A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Windows XP Help and Support
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

does windows Firewall block "outgoing" traffics?



 
 
Thread Tools Display Modes
  #31  
Old August 11th 06, 09:18 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Fri, 11 Aug 2006 02:04:07 GMT, Leythos wrote:

In article ,
says...
If you cannot provide better advice than that, please do us all a
favour and disconnect your computer from the internet.



And your "Software firewalls the monitor outbound traffic aren't 100%
perfect so don't bother" is better advice? Get real. Even imperfect
detection is better than none whatsoever.


Bruce, B.Nice is part of the VB/SG group that believes nothing is good
for security and the only solution is to not use a computer, just read
their posts in the security groups some time.


Thank you, Leythos - for giving me so many good laughs :-)

First of all, I'm not a part of any "group". My opinion was formed
long before I even knew about the ones you are referring to. My very
first posting to c.s.f. proves that - and is there for everyone to
find. But since you seem to be resistant to facts, I don't expect you
to bother go looking.

BTW, talking about "groups" - you seem to belong to the group of
people refusing to provide references for your claims. The proof of
that is freely available in the same group too for everyone to check.
That leaves you with no credibility.

I think we should just let people decide for themselves who they want
to listen to.

Anyone that suggests anything running on the host PC is crucified on the
spot.

Ads
  #32  
Old August 11th 06, 10:07 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Thu, 10 Aug 2006 19:44:03 -0600, Bruce Chambers
wrote:

B. Nice wrote:
On Tue, 08 Aug 2006 20:31:23 -0600, Bruce Chambers
wrote:

If you don't know what you have installed on your own
computer, and don't know what each application is supposed to be doing,
please do us all a favor and disconnect the computer from the Internet.


That's just ridiculous. If you know exactly what applications are
running on your computer you have absolutely no need for a personal
firewall at all.



I see that reading comprehension isn't one of your strong suits.


Yup. Offensive talk and no arguments is what I get from you. That
does'nt surprise me.

I said "If *you* don't know what *you* have installed...." Where did I
even imply that unknown software couldn't get into the system without
the OP's knowledge.


Impressive spin attempt. I must applaude you on that :-)

That's precisely why a firewall that checks
outbound traffic is so essential.


And unreliable.

If you were serious you would know that malware is not something you
try to control. Therefore your first advice should have been about how
to get rid of it. Completely. Your next advice should have been about
how to prevent something similar to happen again.
Controlling malware that is already running is simply a silly idea.

The OP stated that he suspected some hidden programs in his PC making
outgoing connections. And you threw in your usual "install and
properly configure a personal firewall" magic bullet completely
ignoring the fact that outbound control is highly unreliable.



It's no "magic bullet."


It certainly is'nt. But you repeatedly use it as one.

It's best means of detecting unwanted outbound
network traffic there is.


No.

How would you recommend the OP do it? A
packet sniffer, perhaps? A hardware firewall appliance on his home
LAN's perimeter?


A packet sniffer on a known clean machine in the network neighbourhood
is probably the only foolproof method. But of course that is no good
advice for the average user.

A good anti-malware product (a few maybe) is what should be
recommended for the average user. That is'nt foolproof. But if such
programs cannot spot and clean it, don't expect that personal
firewalls will be able to spot its outgoing connection attempts.
If afterwards you still suspect something to be wrong, there really is
just one option: Flatten and rebuild.

Oh, and one cannot ignore a "fact" that isn't a fact at all, but just
your unsubstantiated opinion. Sure, personal firewalls are imperfect,
but the good ones, when properly used, most definitely aren't "highly
unreliable." Not even close.


That's your opinion then. One only needs to visit
http://www.firewallleaktester.com/tests_overview.php and press the
"view results" button at the botom to get an idea about how personal
firewalls in general perform as far as outbound connection control is
concerned. And remember, malware needs only one hole (therefore you
cannot use these results to make decisions about which one to choose
either). And what about the possibilities that leaktests have not yet
been written for?

What clever malware does is either check which firewall is running to
figure out the right way to get out, or simply try different methods
until it finds one that works. In the meantime your user feels safe,
because a connection attempt was blocked. What really happend was that
3 seconds later the malware succeeded using a different approach.

