I didn't and I can't see any real reason to. I think really that the VPN, Remote management and Web filtering services should not be "paid for" features as they are not with other home routers that are of equivalent price.

Also I still don't know, can Z100G owners who are not subscribed to the service manually update their firmwares once they are released? I certainly hope this is the case. If not, it would reflect quite poorly on Sofaware IMO.

That all said, the annual fee should be greatly reduced and cover only the mail virus scanning, antispam, dynamic dns, mail reports, and vss.

The subscription service includes software updates, antivirus updates, parental controls, dynamic DNS, and monthly security reports.

Other functionality such as VPN and remote management does not require the subscription.

First year is free. The annual renewal cost is $69.95.

The SofaWare Team

quote:

Originally posted by Admin:
The subscription service includes software updates, antivirus updates, parental controls, dynamic DNS, and monthly security reports.

Other functionality such as VPN and remote management does not require the subscription.

First year is free. The annual renewal cost is $69.95.

The SofaWare Team

Parental Controls??? Have I missed something? Or is this the content filtering? When I hear the term it implies that I can also control access times that computers can get on the web also. Just curious cause of the term used.

As for renewing... I am in... Though I want to know when you are going to offer the spam feature that shows in my report but says I am not licensed for... :o)

I think it's well worth it. All it takes is ONE intrusion to steal your identity or create a situation where you spend days trying to recover you system. I think Geek Squad charges several hundred dollars to restore your computer if you don't want to do it yourself, so they probably hate the Z100G because we don't ever need that service.

I work in the data network industry and lots of people think firewalls are overrated because no one sees the fruits of their labor. They only notice the things that go wrong! Interesting.

If you think the other routers are giving you the same level of protection for "free" then you might want to investigate the SmartDefense tab under security in the Z100G and then see if you can find anything remotely similar with the other brands. It isn't there because the premier firewall company in the world is Checkpoint and they own Zonealarm.

I certainly don't know of any home routers that have true implementations fo the following:

• Stateful Program Firewall: some others say they are stateful, but without constant updates they are old routers looking for old problems.
  
  
• Gateway Antivirus: No others do this in this price range. They require you to install the software on each computer and then let you know if the computer gets out of date. The software on the computer does that for you already.
  
  
• Secure Remote VPN: Hence the word secure. Others use username and password which most people never clear the default.I have successfully hacked into Linsys and Dlink VPN routers by using the documentation on the manufacturer's website. The Z100G forces you to establish a valid certificate before you can even consider setting up the VPN.
  
  
• Intrusion Detection and Prevention: No other does this.
  
  
• Clientless Remote Desktop: Again, no other.
  
  
• Web Filtering (Parental Controls): Dlink tries to do this but after two weeks of hell, i gave up trying to make this happen successfully. It also required client software to make this work.
  
  
• Wireless Segmentation: Unique for a home solution. There is no other router that does this until you get to the big dollar Cisco stuff.
  

As for the definition of parental controls, I don't think there is an industry standard on the term, but I usually assume that it means content control. I have used other monitoring tools that include time monitoring, but they slowed the computer to a crawl and I spent more time screwing with the software than the kids did using the computer. That said, time restriction is a great feature to add. Put it in the suggestion forum and I will tag on too. Any others?

Parental controls in that you can create network objects for computers and exclude then from web filtering.

I did not see any time restriction features. I do note that you can create rules to allow specific computers access to specific web sites.

You might be able to limited the amount of computer time allowed per PC (then assuming your children are assigned a specific PC).

This is based off the Checkpoint VPN-1 Edge W / Firmware 7.5.48x.

You can create time-based rules (meaning active between time x and y). You will need to provide DHCP reserved IP addresses per PC then increase the Security Level to either High or Block All. Then you will need to create specific rules for all your computers for outbound access. When you create the specific access for "children's PC" you set to be active between specific times only.

I will disagree completely that firewalls (even Checkpoint enterprise grade firewalls) will protect you from intrusions. Typically perimeter security (Firewalls/IPS) do not come close to level of protection compared to end-point protection/security.

