I agree.  OK, you got me.  I'll try it on one of the kids' PC's and see
what happens.  Personally, I never play Sony CDs.  My 8-track player works
just fine, thank <ker-chunk> you.

You do make a lot of good points about layering protection.  I was looking
at it from a "what's to protect?" perspective.  Performance could be
affected if you get too much of that stuff.  In the past I would typically
reload Windows once or twice a year for the kids just because they bring
home software from the library and then stop using it.  That tends to keep
things somewhat clean.  I haven't really had to do it so much since XP came
out.

Dave Parnin
--
Nishikawa Standard Company
Topeka, IN  46571
daparnin@xxxxxxxxxxxxxx




                                                                                
                              
                      "Jones, John                                              
                              
                      \(US\)"                  To:       "PC Technical 
Discussion for iSeries Users"          
                      <John.Jones@xxxxx         <pctech@xxxxxxxxxxxx>           
                              
                      l.com>                   cc:                              
                              
                      Sent by:                 Subject:  RE: [PCTECH] Home 
network problem                    
                      pctech-bounces@mi                                         
                              
                      drange.com                                                
                              
                                                                                
                              
                                                                                
                              
                      12/29/2005 04:01                                          
                              
                      PM                                                        
                              
                      Please respond to                                         
                              
                      PC Technical                                              
                              
                      Discussion for                                            
                              
                      iSeries Users                                             
                              
                                                                                
                              




ZA has a free version:
http://www.zonelabs.com/store/content/company/products/znalm/comparison.
jsp?dc=12bms&ctry=US&lang=en&lid=ho_za or http://tinyurl.com/94j59

Personally, while ZA gets high marks I've been using an ancient version
of the Kerio firewall for years.  It's now been bought by Sunbelt
Software, the folks who make Counterspy.  For a limited time they're
offering the Kerio FW for $14.95.  Or you can use the free version:
http://www.sunbelt-software.com/Kerio.cfm


I would say the typical home PC network is where a personal/software
firewall is most needed (along with the other security tools).  It's
that environment that won't have a competent IT professional available
for installation, troubleshooting, and maintenance.  The environments
that pretty much anyone on this list are involved with are atypical.
Atypical in the sense that they are actually managed.

A typical environment will have children downloading music (maybe even
legally), surfers of all ages who click on anything--including popups,
people who forward chain emails, people who never wind up running an AV
scan since the PC is never on when the scan is scheduled to run.
They're behind, maybe way behind, on Windows Update (& Office Update if
applicable).  They may have wireless but probably don't have WPA
configured.  Or everything's at the defaults so just type 'Linksys' and
you're in.  They might even think the remote management facility of
their router is cool so they open the management connection to the
Internet (a huge no-no).  Their browsers allow both JavaScript & ActiveX
and have Flash/Shockwave installed.  They don't use alternative media
players.  They listen to Sony CDs.  These machines desperately need
protection.

--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787  F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx]
On Behalf Of daparnin@xxxxxxxxxxxxxx
Sent: Thursday, December 29, 2005 2:34 PM
To: PC Technical Discussion for iSeries Users
Subject: RE: [PCTECH] Home network problem





I wouldn't say that it's *always* unecessary, just not in a typical home
envirnoment.  If I were using my home PC to do "real work" that mattered
if it were lost then sure, my level of paranoia would escalate and I
would consider a software firewall.  Like I said, my work laptop has it.
I try to restrict internet access for the kids and have a nightly backup
to make sure that we don't loose the family photos and our e-mail in the
event of a hard drive crash.

While I might be upset if covert software such as Sony's rootkit got
installed without my knowledge it's not worth it to me for my home
especially if I have to buy it for 8 computers.  (Remember--the subject
is "Home network problem".)

Dave Parnin
--
Nishikawa Standard Company
Topeka, IN  46571
daparnin@xxxxxxxxxxxxxx






                      "Jones, John

                      \(US\)"                  To:       "PC Technical
Discussion for iSeries Users"
                      <John.Jones@xxxxx         <pctech@xxxxxxxxxxxx>

                      l.com>                   cc:

                      Sent by:                 Subject:  RE: [PCTECH]
Home network problem
                      pctech-bounces@mi

                      drange.com





                      12/29/2005 03:06

                      PM

                      Please respond to

                      PC Technical

                      Discussion for

                      iSeries Users







While I don't agree that a software firewall is unnecessary, I do agree
with Dave's summary.  Don't just de-activate, but uninstall ZA.  Get the
share working.  Then re-install ZA.  If the share breaks, you have an
obvious path to troubleshoot (or seek support from the vendor).