To make a clear statement: If you need outbound control, it is already
too late.

If you cannot provide better advice than that, please do us all a
favour and disconnect your computer from the internet.



And your "Software firewalls the monitor outbound traffic aren't 100%
perfect so don't bother" is better advice?


Where did I say that?

Get real. Even imperfect
detection is better than none whatsoever.


Actually you cannot argue like that. You are saying that adding a
detection method is good by definition. That's not nescessarily true.
You have to consider all pros and cons of both options.
  #33  
Old August 11th 06, 12:40 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
SPAM ME
external usenet poster
 
Posts: 10
Default does windows Firewall block "outgoing" traffics?


Bruce Chambers wrote:

And I apologize for coming off as rudely as I did. You managed,
through no fault of your own, to hit one of my pet peeves. I have
little to no tolerance for people who steadfastly refuse to learn how to
safely use their computers, and then whine when they have problems.
While you didn't whine, you did seem (to me) to be playing the "I don't
know, and I shouldn't have to learn" card.


Just an old, and I do mean 'old', penchant of mine when trying to learn
something new or solve a pesky problem, getting a number of smart
people to tell me how much they know about a subject, versus my telling
them how much I do or don't know. I've found out I learn a whole lot
more by listening to smart people, than talking to them. These NGs
have a lot of bright people with a wealth of knowledge and information,
who are interesting, as well as entertaining, to read. There are also
some here whose parents must have done a bellyflop in to the gene pool.

BTW, I do have an older version of ZA protecting a Win98 machine (setup
exactly the way you suggested), and it's on-line 24/7, going to a lot
of weird places, with no problems what-so-ever. However, the recent
version of ZA, combined with the myriad of XP processes, caused me to
back-off ZA and seek some wisdom. Thank you for taking the time to
respond.

That said, B. Nice does make a good point about the futile effort of
trying to 'control' malware with an outbound firewall, and the false
sense of security that can give naive users. I look at an outbound
firewall as an alert mechanism, it may not block a persistent malware
app from communicating, but it does let me know that something slipped
past my best efforts to stop it, it is now inside, trying to get out,
and I've got S&D work to do, immediately. Not all bad.

  #34  
Old August 11th 06, 12:48 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
SPAM ME
external usenet poster
 
Posts: 10
Default does windows Firewall block "outgoing" traffics?


SPAM ME wrote:

I look at an outbound
firewall as an alert mechanism, it may not block a persistent malware
app from communicating, but it does let me know that something slipped
past my best efforts to stop it, it is now inside, trying to get out,
and I've got S&D work to do, immediately. Not all bad.


In fact, Bruce, that's what you said. See, I was listening.

  #35  
Old August 11th 06, 01:07 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote:

I look at an outbound firewall as an alert mechanism, it may not
block a persistent malware app from communicating, but it does let me
know that something slipped past my best efforts to stop it,


How would you know that if your firewall does'nt tell you? ;-)

it is now inside, trying to get out,
and I've got S&D work to do, immediately. Not all bad.

  #36  
Old August 11th 06, 06:43 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
No More Spam?
external usenet poster
 
Posts: 2
Default does windows Firewall block "outgoing" traffics?


B. Nice wrote:
On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote:

I look at an outbound firewall as an alert mechanism, it may not
block a persistent malware app from communicating, but it does let me
know that something slipped past my best efforts to stop it,


How would you know that if your firewall does'nt tell you? ;-)



Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep
them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper
and AVG would find them. If not, my PC will probably be toast.

Got any suggestions?

  #37  
Old August 11th 06, 06:58 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On 11 Aug 2006 10:43:03 -0700, "No More Spam?"
wrote:


B. Nice wrote:
On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote:

I look at an outbound firewall as an alert mechanism, it may not
block a persistent malware app from communicating, but it does let me
know that something slipped past my best efforts to stop it,


How would you know that if your firewall does'nt tell you? ;-)



Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep
them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper
and AVG would find them. If not, my PC will probably be toast.


Okay, but you were explicitely saying that you looked at an outbound
firewall as an alert mechanism that would let you know if something
slipped past your best efforts to stop it - and now you are pointing
to all other kinds of products instead. That confuses me.

