Jump to content

Best Firewall to use with utorrent


mountainmachine

Recommended Posts

I don't have much experience with firewalls, but from some of my tests I think Comodo is a very good choice. Also I remember that like 2 years ago Kerio and Tiny Personal were very good and convenient, but this was too long ago. And my personal preference is STAY AWAY FROM ZONE ALARM, i don't know how good it is at keeping u safe, but the interface is sooooooo irritaitng.... and as I recall it lacked too many config options.

Link to comment
Share on other sites

If you're behind a NAT (router), you should be more-or-less golden. The well-behaved XP firewall on top of that usually fits the bill just fine. If you do use Kerio, do like Alpha-Toxic said and get the older series. I believe the last version of the classic Kerio/Tiny was 2.1.5 and you can probably find it with Google easily.

Still, a router + SP2 firewall = win.

Link to comment
Share on other sites

Hrm, everyone is so down on ZoneAlarm. Personally, it's my favorite choice; I have never had issues with it being unconfigurable for any given purpose. I'm behind a router, but I'm not going to let that sit as my only line of defense. Here's how I do it, fwiw, ymmv.

1. Check which port uTorrent wants to use.

2. Forward that port on the router.

3. ZoneAlarm -> Firewall -> Expert tab -> Add

4. Fill in the nice dialog. (Mine below)

5. Save, apply, and minimize ZoneAlarm.

6. Use the uTorrent Port Checker at http://www.utorrent.com/testport.php?port=[your uTorrent port here] to make sure everything is kosher.

Rank: 1 (Can be ranked something else to give other firewall rules priority)

Name: uTorrent

State: Enabled

Action: Allow

Track: None (Can be Log/Alert and Log here if you feel like checking up on it)

Source: Internet Zone (Possibly be Gateway here, but I'm on a wireless connection that switches between 2 different APs)

Destination: My Computer (Again, you have options, could be an outward-facing IP or DNS entry)

Time: Any (If you've got uTorrent on the scheduler, you could modify this)

Protocol: Add a new protocol here, like so

Protocol: UDP

Description: uTorrent

Destination Port: Other - [your uTorrent port here]

Source Port: Other - [your uTorrent port here]

Link to comment
Share on other sites

for example personal data, work related data + I don't won't my computer to be hijacked and

used in various illegal matters.

But even if I didn't have anything important on my computer,

I highly believe in privacy and also a hacker could mess up my system and

I like to avoid reinstallation of windows etc.

Link to comment
Share on other sites

weilawei, except that ZA has a backdoor and does a "calling home" with sensitive information.

Okay, I don't remember this existing. I'm running ZoneAlarm Security Suite 6.1.x. Here's what I found.

Starting here -> http://www.iss.net/search.php?config=corporate&pattern=ZoneAlarm&x=0&y=0

18 reports. Time to dig.

zonealarm-ipc-dos (19309): Zone Labs: ZoneAlarm Security Suite prior to 5.5.062.011

Not an issue, anymore.

zonealarm-adblock-dos (18159): Zone Labs: ZoneAlarm Security Suite 5.x

Not an issue, anymore.

zonealarm-showhtmldialog-obtain-information (22971): Zone Labs: ZoneAlarm Internet Security Suite 6.0.x

Okay, this looks somewhat serious, since they didn't mention a remedy. Does it affect 6.1.x as well?

http://www.derkeiler.com/Mailing-Lists/Securiteam/2005-12/msg00003.html gives a bit more information. It seems we have to run a malicious program on the local system. This is a tossup. Do you like to run random code from strangers? Mmm, candy.

zonealarm-synflood-dos (10379): Zone Labs: ZoneAlarm Pro 3.1

Not an issue, anymore.

zonealarm-insecure-file-permission (17099): Zone Labs: ZoneAlarm Pro 5.x

Not an issue, anymore.

zonealarm-udp-dos (13072): Zone Labs: ZoneAlarm Pro Any version

Well, this certainly looks troubling.

http://www.securityfocus.com/bid/8525 lists Zone Labs ZoneAlarm Pro 4.5, Zone Labs ZoneAlarm Pro 4.0, Zone Labs ZoneAlarm 3.7 .202. I'm not sure yet if the UDP flood still works in 6.1.x builds. Any more information here?

18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite

build 6.1.744.000: This is a bit of a side-track into Bugtraq archives.

http://www.securityfocus.com/archive/1/427122 details this one.

Exploitation Requirements:

First of all, you will need to have a directory that is writeable to a

lower level user, that is included in the Windows PATH environment

variable. As you saw above, I had ActiveState's ActivePerl installed

and it worked just fine.

