About McAfee firewall (IE 6.0)

Topic

New Reply

Would you recommend installing the firewall component from McAfee 7.0 virus checker on a one-user XP system? And if so, do you have a general policy for how to set it up.
I am asking because I tried it once with unhappy results.
It was my understanding that a firewall would “protect” against “enemy” attempts to invade my computer. Instead it seemed to interfere with sites I want to access. And it spent a lot of time warning me about programs on my computer that wanted to “call” out.
Are my doubts misplaced?
Thanx, Al

Reply | Quote

Replies

First of all, I will NOT install any thing with the name McAfee on it.

You will find that the version of ZoneAlarm from http://www.zonelabs.com[/url%5D is all you will need.

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

I’ve always used Norton products for antivirus and a software firewall and been pretty happy with them. It seems that Norton has much less problems resource wise (and maybe any antivirus program) on an NT kernel based OS compared with Windows 9x. I tried ZA for a good while prior, but wanted to know how McAfee compares head to head with Symantec for home or small business, since in bricks and mortar stores those are the two that have the most prominent displays by far.

I value your perspective and experience on this. Could you say why you favor Symantec products so strongly over McAfee?

SMBP

Reply | Quote

SMBP,
I have been using Norton;s since the early DOS days, when I could carry the whole thing on a 3 1/5 floppy. It has treated me and my computers good.

I have had to repair other’s machines that were running that McAfee stuff. A lot of the problems would go away as soon as McAfee was removed.

The worst machine I have had to repair was a “Compaq, running McAfee and AOL”. in my opinion these are the worlds biggest pile of

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

SMBP,
I have been using Norton;s since the early DOS days, when I could carry the whole thing on a 3 1/5 floppy. It has treated me and my computers good.

I have had to repair other’s machines that were running that McAfee stuff. A lot of the problems would go away as soon as McAfee was removed.

The worst machine I have had to repair was a “Compaq, running McAfee and AOL”. in my opinion these are the worlds biggest pile of

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

I’ve always used Norton products for antivirus and a software firewall and been pretty happy with them. It seems that Norton has much less problems resource wise (and maybe any antivirus program) on an NT kernel based OS compared with Windows 9x. I tried ZA for a good while prior, but wanted to know how McAfee compares head to head with Symantec for home or small business, since in bricks and mortar stores those are the two that have the most prominent displays by far.

I value your perspective and experience on this. Could you say why you favor Symantec products so strongly over McAfee?

SMBP

Reply | Quote

First of all, I will NOT install any thing with the name McAfee on it.

You will find that the version of ZoneAlarm from http://www.zonelabs.com[/url%5D is all you will need.

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Software firewalls are designed to provide “two-way” protection: prevent undesired incoming and outgoing connections. This may help you identify spyware and trojans that, unbeknownst to you, are spilling data out to somewhere else.

Depending on the features of a given product, you usually can identify applications to which you are giving carte blanche to send to the Internet, and then just deal with prompts for a few unexpected ones. Whether McAfee’s implementation is any good, I have no idea.

Reply | Quote

Thanks everybody,
While I will give Zone Alarm a try, I guess my question still is: Since these programs don’t really tell you how to use them, do they actually do the typical dummy (like me) any good?
Thanx, Al

Reply | Quote

Are firewalls any good?
Zone Alarm and Norton’s firewall both offer better protection than Window XP’s built in firewall. You may go for a long time without an attack but if your firewall blocks just one attack it is worthwhile.

Reply | Quote

Are firewalls any good?
Zone Alarm and Norton’s firewall both offer better protection than Window XP’s built in firewall. You may go for a long time without an attack but if your firewall blocks just one attack it is worthwhile.

Reply | Quote

I agree whole heartedly with DaveA’s opinion of McAfee.

Using Zone Alarm with the default settings is usually fine and dandy. The only thing you might want to check is the tab Alert logs And check “turn off alert events shown” which can get annoying.
Just get rid of McAfee ASAP.

Bob

Reply | Quote

I agree whole heartedly with DaveA’s opinion of McAfee.

Using Zone Alarm with the default settings is usually fine and dandy. The only thing you might want to check is the tab Alert logs And check “turn off alert events shown” which can get annoying.
Just get rid of McAfee ASAP.