Got any suggestions?


For what?
  #38  
Old August 12th 06, 12:23 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
SPAM ME
external usenet poster
 
Posts: 10
Default does windows Firewall block "outgoing" traffics?


B. Nice wrote:
On 11 Aug 2006 10:43:03 -0700, "No More Spam?"
wrote:


B. Nice wrote:
On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote:

I look at an outbound firewall as an alert mechanism, it may not
block a persistent malware app from communicating, but it does let me
know that something slipped past my best efforts to stop it,

How would you know that if your firewall does'nt tell you? ;-)



Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep
them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper
and AVG would find them. If not, my PC will probably be toast.


Okay, but you were explicitely saying that you looked at an outbound
firewall as an alert mechanism that would let you know if something
slipped past your best efforts to stop it - and now you are pointing
to all other kinds of products instead. That confuses me.


It must be me, B. Nice, because you don't seem to be the variety that
would be easily confused.

As I know you must know, the other kinds of products I was pointing to
are just the ordinary layers of malware defense and detection apps that
any prudent user employees, updates and has in place to protect their
system.

Also, as I think you would agree, none of these apps are perfect, so,
there is always the possability that some scum will get in. When it
does, hopefully, an outbound-blocking firewall would warn me, OR, if
things are running poorly, a scan of the FW log will show that
something else besides my trusted apps are talking about me with others
on the Internet. That would prompt me to take action to find and quiet
that nasty thing. If I can't find it by myself, I would probably be
back here asking for guidance from the experts, like Elephant Boy.

Got any suggestions?


For what?


That reminds me of Bubba's response when the cop asked him if had any
ID, "Bout wut?"

Any suggestions as to other measures I should take, other apps I should
use to improve my malware defenses, in addition to practicing Safe Hex.

Now, I'm sure you had another point you wanted to make, other than to
attempt to show me up as a novice, what was it? I'm always eager to
learn new stuff.

  #39  
Old August 12th 06, 01:24 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
Bruce Chambers
external usenet poster
 
Posts: 6,208
Default does windows Firewall block "outgoing" traffics?

SPAM ME wrote:


Just an old, and I do mean 'old', penchant of mine when trying to learn
something new or solve a pesky problem, getting a number of smart
people to tell me how much they know about a subject, versus my telling
them how much I do or don't know.



Not an entirely bad approach, but I'd think you'd have to sift through
a lot of repetition....


I've found out I learn a whole lot
more by listening to smart people, than talking to them.



A truism, if ever I heard one. (One I need to practice a bit more,
sometimes.)



That said, B. Nice does make a good point about the futile effort of
trying to 'control' malware with an outbound firewall,



Here, I'd have to vehemently disagree. In the first place, the purpose
of an outbound firewall isn't to control malware; it's to control what
your computer sends to the outside world. One of the beneficial side
affects is that it can alert one to the presence of certain types of
malware. Secondly, even partial protection is better than none at all.


... and the false
sense of security that can give naive users.



As I've repeatedly said, the most important component of computer
security is a knowledgeable and pro-active user. *NO* software product
should ever be expected to make up for a user's intellectual laziness.
If a user wants to practice "security by faith," he pretty much deserves
whatever malware he gets.


I look at an outbound
firewall as an alert mechanism, it may not block a persistent malware
app from communicating, but it does let me know that something slipped
past my best efforts to stop it, it is now inside, trying to get out,
and I've got S&D work to do, immediately. Not all bad.


Which has been precisely my point, all along.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell
  #40  
Old August 12th 06, 01:28 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
Bruce Chambers
external usenet poster
 
Posts: 6,208
Default does windows Firewall block "outgoing" traffics?

Leythos wrote:


Bruce, B.Nice is part of the VB/SG group that believes nothing is good
for security and the only solution is to not use a computer, ....



Then they should probably follow their own advice.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell
  #41  
Old August 12th 06, 05:49 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Fri, 11 Aug 2006 18:28:42 -0600, Bruce Chambers
wrote:

Leythos wrote:


Bruce, B.Nice is part of the VB/SG group that believes nothing is good
for security and the only solution is to not use a computer, ....