As has been mentioned before, many of the better approaches to security
involve a layered approach.  Layer the software firewall on top of the
hardware firewall.  Layer the AV & AntiSpyware apps ontop of that.

The software firewall specifically provides a layer of support that the
hardware firewall doesn't.  For instance, the hardware firewall would
not stop the privacy invasion caused by the Sony rootkit exploit.

--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787  F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx]
On Behalf Of daparnin@xxxxxxxxxxxxxx
Sent: Thursday, December 29, 2005 1:50 PM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PCTECH] Home network problem





That sounds like an internal security problem.  If you have a virus or
spyware that's harvesting your personal info then deal with that with
anti-virus or anti-spyware software.  Catch it before you get infected.
If you are logging on to a commercial web site and entering things like
credit card numbers then make sure that it's a secure connection.  If
not then don't blame them for sniffing out your data.  If your kid set
up the network/Internet connection for you and you are using it without
knowing you've got a secure environment, again, that was your decision.
Personally, I've got anti-virus and anti-spyware software and I'm
trusting my router to keep hackers out.  It may not be perfect but I
also don't triple-lock my doors, have bars on my windows, or let my kids
secure the Internet for me either.  If it were a business environment I
would be more concerned about security.  At home I'm more concerned with
restricting what web sites my kids can go to.  I can also see the other
PC's on my network.

Regardless of your desired level of security I still advocate taking
Zone Alarm out of the mix until sharing works as expected.  It may not
be part of the problem but you may not know that.  Once you have things
working you can put it back in if that's what you want.


Dave Parnin
--
Nishikawa Standard Company
Topeka, IN  46571
daparnin@xxxxxxxxxxxxxx






                      Dan

                      <dan27649@xxxxxxx        To:       PC Technical
Discussion for iSeries Users
                      om>                       <pctech@xxxxxxxxxxxx>

                      Sent by:                 cc:

                      pctech-bounces@mi        Subject:  Re: [PCTECH]
Home network problem
                      drange.com





                      12/29/2005 01:45

                      PM

                      Please respond to

                      PC Technical

                      Discussion for

                      iSeries Users







On 12/29/05, daparnin@xxxxxxxxxxxxxx <daparnin@xxxxxxxxxxxxxx> wrote:
>
> Why are you running Zone Alarm?  I thought that you said you said that

> it was a desktop PC and that you had a Linksys router.  The router
> should handle the firewall function for you.  I would vote to
> eliminate the things such as Zone Alarm that could be getting in your
> way and make the environment as simple as possible.  Once you have it
> working in a simple environment then you can start making things more
> complex.


I have a similar situation at home, using a consumer-level
router-firewall, and ZA.

Unfortunately for Jeff, my 16-year old got the "network" set up, and we
had some issues, but he figured them out.  I probably should have him
give me a rundown of what he did.  But, I digress.

The basis for deciding to do this was that esteemed members of this list
educated me (let's see how accurately I remember the lesson!) that the
router-firewall only restricts things coming in, and doesn't care if
you're sending all your keystrokes, bank account numbers, social
security numbers to some friendly guy in Russia.  That's where the
ZA-type firewalls come into play.

Did I remember the lesson correctly?

- Dan
--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list To post a message email: PcTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives  at
http://archive.midrange.com/pctech.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list To post a message email: PcTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/pctech.


This email is for the use of the intended recipient(s) only.  If you
have received this email in error, please notify the sender immediately
and then delete it.  If you are not the intended recipient, you must not
keep, use, disclose, copy or distribute this email without the author's
prior permission.  We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message.  We cannot accept
liability for any loss or damage caused by software viruses.  The
information contained in this communication may be confidential and may
be subject to the attorney-client privilege. If you are the intended
recipient and you do not wish to receive similar electronic messages
from us in the future then please respond to the sender to this effect.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list To post a message email: PcTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives  at
http://archive.midrange.com/pctech.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list To post a message email: PcTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/pctech.


This email is for the use of the intended recipient(s) only.  If you have
received this email in error, please notify the sender immediately and then
delete it.  If you are not the intended recipient, you must not keep, use,
disclose, copy or distribute this email without the author's prior
permission.  We have taken precautions to minimize the risk of transmitting
software viruses, but we advise you to carry out your own virus checks on
any attachment to this message.  We cannot accept liability for any loss or
damage caused by software viruses.  The information contained in this
communication may be confidential and may be subject to the attorney-client
privilege. If you are the intended recipient and you do not wish to receive
similar electronic messages from us in the future then please respond to
the sender to this effect.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
 at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.