On Monday, April 15, 2002, at 10:06 , the pickle wrote: > The assumption is that a firewall is intended to keep out undesired > traffic > from the machine(s) on the protected portion of the network. > > Let's say, for the point of demonstration (and what's usually the case), > that the network consists of one box hooked to a broadband connection. > This box is the user's primary computer, used for everything, including > the > software firewall. > > A software firewall running on this box has, by definition, *already* > failed its basic "raison d'�tre," if you will. It can't block any > traffic > from getting to the box it's supposed to protect simply because *IT IS > RUNNING ON THAT BOX*. In order to detect any of the traffic, it *has* > to > let it through, thus compromising the box.
Well, a software firewall sitting on top of OSI layer 4 and below OSI layer 5 would be OK. For that matter, so would a software firewall between layers 2 & 3 or 3 & 4. But that would have to be built into the IP stack (most likely by the OS vendor), and that's not how the "software firewall" ZoneAlarm works. So yes, since ZoneAlarm is a layer 7 application, the traffic does get onto the machine. It is conceivable that someone could write a "software firewall" such as what I describe, but it's not likely. Eagle -- Compact Macs is sponsored by <http://lowendmac.com/> and... SPECIAL LIST PRICES - Replacement Apple CDROMs from $19.99, MacOS 8.5 CD $79.99 PPC 5400/200Mhz 16/1.6GB/CD/ENET/L2 $119, 5+ for $99 <mailto:[EMAIL PROTECTED]> Support Low End Mac <http://lowendmac.com/lists/support.html> Compact Macs list info: <http://lowendmac.com/lists/compact.shtml> The FAQ: <http://macfaq.org/> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive:<http://www.mail-archive.com/compact.macs%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