Then they should probably follow their own advice.


These "guys" never indicate anything like "not use a computer"- What
they are saying is: "Run only programs you trust". Which is actually
very good advice. Leythos just does'nt understand or does'nt want to
understand why that makes perfect sense.
  #42  
Old August 12th 06, 07:49 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On 11 Aug 2006 16:23:04 -0700, "SPAM ME"
wrote:


B. Nice wrote:
On 11 Aug 2006 10:43:03 -0700, "No More Spam?"
wrote:


B. Nice wrote:
On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote:

I look at an outbound firewall as an alert mechanism, it may not
block a persistent malware app from communicating, but it does let me
know that something slipped past my best efforts to stop it,

How would you know that if your firewall does'nt tell you? ;-)


Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep
them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper
and AVG would find them. If not, my PC will probably be toast.


Okay, but you were explicitely saying that you looked at an outbound
firewall as an alert mechanism that would let you know if something
slipped past your best efforts to stop it - and now you are pointing
to all other kinds of products instead. That confuses me.


It must be me, B. Nice, because you don't seem to be the variety that
would be easily confused.

As I know you must know, the other kinds of products I was pointing to
are just the ordinary layers of malware defense and detection apps that
any prudent user employees, updates and has in place to protect their
system.


Yes, I know that's kind of like the "mainstream" way users are adviced
to be working. I don't know if the word mainstream is the right one to
use. English is not my native language, so sometimes I make mistakes.
I hope you understand the meaning.

My position is this: If you need all these extra "protective layers"
it is basically because you are working in an unsecure way. In which
case security apps won't be able to protect you properly. I normally
refer to it as "driving the highway like a madman surrounded by
airbags". It' does'nt really solve the basic problem. And it is just a
question of time until you will get hurt.

Security requires you to take responsibility of what you are doing and
how you are using your computer. In that sense, I'm in line with
people like Bruce. But it's a way too serious issue to leave to
questionable software vendors to solve for you.

Also, as I think you would agree, none of these apps are perfect, so,
there is always the possability that some scum will get in.


Yes, if you are not aware of what you are doing, I agree.

When it does, hopefully, an outbound-blocking firewall would warn me, OR, if
things are running poorly, a scan of the FW log will show that
something else besides my trusted apps are talking about me with others
on the Internet.


And that is where you are wrong. Malware is just using your already
trusted apps to get out. Furthermore, I would'nt base a security
concept on hope ;-)

That would prompt me to take action to find and quiet
that nasty thing. If I can't find it by myself, I would probably be
back here asking for guidance from the experts, like Elephant Boy.

Got any suggestions?


For what?


That reminds me of Bubba's response when the cop asked him if had any
ID, "Bout wut?"


Good one :-)

Any suggestions as to other measures I should take, other apps I should
use to improve my malware defenses, in addition to practicing Safe Hex.

Now, I'm sure you had another point you wanted to make, other than to
attempt to show me up as a novice, what was it?


It was'nt my intention to show you up as a novice. If I left that
impression, I apologize. Normally my "try your best to be polite"
filter is turned on. Only towards overselling security software
vendors and "smart ass" consultants do I deliberately turn that off
:-)

I'm always eager to learn new stuff.


That's a good basis.

Now, there are a few things I think you should know about computer
security.

* Small is beautiful
Within computer security, simplicity is generally good and complexity
is generally bad. That's for example why I don't like these big
"all-in-one" security suites. They really are awful - filled with all
kinds of unnescessary features, instead of concentrating on doing one
thing - and doing that reliably.

* Code is buggy
All computer software is buggy. Bugs lead to vulnerabilities that bad
guys can use to exploit.

* The more code - the more bugs - and the more vulnerabilities
It's very simple. If no code is running on your computer, there is
_nothing_ to attack. The more code is running, the more there is to
attack. Therefore one should strive for reducing what is running
instead of adding to it.

An example:
Your computer is providing network services (well known to be attack
vectors). Your computer is not on a network, so you don't need those.
To protect yourself, you then install a personal firewall.

