If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
RoS wrote:
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup. The last three presumably should be installed on a new XP machine? But does the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this nature. If one has something like Partition Magic, is it preferable to use it? RoS WinXP's built-in firewall is adequate at stopping incoming attacks, and hiding your ports from probes. What WinXP SP2's firewall does not do, is protect you from any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the Windows Firewall is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized. ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in firewall, and are much more easily configured, and there are free versions of each readily available. Even the commercially available Symantec's Norton Personal Firewall is superior by far, although it does take a heavier toll of system performance then do ZoneAlarm or Sygate. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH |
Ads |
#17
|
|||
|
|||
Husky, ask yourself this... will a reformat stop a *BOOT* VIRUS?? or will it
only stop viruses that are on your harddrive? use your head one program that i use that seems to be much better than Zone Alarm is Kerio Personal Firewall. it's a great program, tells you *everything* that goes on in your system, such as which programs are starting which programs, whether you want to start such-and-such program or not, as well as whether you want such-and-such program to accept connections or send a connection to the internet. if you *really* want a solution for viruses, get Linux. it's another OS (operating system) that's MUCH better than anything windoze has ever been able to come up with. it's designed after Unix, which is THE most stable OS *ever* made. best part is, it's too hard to get into, and windoze viruses don't work on it. even better than that, is that it's FREE. it's shareware, but it falls nowhere close to categories that include any file-sharing programs such as Kazaa. there are many distributions of Linux, only a few of which you have to pay for, like Red Hat, but it's also the most customizable OS out there. check out Linux.com for some of the various distributions. Like Ken said, "You are, therefore, much better off devoting your time, energy, and money to making your system secure than making an insecure system slightly less insecure." if you Really want to make your system secure, for one, don't use Internet Explorer. use something like Mozilla, Opera, or Netscape. another thing you can do is keep an eye on programs that are installed on your computer (My Computer -- Control Panel -- Add/Remove Programs), and also keep an eye on what tasks are running (Start -- Run -- taskmgr.exe). if you REALLY want your computer to be secure, disconnect it from the internet. Ken, just so you know... windoze ITSELF is insecure... even the xpsp2 firewall sucks, it doesn't stop everything, and many of the things it doesn't stop can be damaging to your computer. also, if you want to access an ftp server, you always have to disable the firewall before you can do so. using something like Kerio saves you from having to continuously open the firewall settings, disabling it, and then enabling it again, because all you get is a program-generated popup asking if you want to allow the outgoing connection once, or if you want to allow it all the time. Even more generally, a good rule of thumb about XP is that the less you mess with how it was designed to run, the better it will operate. It is currently designed to run with the Windows firewall, working in conjunction with an antivirus program that the user must install separately. It is a good design. Don't mess with it. Now, what happens if you want it to run the way that YOU want it to run, rather than the way the people who wrote the OS want it to run? i'll tell you, it messes up. when it first came out, i installed xpsp2, which turned out to be a BIG mistake. my computer started processing a lot slower, ftp access was denied (happened a few times even when the windoze firewall was disabled), and when i tried to uninstall it, the uninstaller froze and i had to re-format and re-install everything. i also tried installing NVidea drivers on a non-NVidea card, xp messed up. installed IIS so i could run an ftp server, xp messed up. changed IE settings, IE messed up. think about those for a while, before you start again to talk about how good windoze is. note: i have made *many* changes to my Linux box running Mdk (Mandrake), and nothing's gone wrong so far. |
#18
|
|||
|
|||
Can you say "Can of worms"?
