Comment by alhazrod
8 days ago
I remember before Little Snitch there was ZoneAlarm for Windows[0] (here is a good screenshot[1]). No clue if the current version of ZoneAlarm does anything like that (have not used it in 2 decades). I always found it weird that Linux never really had anything like it.
[0]: https://en.wikipedia.org/wiki/ZoneAlarm
[1]: https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/upl...
I wrote a program similar to this for AmigaOS many, many years ago. I would have been inspired by ZoneAlarm or a program like it.
I've just found it and uploaded it to github. Looking at the code, I can see my horrible C style of the time. There's probably bugs galore.
https://github.com/JetSetIlly/Direwall
If I remember correctly, it runs as a commodity and patches the socket library. Interestingly, the socket library was not re-entrant (unusual for Amiga libraries) so I had to patch the Exec OpenLibrary() function to monitor the loading of new copies of the socket library. But it's been a long time so memories are hazy.
It'll be interesting to see if it is still compiles and runs for modern AmigaOS, if any active Amiga programmers are around to see.
What I really liked about ZoneAlarm wasn't just that it was a very nice technology - and it was; but also that it got the user expectations and training right from a very early stage.
It was quite insistent on the fact that it would be "noisy" at first as it queried all the programs you ran, but would then quieten down once it had been "trained". It got that across in clear, simple language.
I think it was so successful because it got the soft side of its security job right as well as the hard part. It's certainly why I recommended it to anyone at the time...
Was working as an IT consultant. We got a call from an international manufacturer in the area for support. Local lead IT manager took down the firewall which infected their computer network around the world. All they wanted were bodies to help clean systems and apply OS updates.
My personal computer had ZoneAlarm on it. It became ground zero for reporting about infected systems. They ignored systems they thought were save; CISCO phone system running on Windows server and other backend devices. The company then bought a few licenses to run their own laptops.
It is such a same that Microsoft destroyed _ERD Commander_ and other quality tools which assisted in the clean up.
Completely forgot about ZoneAlarm. I remember using it in the early 2000s!
I read ZoneAlarm and it was like suddenly a part of my brain that went unvisited for 25 years lit up...
WinAmp skins. Alternate shells for Windows(!). Cygwin because I still played too many games to go full Linux.
Yeah...
3 replies →
I helped administer the CheckPoint commercial version of this before 2010 in a large enterprise (Checkpoint Integrity it was badged as). Really good product though we did have some bugs with it - I do remember the developers from Israel got involved and were very capable.
It mostly worked exactly as you would want a desktop firewall to, and integrated nicely with Cisco VPN tech, so you could ensure Integrity was operating correctly before fully opening up the tunnel for access to corporate assets.
Such nostalgia! I probably forgot about it after switching over to Linux 25 years ago.
Same. And in a similar vein--AnalogX NetStat Live.
Same... Totally forgot about ZA.
Same!
> [ZoneAlarm] I always found it weird that Linux never really had anything like it.
There was simply no need for it. GNU provided most of the software, spyware was unknown.
Only since comercial vendors package for linux and bring their spyware along, the desire to inspect network rose.
This is such a naive view on computer security. It’s not just about spyware, which is also not exclusive to commercial vendors.
It's not, though. There simply wasn't enough malware to worry about. Why would I run a firewall when I was unlikely to ever encounter a malicious program?
2 replies →
What else is this about? Debian repositories still contain no malware and if you install software exclusively from them, you'll be safe.
18 replies →
This reminded me of running Kerio Personal Firewall. When Kerio ended I switched to either ZA or Comodo firewall, one of them introduced a neat feature of running executables in containers. Made clicking random things so much easier. But the best part with all of these was restricting windows to where it could barely do anything. "RandomXYZ.DLL wants to execute random what and connect to random where? I dont think so MS." lol
Who remembers BlackICE Defender tho?
https://archive.org/details/BlackICE_Defender
I was there for SoftICE and BlackICE.
Simpler times.
I remember switching from Win95 to NT4.0 just to be able to use SoftICE properly under Windows without all the stability problems, it was an incredible time! SoftICE felt like absolute wizardry at the time.
Wow. Insane throwback. I think I first learned about ZoneAlarm from some PC magazine my parents bought for me. Completely forgot about this great piece of freemium!
if anyone else suddenly started wondering, PC magazines still exist in physical form. There are even still Linux magazines that come with installer CDs for distros. And all kinds of other magazines as well, like for Mac computers, for photo editors, for Raspberry Pi etc.