Majority of virus/malware/etc are typically installed into a users PC from just "plain ole" web browsing (site that are perfectly safe or not included in content filtering). To make it worse talk back (or phone home) on typically allowed outbound ports (443/tcp or HTTPS) and to add insult to injury are encrypted and use the TLS/SSL protocol thus no perimeter firewall/IPS can even evaluate the connection.

To be honest you get more "bang for the buck" if you did not use admin level (complete access) for general usage.

As far as the service being worth it, well that up to you. For the content filtering updates it might be (if you have children and want to control what they browse). Never believed firmware/software updates should be payed for as long as the actual product has not been discontinued by vendor.

Well disagree you will. Of course, if you really think perimeter security is not as strong as endpoint security, then there is absolutely no reason to invest in a firewall.

But for the rest of you on this board, take advice from a seasoned veteran, use both! End point security can be far weaker than perimeter security for the simple reason that the end user decides what is good and bad. Checkpoint indeed DOES check outgoing requests for anomalies and will stop suspected traffic unless you decide through the setup that you want to minimize security and set the settings lower.

Since you are season veteran ( I always find it cute when people say I have been in field for X number years.... typically that just means they have been doing it wrong for X number of years, but I digress) you should be able to explain this.

Please explain to me how a Checkpoint firewall (and lets for sake of argument you have the SmartDefense license which includes upgrades not just the major install features) will be able to detect whether the traffic is malicious or benign if it is encrypted and runs through allowed ports such as HTTPS (443/tcp) or SSH (22/tcp) and follows either protocol standard?

I didn't state there was no reason to invest in a firewall, they provide access control, but do ~not~ believe they some magic bullet that will prevent spywar/malware/bots from being installed on your PC(additionally is more of a comment on 70 dollars a year service). Statement about endpoint security.... specifically you will in-fact provide a more secure environment if you follow some simple basic steps: (and free steps) such run as user (not admin) for regular usage, patch regularly (not just OS but applications use installed) and install application you need (do you really need a pop-up from southwest telling you when a great deal comes along).

I renewed.. I still think with all its shortcomings the Za100 is one of the more capable prosumer firewalls.. The major upgrade with the 7.5.48 did a lot for this router and in general I find the support well done..

Now to those expecting VPN and web filtering for nothing... Very few products have *FREE* web filtering, since web filtering is similar to making virus updates and there are actual people rating the websites for the filter..

In the buisness world, you dont get anything for free.. this is a prosumer buisness device NOT your typical foriegn made sub 100$ router..

Not going to waste my time with you. You are condescending, unappreciative of the assistance provided on this board, quite arrogant, and I can't care less how smart you might think you are. Go somewhere else and quit wasting time on this board.

To the rest of you, you need perimeter (router) security as well as end point (computer system) security. The Z100G provides the best overall perimeter security for the price, albeit you need to either trust it or learn the ins and outs to make it effective.

This message has been edited. Last edited by: Texas Rocket,

All the while on your soap box you could not answer the question.

That experience/knowledge must be a different "seasoning" than what you have Here Ill help ya out.

It ~cannot~ distinguish the difference between encrypted traffic that follows RFC standards for SSL/TLS connections from malware/spyware/backdoors/etc from traffic generated from Microsoft IE/Firefox/etc. Thats the crux since most of all the nasty programs are designed in that matter to avoid detection.

Unfortunately most (if not all) security products follow the stance "Everything gets through as long as it doesn't look bad" instead of "Nothing gets through unless it looks right". Security solutions that adopt the default permit philosophy will always be fundamentally at risk from new attacks. The time between the release of the new attack and the development of the signature might be a matter of hours or even days. While that window of vulnerability is open, the customer will have no alternative but to either patch host software or disable that service.

Which leads to anti virus....