I have this discussion with my clients on a regular basis. Two questions: Do you know how to determine if an application requesting outbound connection is legit? Do you want to know how to make that determination and are you willing to do the legwork? There is also the final issue: Once the nasty is loose on your machine, what guarantee is there that it hasn't compromised the outbound scanner? And the challenge for those that are "in the know", can you guarantee that it is utterly impossible to compromise the outbound scanner? Hint: MD5 is compromised; piggy backing; proof of concepts already exist to compromise any client side firewall you care to name some of which have been addressed and some of which haven't; I can and have hand killed a firewall and had unfettered access... I'd leave ZA off unless you want to do the legwork to research polite code that's attempting to reach out. PM is a different story, but that depends on your needs. If you're actively repartitioning then you'll need a 3rd party tool. Personally I switched to BootItNG about the time that PM5 came out and haven't looked back since. -- Walter Clayton Any technology distinguishable from magic is insufficiently advanced. "RoS" wrote in message ... I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup. The last three presumably should be installed on a new XP machine? But does the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this nature. If one has something like Partition Magic, is it preferable to use it? RoS |
#19
|
|||
|
|||
Nice to see your great info, even though via a cross, Walter. w
-- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? I have this discussion with my clients on a regular basis. Two questions: Do you know how to determine if an application requesting outbound connection is legit? Do you want to know how to make that determination and are you willing to do the legwork? There is also the final issue: Once the nasty is loose on your machine, what guarantee is there that it hasn't compromised the outbound scanner? And the challenge for those that are "in the know", can you guarantee that it is utterly impossible to compromise the outbound scanner? Hint: MD5 is compromised; piggy backing; proof of concepts already exist to compromise any client side firewall you care to name some of which have been addressed and some of which haven't; I can and have hand killed a firewall and had unfettered access... I'd leave ZA off unless you want to do the legwork to research polite code that's attempting to reach out. PM is a different story, but that depends on your needs. If you're actively repartitioning then you'll need a 3rd party tool. Personally I switched to BootItNG about the time that PM5 came out and haven't looked back since. -- Walter Clayton Any technology distinguishable from magic is insufficiently advanced. "RoS" wrote in message ... I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup. The last three presumably should be installed on a new XP machine? But does the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this nature. If one has something like Partition Magic, is it preferable to use it? RoS |
#20
|
|||
|
|||
"Leythos" schrieb im Newsbeitrag
... On Tue, 29 Mar 2005 19:40:25 -0700, Bruce Chambers wrote: WinXP's built-in firewall is adequate at stopping incoming attacks, and hiding your ports from probes. ... Most applications can now create exceptions for their own use, many applications do it, and users have no clue. ... Sorry, but that is not true. The exception list (or any setting in regards to the XP-Firewall) can only be changed while logged on as administrator. Programms running under a normal user account (or even the user himself) can't change ANYTHING to the settings of the XPF. So if you have seen this problems, I ask you why the hell are you working with an administrator account? It's one of the first things that every professional learns in regards to security, that you should NEVER EVER work with an account that has administrator access. Only use that to configure the system, nothing more. -- David R. MCP |
#21
|
|||
|
|||
On Tue, 29 Mar 2005 19:11:02 -0800, "Use the Penguin, not the Butterfly!" Use
the Penguin, not the wrote: if you *really* want a solution for viruses, get Linux. it's another OS A myth. The reason linux boxes aren't a problem is because virii go after the primary OS worldwide and that's windows. If the OS can run a program, it can run a virus or a Trojan. No one's building virus for linux cause it's such a small minority of the usage. Ken, just so you know... windoze ITSELF is insecure... even the xpsp2 firewall sucks, it doesn't stop everything, and many of the things it doesn't No disagreement, I switched from ZA to Trends built in everything firewall, virus, spam filters etc.. It's caught everything. And then there's the 24 hour FREE email support. I can only hope they don't change policies and follow the others to bring in more cash by selling the system in bits and pieces. 