Now, what you have done is to keep your existing vulnerabilities
running and adding further ones to it.
If you had instead disabled these services, you would be 100%
protected against attacks for these services.
That's why reducing stuff (reducing complexity) is better than adding
new stuff to protect existing stuff (increasing complexity).

If you have no services running, that are listening for network
traffic you can connect your computer directly to the internet just as
safely as if you were running a firewall offering inbound protection.
Then you would only be vulnerable to attacks fro the outside that
would attack the lower levels like the TCP/IP stack itself - attacks
that one should not expect personal firewalls to block either.

Now this will not protect you from running other app's (iincluding
malware) that starts to listen. But that´s where things like a good
anti-virus product AND most importantly, your brain, comes into play.

* Use the least buggy software
When dealing with the internet you need apps that can stand the heat.
One of the main reasons for getting infected with stuff like ad-ware
is surfing with Internet Explorer in an unsecure way. Internet Eplorer
has a bad history of being buggy - and still have some serious issues.
An easy way to strengthen your security is to use another browser that
does not by default come with client-side scripting possibilities like
Microsofts ActiveX. The same goes for using Outlook or Outlook Express
for e-mailing.

Now feel free to visit my web-site to get a broader idea of what I'm
saying. Read my rules. Understand them - and follow then. And if you
find it interresting, feel free to ask further questions. But in the
end do what fits your own habits the best.

http://home20.inet.tele.dk/b_nice/

As you of course also know, you should'nt trust anybody on the
internet (including myself ;-) - you will find many people offering
good advice - but at the same time they might well be somehow in it
for the money. So the advice they give is'nt always that neutral.

/B. Nice
  #43  
Old August 12th 06, 04:45 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Fri, 11 Aug 2006 18:24:21 -0600, Bruce Chambers
wrote:

SPAM ME wrote:
That said, B. Nice does make a good point about the futile effort of
trying to 'control' malware with an outbound firewall,



Here, I'd have to vehemently disagree. In the first place, the purpose
of an outbound firewall isn't to control malware;


Wrong. One of the main selling points of personal firewalls is exactly
the ability to stop malware from "phoning home", yes. (Please see
footnote [1]). And that means exactly "controlling what malware does".

it's to control what your computer sends to the outside world.


Which precisely covers primarily malware issues, but does'nt work
reliably. As soon as you have allowed e.g. your browser to connect,
you have provided a variety of ways for malware to connect without
being caught.

One of the beneficial side affects is that it can alert one to the presence
of certain types of malware. Secondly, even partial protection is better
than none at all.


... and the false
sense of security that can give naive users.



As I've repeatedly said, the most important component of computer
security is a knowledgeable and pro-active user.


Agreed. So now please start educating them instead of throwing
personal firewalls at them.

*NO* software product should ever be expected to make up for a user's
intellectual laziness.


But please look at what vendors claim to provide. Arguments like
"complete security" and "total invisibility to hackers" is what I see
on vendors web-sites. They are simply taking advantage of peoples lack
of knowledge and are blowing smoke at them. Under normal
circumstances, I would'nt bother too much. But this is about security,
g.. d.....

Furthermore you continue to neglect that there are a many ways for
malware to connect out without the user being warned about it. That
has *nothing* to do with the intellectual laziness of users. It has to
do with unreliable or defective software. Software which does'nt do
what the vendor claims it does.

You cannot expect every computer user to be a techie who knows how to
"properly configure a firewall" - that's unfair. They don't know what
a firewall does - and have no itention to learn. They just want to be
protected while doing other, to them, more important things.

If a user wants to practice "security by faith," he pretty much deserves
whatever malware he gets.


Sorry, but you really are arrogant. You sound exactly like many IT
supporters who are convinced that users are wrong by default and that
every problem is a PEBKAC issue until proven otherwise.

/B. Nice


----
[1] Pasted from ZoneLabs web-site (the feature comparison chart).
About the features available in ZA free:

* Guards the network perimeter from inbound and outbound threats with
the world's #1 firewall

* Prevents spyware and other malicious programs from sending your
personal information across the Internet

* Automatically makes your computer invisible to anyone on the
Internet

* Protects your programs from malware
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 11:58 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.