I learned about it from Leo and Patrick on The Screen Savers
I ran ntop on a router in 2001. It had a highly insightful overview of traffic with nice looking diagrams and everything. There hasn't been anything like that since as far as I'm aware.
ZoneAlarm otoh, was snakeoil. Programs that ran at the same privilege level (typically everything) could bypass it in various ways.
Back in the Halo 2 days ZoneAlarm and Cain and Abel were the go-to host bridging and bluescreen programs.
A simpler time lol.
Used to use Outpost Firewall Pro, too.
Good old Halo 2 stand-bying. An absolute plague.
It's interesting hw lng it took for linux to get a user friendly application firewall like OpenSnitch
It's because there's no way to make universal kernel modules/drivers, like it is on Windows.
The way to make kernel modules is to submit them to the kernel. Not really sure what a “universal kernel module” really is.
Also that seems irrelevant because it seems this was implemented in eBPF so no kernel modules are required.
1 reply →
There was also Tiny Firewall which got bought by Computer Associates around 2005. Probably the most complicated or fine grain control for me at that time in Windows XP.
This is what I used! At some point I managed to block DHCP lease renewals on my computer, and Internet would always stop working after a given timespan. Took a good while to figure out I caused the problem myself.
and that's how you learn...
Shooting yourself in the foot really helps to built intuition!
3 replies →
For me it was Sygate personal firewall back on windows xp
i loved zonealarm! and also pained myself with all the little rules and upkeep lol
Linux users just browsed firewall logs.
Back when people would try to winnuke others on IRC, the Linux guys would know who sent them the packet and call them out in the channel (and then usually ban them)
> I always found it weird that Linux never really had anything like it.
OpenSnitch must be like ten years old by now. I think also portmaster is somewhat similar too.
I tried out portmaster recently. Coming from rethinkdns on Android, I was far from impressed; it looks featured, but it's much harder to use. Opensnitch looks better but doesn't have the nice features to drill down connections (get from app requesting a domain being resolved to an IP and connecting on a port, and filter this at any level including globally; if the request was already filtered, you can see why and get to that filter to either remove it or add an exception)
rethinkdns dev here
> I tried out portmaster recently. Coming from rethinkdns on Android, I was far from impressed; it looks featured, but it's much harder to use. Opensnitch looks better but doesn't have the nice features
If 'far from impressed ... much harder to use' is about Rethink DNS + Firewall... Over the years, we've got numerous complaints about the UI over emails and on GitHub Issues, so we're acutely aware of the fact. In our defense, we have had no help from a designer, and couldn't come up with a good UX even if our life depended on it. We'll keep trying though.
ZoneAlarm, assuming it still exists, would be at least 20 years old.
Back then there was also a nice ~$15 program called Net Limiter which allowed one to cap network speeds individually per program.
It was problematic, so we moved to blackice defender iirc
isn’t this essentially built into Windows these days? although it seems to come with a lot of programs pre-approved.
No, the Windows firewall in its default configuration does not restrict outbound connections in any way. Any application can make any outbound connection it wants. If an application attempts to listen for incoming connections from external sources and there is not an existing policy, Windows will pop up a dialog asking the user if they want to allow this and if so whether it should be allowed to listen on all networks, only networks marked as "private", or for domain-bound corporate computers only networks where the domain controller is reachable.
It can be manually configured with very detailed policies, but you have to know where to go to find those controls.
It's been a while since I used ZoneAlarm or Little Snitch, but the last time I used either one the default behavior was instead that any connection attempt or attempt to listen for which there was not a policy would result in a dialog showing all the details about what application is looking to connect to or receive connections from what as well as a variety of options for creating a policy or even not creating a policy and just deciding whether that one connection would be allowed.
Also back when I used ZoneAlarm I had dialup so the taskbar addon they had which showed realtime bandwidth usage and what applications had active connections was really useful. It also had a big red "Stop" button that would immediately disable all connections, which thinking about it in retrospect really makes me miss the more innocent days of the internet.
Most of the windows firewalls tools are just front ends for the integrated one with more sensible defaults.
Iirc the firewall was already in XP. Maybe earlier but sp2 for sure.
Default allows everything though but you could even set outbound blocking rules. Cumbersome UI and no really good visibility though.
You gonna commit seppuku if you try to add rules with the built in one.
[flagged]
That website redirected my browser to a very sketchy website after a couple seconds.
Don't open it.
@dang
That domain is blocked by Hagezi's Ultimate list. Definitely remove that user's comment
@dang doesn't do anything; send a quick email to the contact address with a link