24.95 for firewall, 24.95 for spam protection, 24.95 for virus protection. with FREE hourly updates. stop can be damaging to your computer. also, if you want to access an ftp server, you always have to disable the firewall before you can do so. using something like Kerio saves you from having to continuously open the firewall settings, disabling it, and then enabling it again, because all you get is a program-generated popup asking if you want to allow the outgoing connection once, or if you want to allow it all the time. Or you can switch to Trend. And not mess with any popup's. disabled), and when i tried to uninstall it, the uninstaller froze and i had to re-format and re-install everything. i also tried installing NVidea drivers on a non-NVidea card, xp messed up. installed IIS so i could run an XP Messed up ? You tried to install incompatible software and the OS messed up ? ftp server, xp messed up. changed IE settings, IE messed up. think about those for a while, before you start again to talk about how good windoze is. note: i have made *many* changes to my Linux box running Mdk (Mandrake), and nothing's gone wrong so far. I use windows because the Amiga is no longer supported, and the Macintosh is just hanging on. Both systems are superior to windows in every way. But I'd no more consider them, linux, or C= 64, than buying wooden wheels. Did you use the www.grc.com link and see just how vulnerable you really are with your not being concerned about outgoing traffic attitude ? did you learn anything from the www.dshield.org link ? -- more pix @ http://members.toast.net/cbminfo/index.html |
#22
|
|||
|
|||
And besides, he screws up all our fun with all that logic stuff!:-)
I have to agree with a lot of what Walter says because it's self-evident. It doesn't happen as often now, perhaps because users are more experienced. However, we used to see tons of posts from people with no experience with firewalls who installed them for the first time asking for information about what they should allow and what they should block. It's not that difficult to figure out but it does take time before you understand what things should have access or to be more precise are relatively benign, hence no harm in allowing them versus things which you might not recognize and need to do some research. Of course, that opens another can of worms, if you allow something, even something you understand and realize is necessary for you to be able to access most websites or do so without being shortchanged on what you are able to view at most websites, is it not possible that any one of those things might be exploited and the answer is yes. That said, I think I would rather know when there is outgoing information. If something is going to try such an exploit, it probably would trigger your antivirus software and even if it was unable to stop the activity, this would certainly give the user clear warning something is going on and given the number of "always on" broadband connections, it gives the opportunity for user intervention as you can very quickly pull the power plug on that broadband modem and shutdown all activity. So, I guess to some extent, it's a matter of personal taste whether or not you are willing to pay the price in the beginning, not panic over the inundation of alerts of outgoing connections and wish to take the time to do a little research. There is an upside to that research. You will learn a lot about your PC, you'll learn a lot about various services, what they do, what they mean and you will eventually become familiar enough that you will likely recognize if something strange or unfamiliar is trying to access the Internet and take appropriate action to stop it until you find out what it is and what it's all about. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Kelly" wrote in message ... Nice to see your great info, even though via a cross, Walter. w -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? |
#23
|
|||
|
|||
"Walter Clayton" wrote:
[...] And the challenge for those that are "in the know", can you guarantee that it is utterly impossible to compromise the outbound scanner? Hint: MD5 is compromised; piggy backing; proof of concepts already exist to compromise any client side firewall you care to name some of which have been addressed and some of which haven't; I can and have hand killed a firewall and had unfettered access... I have used lots of arguments against third party firewalls, but never this one because I don't have first hand knowledge that any outbound scanner has been compromised. However, it seems to me that if the crudware gets on your machine, you are already screwed anyway and you can never trust your computer again. If this ever happened to me, I would simply invest three or four hours and do a clean reinstall, then figure out what the heck happened and resolve never to allow it to happen again. I'd leave ZA off unless you want to do the legwork to research polite code that's attempting to reach out. ZA has caused me more serious problems than this one, but I'll comment anyway. Crudware never gets on my machine (I use far more effective defenses than a third party firewall, which is actually no defense at all), so by definition every outbound communication is legitimate and either harmless or beneficial to me -- yet I am constantly prompted to decide whether to allow some particular program to access the Internet. Ken |
#24
|
|||
|
|||
Pssst.