Bob

Reply | Quote

Al–

You can get plenty of information on how any software firewall works on the web. The manufacturer’s site will have information, and if you want to go deeper, there will be a tech support section and forums on the site. You could also use something like google groups or yahoo groups or any search engine and get endless information on a particular question. They “do you plenty good.”

They manage traffic in and out of your system. Two essentials you do not want to run your computer(s) without any more than you’d run your car on tires that will blow any second are updated viral definitions and a decent software firewall. The native firewall in Windows XP has received much criticism because it does not address traffic going out, and Microsoft has vowed not to repeat that mistake next time they get a chance to offer you one. This is why most people on the Lounge would advise you to get some other kind of sofware firewall and if you’re using ZA–ZA has gotten some high marks from a lot of people.

SMBP

Reply | Quote

Yes, “You can get plenty of information” or rather, “You can get plenty of Words” but not a lot of sense.
Example: item#1 on McAfee’s list of functions is “Control internet programs” which turns out to mean programs on my computer that want to access the internet. But why would I (a single computer user) want to monitor my “outgoing traffic.” McAfee does not address this question. So here’s what I would guess:
*If an “enemy” has successfully invaded my machine, it will want to communicate outwards, to propagate itself onto other machines or to bring in more bad guys.*
Well, I guess it would be altruistic on my part to block the propagation of evil, but certainly, my reason for installing a firewall is to block incoming in the first place, not outgoing.
Furthermore, it appears to me that any industry that sustains itself by making an updated list of all the viruses ever created, could also make a list of the comparatively few programs that have a legitimate reason to communicate “out”. They could then block (and kill?) non-legit communicators instead of asking me if it’s ok. Ok, being more careful, they could ask me if I have any reason to pardon these transgressors instead of killing them.

The McAfee display also makes a big thing out of the “Warnings” it has logged.
Here’s the detail on one of these:
McAfee Firewall blocked an outgoing TCP packet.
The remote address associated with the traffic was 207.44.158.6.
The remote port was 80 [HTTP].
The local port on your PC was 1295 [ephemeral].
The network adapter for the traffic was “Kingston EtheRx PCI Fast Ethernet Adapter (DS21143)”.
The binary data contained in the packet was “00 60 0f e9 1e fa 00 c0 f0 4d 62 20 08 00 45 00 00 28 e3 08 00 00 80 06 28 8c c0 a8 01 60 cf 2c 9e 06 05 0f 00 50 00 2e 03 76 00 2e 03 76 50 04 00 00 73 fe 00 00 “.

How is this protecting me from having my tires blow out?
Since McAfee hasn’t warned me of any bad guys living on my computer, why is he interfering when my good guys want to communicate out?
Giving the benefit of the doubt, I suppose it might be useful to a network administrator.

Finally, I am not a wise-ass. I have tried to ask a precise question here, (maybe a little aggressively) because I would love to know the answer. Come on in.
Thanx, Al

Reply | Quote

Without going too far into the plumbing: “The remote address associated with the traffic was 207.44.158.6.”. If you either type this into your browser or run a Search at, say, http://www.arin.net/whois/%5B/url%5D, you will be able to find out where the outgoing journey was directed. If it turns out to have been bona fide, then you can adjust your firewall policy accordingly.

Part of the power of a Trojan is that it will take over a “legit communicator” and take it wherever the Trojan wants to go.

For the record, the firewall I use is not a McAfee firewall.

HTH

Reply | Quote

Without going too far into the plumbing: “The remote address associated with the traffic was 207.44.158.6.”. If you either type this into your browser or run a Search at, say, http://www.arin.net/whois/%5B/url%5D, you will be able to find out where the outgoing journey was directed. If it turns out to have been bona fide, then you can adjust your firewall policy accordingly.

Part of the power of a Trojan is that it will take over a “legit communicator” and take it wherever the Trojan wants to go.

For the record, the firewall I use is not a McAfee firewall.

HTH

Reply | Quote

—————————————————–
Finally, I am not a wise-ass. I have tried to ask a precise question here, (maybe a little aggressively) because I would love to know the answer. Come on in.
—————————————————-

Who & in what post did someone call you that? I thought you got a few good answers to your question! ??

