. Around that time I got some spyware, and I added ZoneAlarm. Still don't use any anti-virus software, althought I check the system occasionally , probably once a month or so, with Spybot S&D.

I don't know if Zonealarms stealth feature helps prevent viruses, but I am quite sure that the amount of spam decreased over several months after I added ZoneAlarm. My sisters computer, which is an almost identical system, but has a different e-mail adddress on the same mail system, was the control, as we did not put ZoneAlarm on her machine until I had used it for a couple months. My theory is that with stealth, any attempt to check to see if a port is open is negative, just as if no computer was connected.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...