Privilege elevation is child's play. ;-) -- Walter Clayton Any technology distinguishable from magic is insufficiently advanced. "David R." wrote in message ... "Leythos" schrieb im Newsbeitrag ... On Tue, 29 Mar 2005 19:40:25 -0700, Bruce Chambers wrote: WinXP's built-in firewall is adequate at stopping incoming attacks, and hiding your ports from probes. ... Most applications can now create exceptions for their own use, many applications do it, and users have no clue. ... Sorry, but that is not true. The exception list (or any setting in regards to the XP-Firewall) can only be changed while logged on as administrator. Programms running under a normal user account (or even the user himself) can't change ANYTHING to the settings of the XPF. So if you have seen this problems, I ask you why the hell are you working with an administrator account? It's one of the first things that every professional learns in regards to security, that you should NEVER EVER work with an account that has administrator access. Only use that to configure the system, nothing more. -- David R. MCP |
#25
|
|||
|
|||
I hear you, Michael. But "we" know the value of Walter's words. And again,
is always great to read them. Miss him, too! Beings many of the 'greats' are still in Win98 and never showed via XP, am really starting to wonder if they will surface during LH. ( -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Michael Solomon (MS-MVP)" wrote in message ... And besides, he screws up all our fun with all that logic stuff!:-) I have to agree with a lot of what Walter says because it's self-evident. It doesn't happen as often now, perhaps because users are more experienced. However, we used to see tons of posts from people with no experience with firewalls who installed them for the first time asking for information about what they should allow and what they should block. It's not that difficult to figure out but it does take time before you understand what things should have access or to be more precise are relatively benign, hence no harm in allowing them versus things which you might not recognize and need to do some research. Of course, that opens another can of worms, if you allow something, even something you understand and realize is necessary for you to be able to access most websites or do so without being shortchanged on what you are able to view at most websites, is it not possible that any one of those things might be exploited and the answer is yes. That said, I think I would rather know when there is outgoing information. If something is going to try such an exploit, it probably would trigger your antivirus software and even if it was unable to stop the activity, this would certainly give the user clear warning something is going on and given the number of "always on" broadband connections, it gives the opportunity for user intervention as you can very quickly pull the power plug on that broadband modem and shutdown all activity. So, I guess to some extent, it's a matter of personal taste whether or not you are willing to pay the price in the beginning, not panic over the inundation of alerts of outgoing connections and wish to take the time to do a little research. There is an upside to that research. You will learn a lot about your PC, you'll learn a lot about various services, what they do, what they mean and you will eventually become familiar enough that you will likely recognize if something strange or unfamiliar is trying to access the Internet and take appropriate action to stop it until you find out what it is and what it's all about. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Kelly" wrote in message ... Nice to see your great info, even though via a cross, Walter. w -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? |
#26
|
|||
|
|||
"David R." wrote in message
Sorry, but that is not true. The exception list (or any setting in regards to the XP-Firewall) can only be changed while logged on as administrator. Programms running under a normal user account (or even the user himself) can't change ANYTHING to the settings of the XPF. So if you have seen this problems, I ask you why the hell are you working with an administrator account? It's one of the first things that every professional learns in regards to security, that you should NEVER EVER work with an account that has administrator access. Only use that to configure the system, nothing more. -- David R. MCP How does one change from an Admin. account to a Limited, for Email and Web access and keep Desktop settings and programs installed under Admin? K |
#27
|
|||
|
|||
In response to Michael and Kelly, IMO the "we" Kelly refers to are deserving
of your level of insight and outlook and even an esoteric joke or two on us fools who jump blindly into the sea of technology and try to get some of it to work. For example, I agree with Michael that it is important for an inexperienced user to explore incoming and outgoing alerts and requests as a means to learning. After using a college's computers for years with no responsibilties or authority, I bought this big ol' PC four years ago and jumped right in, reading Langa and Kelly's website, lurking on forums like this one, asking questions of you experts, trying every type of security app anybody recommended until at this point I have a security battery that seems to work together and is set up to provide alerts to as much info as to what is going on online as I can get, so far. Beyond that I also scan for malware on a regular basis with a variety of tools that are supposedly faithful. I have become very good at using applications of all kinds because I am a skilled learner. I am as diligent on a daily basis as I can be because I know, in relative terms, I am always going to be inexperienced at many, many things. The thing is, I didn't buy this PC to become a computer scientist, and