Bob

Reply | Quote

—————————————————–
Finally, I am not a wise-ass. I have tried to ask a precise question here, (maybe a little aggressively) because I would love to know the answer. Come on in.
—————————————————-

Who & in what post did someone call you that? I thought you got a few good answers to your question! ??

Bob

Reply | Quote

> Well, I guess it would be altruistic on my part to block the propagation of evil, but certainly, my reason for
> installing a firewall is to block incoming in the first place, not outgoing.

Even if you don’t care about the propagation of evil, you might care about the propagation of your passwords and financial data to identity thieves. This threat is very real, and if you choose to forego one layer of defense against it because it’s a hassle, that is your choice.

The packet you illustrated is definitely not very helpful. Other than the destination address and port (http://207.44.158.6:80/%5B/url%5D), you’re in the dark because the application doesn’t appear to be sensitive to the application sending the packet. If you can only regulate by port, this kind of filtering isn’t very useful because you basically have to open port 80 (outbound) to preserve your sanity, and most applications can redirect their traffic over commonly used ports.

Oh well, maybe in the next version…

Reply | Quote

J, Thanks for your sensible answer. I certainly wouldn’t want my passwords broadcast.
Question: I’ve read about programs that try millions of passwords quickly, and about programs that look over your shoulder when you type in a password. But can hackers actually decode your password files, and if so, where do I get one I can use when I forget my password. Or, for that matter, where is the file that holds the passwords I told the computer to remember?
Thanks, Al

Reply | Quote

Al

With regard to “the file that holds the passwords I told the computer to remember?” I suggest you look through this thread. It may not apply in your circumstance but it would be worth checking.

This thread deals with infections via web browsers.

As a result of the Webber trojan I was unsure if the credit card number and security code which I use for internet purchases had been compromised/sent out to the hacker, so I cancelled it and got the issuer to send me a new one. I couldn’t take the risk…!
At the time i had the XP ICF firewall switched on (as others have said this only protects incoming data) and my antivirus software was, as it always is, up-to-date by a usually twice-weekly download of new pattern files.

Another computing lesson learned…

Reply | Quote

Al

With regard to “the file that holds the passwords I told the computer to remember?” I suggest you look through this thread. It may not apply in your circumstance but it would be worth checking.

This thread deals with infections via web browsers.

As a result of the Webber trojan I was unsure if the credit card number and security code which I use for internet purchases had been compromised/sent out to the hacker, so I cancelled it and got the issuer to send me a new one. I couldn’t take the risk…!
At the time i had the XP ICF firewall switched on (as others have said this only protects incoming data) and my antivirus software was, as it always is, up-to-date by a usually twice-weekly download of new pattern files.

Another computing lesson learned…

Reply | Quote

J, Thanks for your sensible answer. I certainly wouldn’t want my passwords broadcast.
Question: I’ve read about programs that try millions of passwords quickly, and about programs that look over your shoulder when you type in a password. But can hackers actually decode your password files, and if so, where do I get one I can use when I forget my password. Or, for that matter, where is the file that holds the passwords I told the computer to remember?
Thanks, Al

Reply | Quote

> Well, I guess it would be altruistic on my part to block the propagation of evil, but certainly, my reason for
> installing a firewall is to block incoming in the first place, not outgoing.

Even if you don’t care about the propagation of evil, you might care about the propagation of your passwords and financial data to identity thieves. This threat is very real, and if you choose to forego one layer of defense against it because it’s a hassle, that is your choice.

The packet you illustrated is definitely not very helpful. Other than the destination address and port (http://207.44.158.6:80/%5B/url%5D), you’re in the dark because the application doesn’t appear to be sensitive to the application sending the packet. If you can only regulate by port, this kind of filtering isn’t very useful because you basically have to open port 80 (outbound) to preserve your sanity, and most applications can redirect their traffic over commonly used ports.