Secondly, verify that the path you have chosen is definitely writeable

to a lower level user. On Windows 2000 operating systems the default

permissions for the root of the partition where the operating system

is installed is set as Everyone/Full Control. So, by default,

C:\Perl\bin is set to Everyone/Full Control. On Windows 2000 operating

systems a guest account can be used during the exploitation process.

On Windows XP, the C:\Perl\bin folder has special permissions set (by

default) for the local Users group that allows the creation and

modification of new files and folders. Perfect, that is all that is

needed. On Windows XP, an account in the local Users group can be used

during the exploitation process.

This feels a bit like leaving the door open and letting a stranger run their own code. Granted, it is a privilege escalation, but it's not a remote vuln. (Unless... something else is vulnerable on the system that gives local account access.) Your call, I never leave Guest open.

zonealarm-email-bypass-security (15884): Zone Labs: ZoneAlarm Any version

Again, this doesn't look good. Unfortunately, I don't see anything since 2004. Considering that this is a potential remote exploit (if you use ZA mail filtering) it might be worth a test run to see if it still exists.

Although... you shouldn't run random executable code attached to your email from strangers.

zonealarm-mailsafe-dot-bypass (8744) Zone Labs: ZoneAlarm 3.0

Not an issue, anymore.

zonelabs-multiple-products-bo (14991): Zone Labs: ZoneAlarm prior to 4.5.538.001

Not an issue, anymore.

device-driver-gain-privileges (12824): Zone Labs: ZoneAlarm 3.1

Not an issue, anymore.

ca-vet-antivirus-bo (20686): Zone Labs: ZoneAlarm Security Suite Any version

Here's a good one.

Affects any operating system or program using the Vet Antivirus Library. Remote heap overflow exploit. However, this seems out of date.

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 says Vet engine 11.9.1 and later are not affected. Install the latest virus defintions if an earier Vet is in use. ZA 6.1.x seems secure here. Not an issue, anymore?

Annnnd.. the rest were attempts to kill ZA once you have a worm safely harbored in your computer. Now to look at ZA "phone home" settings.

Check for product updates can be set to manual.

Whenever I request info from Zone Labs: Alert me with a pop-up before I make contact can be turned on.

Hide my IP address when applicable can be turned on.

Share my security settings anonymously with Zone Labs can be turned off.

If you contact ZA for program advice, that's your own contact initiation, not a phone home.

Spyware or not?

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

http://www.vtc.net/~cdgoldin/caveat/zap0719.htm declares ZA to be spyware. Also, provides ways to disable the purported activity.

http://www.hansenonline.net/Networking/zaspy.html couldn't find any data being sent back. What to think?

I'll avoid the SP2 firewall with reports like this from http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0257.html

Granted, any software firewall will have its issues. No software is perfect. (Neither is hardware for that matter.)

As soon as you install SP2 on a Windows XP PC with a certain configuration,

your file and printer sharing data are visible worldwide, despite an

activated Firewall. This also applies to all other services. The PC only

has to provide sharing for an internal local network and connect to the

Internet via dial-up or ISDN. Users of DSL services are also affected, if a

firewall is not integrated into the DSL modem or a common modem instead of

a DSL router is used. Additionally, Internet Connection Sharing of the PC

has to be disabled.

A number of test scans run by PC-Welt revealed that this in fact is a

common configuration and not a rare sight. Without great effort, we were

able to discover private documents on easily accessible computers on the

Internet. It must be assumed, that these users wrongly believe they are

safe and that their sharing configurations are only visible in their

network at home: Often, we did not even encounter password protection.

Okay, that's my mini-research summary on the topic. I'm going to stick with ZA for now since *my* system doesn't seem to be phoning home or allowing my system to become swarmed with nasties.

Link to comment
Share on other sites

weilawei, well there are better options like Outpost, Look'n'Stop and Jetico Firewall.

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

I think declaring it as a bug is a cheap and bad excuse, a bug does simply not encrypt data and send it to several ZA servers. If ZA once does this kind of immoral thing they can do it again and why I say it's immoral, well a firewall is meant to protect you from such things like this.

Link to comment
Share on other sites

boo, correct me if i'm wrong, but we are talking here about a "firewall" for THE phone home closed source software on the market.

So why does anybody would even complain when another piece of software for that OS do also phones home?

I mean, come on, If you are really concerned about your security you would not use an closed source OS like windows in the first place and even not additional closed source software from 3rd party vendors that promise you "security" because they tell you that windows is not secure in the factory shipping version!