as amazed with technology and curious as I am to keep on top of advances, including threats (I subscribe to more PC newsletters than I have time to read); and understand all the neat processes, the raison d'etre of this PC is primarily to do my work. Inasmuch as there are probably many more people like me than there are experts, as well as, I'll bet, a majority who will never even read a newsgroup, there is a burden placed on all of us unecessarily, I think. Those of you who have expertise give plenty of yourselves on these forums and newsgroups with endless appreciation from us "...for Dummies" readers. I myself, a college grad, have to research, often endlessly, for simple answers (once they are found) to solve what are sometimes huge obstacles hampering computing, and I am a pretty good researcher. In my opinion it is the responsibility of the Microsofts, Apples, Mozillas, etc. to employ educators more effectively--not just scientists and programmers, but educators that could work on ways to use this enormous tool more educationally effective. I can think of as many ways computing for the layman could be made more simple and more safe as there are problematic situations that appear out of the blue, and all of them center on getting the right information to the user more effectively. I can't help but be amazed that a photographic process that used to take hours in a color lab is now accomplished with a few mouseclicks, but frustrated that those answers that it takes so much work to find about this PC could also be a few clicks away if links to them were always automatically provided in pace with the problematic processes. One good example is the user you describe who gets alerts but doesn't know what to do with them: following the "INFO" tab in ZoneAlarm after an alert is, more often than not, meaningless. What good is that alert to me when I am busy in the middle of a job if ZA can't even explain it? Like you say, that may be just a repeat alert that has come up benignly in the past, but today it may have turned deadly. Why can't I right-click on ANYTHING and be connected to an "answer-machine" that has been set up by a department of educational experts cooperating with scientists so I can solve a problem right now? An alert that says "explorer.exe wants to act as a server" should be right-clickable for an immediate answer, and not from ZA's programmers, but from an MS department-- and for safety, analyzed right there for viruses that are trying to spread. In my mind Microsoft gets paid well enough to accept that responsibility. Then, why not, "you had a worm because of a buffer overflow and both have been fixed", or "You have a buffer overflow, (or whatever), click here to fix it. If you're not a server, forget it. If it messes anything up you can toggle it on and off as necessary by clicking here" instead of "go to MS KB 43298056 and read the whole page to see if this only applies to beige PCs on a LAN with an orange-colored router v. l.3.3.345. Don't know the version?--get out your manual...". The flow of information needs to follow levels: Basic first, maybe quick; difficult if you need it. So I can be safe and still get some work done. Simplicity and redundancy should be the goal of technology, not complication. Maybe so long as every new buffer overflow spawns a new industry, the status quo will self-perpetuate. No mater what, experts like you all will always be needed that are able to see the larger picture, because guys like me are trying, but are resigned to barely keeping up because even brilliant scientific innovators cannot be expected to be specialists in teaching us the stuff on levels that universally apply. Buddy "Kelly" wrote in message ... I hear you, Michael. But "we" know the value of Walter's words. And again, is always great to read them. Miss him, too! Beings many of the 'greats' are still in Win98 and never showed via XP, am really starting to wonder if they will surface during LH. ( -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Michael Solomon (MS-MVP)" wrote in message ... And besides, he screws up all our fun with all that logic stuff!:-) I have to agree with a lot of what Walter says because it's self-evident. It doesn't happen as often now, perhaps because users are more experienced. However, we used to see tons of posts from people with no experience with firewalls who installed them for the first time asking for information about what they should allow and what they should block. It's not that difficult to figure out but it does take time before you understand what things should have access or to be more precise are relatively benign, hence no harm in allowing them versus things which you might not recognize and need to do some research. Of course, that opens another can of worms, if you allow something, even something you understand and realize is necessary for you to be able to access most websites or do so without being shortchanged on what you are able to view at most websites, is it not possible that any one of those things might be exploited and the answer is yes. That said, I think I would rather know when there is outgoing information. If something is going to try such an exploit, it probably would trigger your antivirus software and even if it was unable to stop the activity, this would certainly give the user clear warning something is going on and given the number of "always on" broadband connections, it gives the opportunity for user intervention as you can very quickly pull the power plug on that broadband modem and shutdown all activity. So, I guess to some extent, it's a matter of personal taste whether or not you are willing to pay the price in the beginning, not panic over the inundation of alerts of outgoing connections and wish to take the time to do a little research. There is an upside to that research. You will learn a lot about your PC, you'll learn a lot about various services, what they do, what they mean and you will eventually become familiar enough that you will likely recognize if something strange or unfamiliar is trying to access the Internet and take appropriate action to stop it until you find out what it is and what it's all about. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Kelly" wrote in message ... Nice to see your great info, even though via a cross, Walter. w -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? |
