all the software firewall is not good.....

because torjon Coulds circumvent Firewall easily


By means of that he counterfeits an approval to himself  in Firewall

E-Mail from Gregor Freund, President of Zone Labs
Thanks you for this and your other message. I appreciate the opportunity to address your concerns and apologize for the delay getting back to you - I just came back from a vacation.

Up front: No security is absolute and one hundred percent. This is true for both cyber security as well as the "real world". You can put seat belts in a car, throw in air bags and crush zones and you will still have accidents that you just can't survive. The same principle is true for house or car alarms. Security measures are always a balance between protection, convenience, cost etc. For example I fly small airplanes who have 6-point seat belts which are much better then anything you would find in a car. The reason you don't find them there is that they are inconvenient to put on and restrict your movement so most drivers just wouldn't use them and end up being less secure instead of more. Every security vendor is selling tools to reduce your vulnerability, not to completely eliminate it.

Having said this we set our standard for appropriate security very high. None of the "generic" attacks to break through ZoneAlarm have ever succeeded and believe me, people have tried. In order to compromise a protected system you would have to either break through the integrated firewall or the MailSafe feature in order to run a malicious application on a victim's PC. For the sake of argument let's assume that is possible. If that malicious application then tries to communicate over the Internet (for example to steal your confidential data) we can and will stop it.

That leaves the possibility to attack the ZoneAlarm program itself. We have seen some lab attempts to do this but nothing in the "wild". Of course any of our competitors are subject to the same potential vulnerability. With version 2.1.44 we have changed the software so that even most of those attacks will fail. You still can unload the ZoneAlarm program (there is nothing under Windows that can stop this) but the underlying service will continue to enforce your security settings.

We are currently testing a new version that further improves the security margin. That version will be available towards the end of January. The goal is that ZoneAlarm can not be sabotaged provided that you
- Run on a semi-secure version of Windows (NT, 2000 or Whistler)
- Don't run in administrative mode
- Use the password feature
Under Windows 95/98/ME those margins will be a bit narrower. Please understand that we need the appropriate time to test the new code. Rushing out some pseudo-fix without sufficient quality assurance will have the opposite effect - users would run into all kinds of troubles and might eventually uninstall ZoneAlarm - not exactly an improvement of their online security.

You should also note that any of the potential attacks in this context would succeed with conventional firewalls such as CheckPoint or SonicWall. These products don't have any application-level protection at all and for example they all have to allow outgoing traffic on port 80.

We are extremely proud that we help eight million users to significantly improve their online security and have protected hundreds of thousands of them from serious harm. We take the resulting obligation very seriously and will do everything in our power to continuously improve our products in order to justify the trust of our users.

Best Regards,
Gregor Freund
President, Zone Labs, Inc.