@weilawei

regarding the firewall bug with the open shares the german PC-welt wrote about back in the days; That was patched by MS if I remember correctly

Link to comment
Share on other sites

Morals. Iffy subject. I was more looking to see if there was any truth to the idea that the current code phoned home. I'm a tad more concerned about what a piece of code does than the moral reasoning behind it.

However, I had forgotten about Look 'n' Stop. Haven't used it in years, but from what I remember, it was an excellent choice as well. But.. for a quick rundown, http://www.firewallleaktester.com/tests.php has a great list of firewall tests and rankings.

Now, back to fiddling with the WebUI. :rolleyes: There's a world to be taken over, you know!

Link to comment
Share on other sites

@boo: IMHO the "phone home" thing was blown out of proportion, and that isn't really the issue at hand. ZoneAlarm is just really buggy for a lot of people.

@weilawei: As I said to boo, ZoneAlarm has been buggy for a lot of people. I myself have never had any real "beef" with ZoneAlarm, and even wrote a guide for opening the port for ZA a while ago. I decided to switch from it myself simply because I got annoyed with it. It works fine for some, but in many cases, we've had to tell people to uninstall ZoneAlarm to fix some issue it was having with µTorrent. As you said, YMMV.

Edit: Oh, and regarding the phone home thing... here. But yeah, it's old news.

Link to comment
Share on other sites

boo, correct me if i'm wrong, but we are talking here about a "firewall" for THE phone home closed source software on the market.

So why does anybody would even complain when another piece of software for that OS do also phones home?

I mean, come on, If you are really concerned about your security you would not use an closed source OS like windows in the first place and even not additional closed source software from 3rd party vendors that promise you "security" because they tell you that windows is not secure in the factory shipping version!

Well some people have no choice but to use windows like me for example,

but when it comes to security programs you do have a choices to choose between and

thats the major difference to what your talking about.

And to windows there is no reliable open source firewall as far as I know,

so those who use windows have to use closed source firewall

Anyway, we are going a bit offtopic, as I mentioned I personally recommend Outpost,

Look'n'Stop and Jetico Firewall.

Also, I have heard that Securwall from Securstar will be a good firewall when it get released.

Link to comment
Share on other sites

Just to add to the comments about ZA and why I stopped using it. It doesn't keep up with p2p traffic and blocks a lot of legit peers. It doesn't stop running, even when you set it to disable; you have to uninstall it. This I don't know of first hand but it from a knowledgeable person, ZA modifies the TCP/IP stack without telling you. And when you uninstall it ZA will leave tons of hidden files.

Personally I use McAfee. It hasn't failed me yet. For a free Firewall I suggest Windows or Kerio since Norton bought & kill Sygate.

Link to comment
Share on other sites

I have an old 4-port Linksys wired router. After updating its firmware, I was able to block LAN ips *AND* ports from being visible from the internet OR connecting outward to the internet.

In particular, I have these ports blocked:

23-24

48

129-139

445

17300

These ports are either unsecured ports that I need for LAN traffic or ports that correspond to portions of Microsoft Windows that I do not feel can be safely given internet access due to its "phone-home" features.

Almost all my unused LAN ips are blocked as well to prevent ghosting issues that can occur with file-sharing to ips reported second-hand. An example is if your LAN is on 10.0.0.x and the ip 10.0.0.223 arrives via DHT or Peer Exchange (they probably filter LAN ips so this is just a hypothetical example)...your computer will try to connect to 10.0.0.223 on your network even though it doesn't exist.

Link to comment
Share on other sites

  • 2 months later...

Zone Alarm - absolute NO! NO! a bloated resource hog that's all to it; Someone mentioned KPF 2.x <-- NO!NO! as well, has unpached security hole, if you want to use KPF use 4.2.x, or latest version before Sunbelt took over; Comodo has had some issues (what issues - don't remember google it);

I don't agree that NAT and router is enough, what about Outbound traffic ??? What happens when on a bad day you get some malware that want to phone home, there's nothing to stop it if you don't have fw :)

Anyways kpf is my choice, small, resource easy, configureable and reminds me a bit Firestarter - gui for IpTables for Linux.

Link to comment
Share on other sites

Isd asked:

"what about Outbound traffic ??? What happens when on a bad day you get some malware that want to phone home, there's nothing to stop it if you don't have fw :)"

let me ask back: what if some "bad day" malware is programmed in a way that circumvents the PFW software that runs on the same physical system that the malware is running on?!

If you truely believe that a PFW on the same system can protect you from the scenario you mentioned then you don't know what you are talking about and you got fooled by snakeoil promisses from the personalfirewall software vendors that make you believing that their product can stop it reliable!

Edit

Spelling + clarification

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...