Oh well, maybe in the next version…

Reply | Quote

Yes, “You can get plenty of information” or rather, “You can get plenty of Words” but not a lot of sense.
Example: item#1 on McAfee’s list of functions is “Control internet programs” which turns out to mean programs on my computer that want to access the internet. But why would I (a single computer user) want to monitor my “outgoing traffic.” McAfee does not address this question. So here’s what I would guess:
*If an “enemy” has successfully invaded my machine, it will want to communicate outwards, to propagate itself onto other machines or to bring in more bad guys.*
Well, I guess it would be altruistic on my part to block the propagation of evil, but certainly, my reason for installing a firewall is to block incoming in the first place, not outgoing.
Furthermore, it appears to me that any industry that sustains itself by making an updated list of all the viruses ever created, could also make a list of the comparatively few programs that have a legitimate reason to communicate “out”. They could then block (and kill?) non-legit communicators instead of asking me if it’s ok. Ok, being more careful, they could ask me if I have any reason to pardon these transgressors instead of killing them.

The McAfee display also makes a big thing out of the “Warnings” it has logged.
Here’s the detail on one of these:
McAfee Firewall blocked an outgoing TCP packet.
The remote address associated with the traffic was 207.44.158.6.
The remote port was 80 [HTTP].
The local port on your PC was 1295 [ephemeral].
The network adapter for the traffic was “Kingston EtheRx PCI Fast Ethernet Adapter (DS21143)”.
The binary data contained in the packet was “00 60 0f e9 1e fa 00 c0 f0 4d 62 20 08 00 45 00 00 28 e3 08 00 00 80 06 28 8c c0 a8 01 60 cf 2c 9e 06 05 0f 00 50 00 2e 03 76 00 2e 03 76 50 04 00 00 73 fe 00 00 “.

How is this protecting me from having my tires blow out?
Since McAfee hasn’t warned me of any bad guys living on my computer, why is he interfering when my good guys want to communicate out?
Giving the benefit of the doubt, I suppose it might be useful to a network administrator.

Finally, I am not a wise-ass. I have tried to ask a precise question here, (maybe a little aggressively) because I would love to know the answer. Come on in.
Thanx, Al

Reply | Quote

Al–

You can get plenty of information on how any software firewall works on the web. The manufacturer’s site will have information, and if you want to go deeper, there will be a tech support section and forums on the site. You could also use something like google groups or yahoo groups or any search engine and get endless information on a particular question. They “do you plenty good.”

They manage traffic in and out of your system. Two essentials you do not want to run your computer(s) without any more than you’d run your car on tires that will blow any second are updated viral definitions and a decent software firewall. The native firewall in Windows XP has received much criticism because it does not address traffic going out, and Microsoft has vowed not to repeat that mistake next time they get a chance to offer you one. This is why most people on the Lounge would advise you to get some other kind of sofware firewall and if you’re using ZA–ZA has gotten some high marks from a lot of people.

SMBP

Reply | Quote

[indent]

---

do they actually do the typical dummy (like me) any good

---

[/indent]Absolutely. I liken computers on a network to many doors in a hallway, and a trojan/hacker trying all the doorknobs. Your door in this hallway is hidden, and also locked, to any comers who give the knob a jangle.

Understanding how they work is nice, but not required. Better to be protected than to be swimming in the shark tank with a bleeding wound.

Reply | Quote

[indent]

---

do they actually do the typical dummy (like me) any good

---

[/indent]Absolutely. I liken computers on a network to many doors in a hallway, and a trojan/hacker trying all the doorknobs. Your door in this hallway is hidden, and also locked, to any comers who give the knob a jangle.

Understanding how they work is nice, but not required. Better to be protected than to be swimming in the shark tank with a bleeding wound.

Reply | Quote

Thanks everybody,
While I will give Zone Alarm a try, I guess my question still is: Since these programs don’t really tell you how to use them, do they actually do the typical dummy (like me) any good?
Thanx, Al

Reply | Quote

Software firewalls are designed to provide “two-way” protection: prevent undesired incoming and outgoing connections. This may help you identify spyware and trojans that, unbeknownst to you, are spilling data out to somewhere else.

Depending on the features of a given product, you usually can identify applications to which you are giving carte blanche to send to the Internet, and then just deal with prompts for a few unexpected ones. Whether McAfee’s implementation is any good, I have no idea.

Reply | Quote