Perform a simply search... most if all the security professional will tell you anti-virus doesn't work... why because its a blacklist technology (i.e. based upon known viruses only, what about the unknown, or how about simple hex-editing of a known virus can avoid detection).

http://www.google.com/search?hl=en&q=why+antivirus+does...k&btnG=Google+Search

If you actually read the statements you would see I am not against firewalls or even anti virus, but do not give everyone some warm fuzzy (particularly since you ~don't~ understand the technology) that if you have these solutions you are protected (I can tell you from experience that large organizations have all these nifty products and more yet still are riddled with virus/malware)..

Unfortunately in this day with almost every home having at least 1 computer and broadband connection to the Internet and the rise of identity theft/phishing/malware it requires daily diligence (more than just running an firewall/anti virus).

I agree that is an awful lot to except from the average person, but thats how it goes.

Attackers Use New 'Call-Home' Method to Infiltrate Home Networks
http://www.darkreading.com/document.asp?doc_id=143534&WT.svl=news1_6

Malware Quietly Reaching 'Epidemic' Levels
http://www.darkreading.com/document.asp?doc_id=143424

First, understand that my purpose on this board is to assist those who are having difficulty with their Z100G and to share ideas that make it more palatable for the "average person."

Forget my refusal to answer your totally inane self-serving post by explaining something to you that you don't understand. Your concept of security is severely flawed and I suspect its because you rely on so many "sources" you site rather than your own experience.

Here's a useful question: "What positive purpose have you served so far with your posts of highly unreliable information?"

Oh, by the way, I definitely am seasoned. Have my name on three RFCs to date and working on two other committees as we chat.

I wasn't sure if I was going to renew or not myself-though I have a few more months to decide. As pleased as I am with this router, I will say I find it irritating to have to pay for firmware updates, as I never had to pay for firmware upgrades in the past when using other vendors.

However-I have kids, and the built in web site filtering keeps them safe from sites I'd rather they didn't visit. That in and of itself will probably lead me to renew. (I initially didn't have it on, and one of my kids typed one wrong letter in the URL for one of her favorite kid sites, and got bombarded with porn. Needless to say their machine is filtered now....)

Oh, and I do like the set it and forget updates. I always had to go searching for firmware updates for my previous router, WHEN I REMEMBERED to check for them.

As a newbie here, and just turning on the device in the last few days I would say that I will renew when the time comes. I do have one question and didn't see anything from my search of the board, so here goes.

I see on the services tab that there are some that are not enabled such as Email Antivirus, Email Antispam, Dynamic VPM, and Vulnerability Scanning. Are these features that are going to be added later, or am I missing something as I see no way to upgrade to or activate them.

TIA

quote:

Originally posted by BlueScreenBetty:
I wasn't sure if I was going to renew or not myself-though I have a few more months to decide. As pleased as I am with this router, I will say I find it irritating to have to pay for firmware updates, as I never had to pay for firmware upgrades in the past when using other vendors.

SofaWare just adopted Checkpoint's stance on upgrades which is it has to be under a support, otherwise you've bought product "as is". With Checkpoint 2 types of support contracts exists

1) one for software (firmware/SmartCenter libsw files)
2) technical issues (submit tickets).

So if Sofaware's stance is "as is" regarding firmware upgrades and a security issue is found with a firmware in the field does this mean they will not allow non-subscribed customers to obtain a fix? If this is true I would be quite shocked.

I thought that non-subscribed owners would still be able to firm-up manually. Is this not the case?

For the UTM-1 Edge/Safe@Office 500 UTM that is correct, ZoneAlarm Secure Wireless Router might be different since that is marketed to the home user, but I would not be surprised if that was the case.

quote:

Originally posted by blankoboy:
So if Sofaware's stance is "as is" regarding firmware upgrades and a security issue is found with a firmware in the field does this mean they will not allow non-subscribed customers to obtain a fix? If this is true I would be quite shocked.

I thought that non-subscribed owners would still be able to firm-up manually. Is this not the case?

It would be in keeping with other vendors' support agreements, Juniper does the same thing.