#28
|
|||
|
|||
On Thu, 31 Mar 2005 14:34:35 -0600, "Buddy" wrote:
One good example is the user you describe who gets alerts but doesn't know what to do with them: following the "INFO" tab in ZoneAlarm after an alert is, more often than not, meaningless. What good is that alert to me when I am busy in the middle of a job if ZA can't even explain it? Like you say, That's one of ZA's drawbacks. I can hand you my daily logs, I average maybe 1-2000 hits a day. On average only about 5 or 6 of those can be classified as malicious. I used to use ZA. It's got hundreds of bells and whistles. And there's no disagreement that it has a very simple user interface and even simpler setup. Making it ideal for beginners with firewall's. Trouble is when you're only getting maybe 5 or 6 attempts daily to access your machine, and those may be attempting to access a number assigned previously IOW: false attacks also, on dial up if you follow even one of ZA's alerts, that's most likely overkill on your part. But ZA is ultra programmable by the user so you can put those alerts on ignore. Making ZA worthwhile as a firewall. And if you want a report on this, add www.dshield.org to your paranoia arsenal and help those that don't believe in firewall's or don't think they need one. that may be just a repeat alert that has come up benignly in the past, but today it may have turned deadly. Why can't I right-click on ANYTHING and be connected to an "answer-machine" that has been set up by a department of educational experts cooperating with scientists so I can solve a problem right now? An alert that says "explorer.exe wants to act as a server" should be right-clickable for an immediate answer, and not from ZA's programmers, but from an MS department-- and for safety, analyzed right there for viruses that are trying to spread. In my mind Microsoft gets paid well enough to accept that responsibility. Read above, most of those alerts you get aren't worth bothering with. -- more pix @ http://members.toast.net/cbminfo/index.html |
#29
|
|||
|
|||
Yes, the goal of keeping it simple seems to have been lost over the years.
That and it seems the system designers have forgotten the greatest single reason for devices such as PCs and virtually all modern appliances, "convenience." We don't purchase a PC to work on it, we purchase a PC to work for us. If a user wishes to work on it, there are plenty of options for the "backyard mechanic" and he certainly can purchase a PC for whatever reason. However, the primary reason these devices exist is to provide us with a convenience and perform services for us. That said, much as I agree with you about what should be done with regard to errors, I think it is important to understand how difficult what you suggest might be to put in place. First, there are often many things that can lead to the same generic error. One of the reasons for the error reports is to build a database of known issues and what applications, drivers, DLLs, etc. might be involved. One, this gives Microsoft information about what it needs to address and two, it alerts them to problem software or hardware. And, therein lies the tail of the dog. Not to be argumentative and please don't take anything I'm saying as disagreement with your primary premise as I agree, what you say is how it should be. However, because the platform is not generic and the multitude of hardware and software variations, heck an OEM driver can differ from a retail driver for what is otherwise the same device, the whole idea becomes extremely problematic. When people talk about a Mac not having the same types of conflicts as the PC and ask why the PC cannot match a Mac for stability they are speaking either from ignorance or they are trolls looking to stir up an argument in newsgroups such as these. The Mac has its legendary stability because Apple keeps tight control over the platform. It's easier to write help files, easier to write specific references with regard to errors, it's easier to create drivers, write applications and maintain overall system integrity. With a PC, I'm amazed sometimes that it works at all given all the different hardware, software, chipsets, motherboards and on and on. That doesn't mean I think the error reference handling for users cannot be improved, I'm just stating the reasons why it's so difficult. Further, these are not closed systems and when they attempted to sell such systems that could not be upgraded, users rebelled and wouldn't buy them. Then, there's the cost/price benefit which in and of itself has exacerbated the very issues of which you speak. While manufacturer's have used all sorts of schemes to lower their costs, everything from not supplying the user with a CD of the OS to using cheap parts suppliers who may not be as well schooled in writing drivers or as good about maintaining and updating their drivers, one of the single greatest causes of problems on a PC, they have nonetheless, used these cost benefits to lower the price and that has turned the PC into a mass market item and frankly, the PC is too complex for that. And, that exacerbates the problem, making user error a major cause of problems as well. In addition, there are all sorts of applications that can help the unwary user get into a lot of trouble, all sorts of utilities, registry cleaners, utilities that modify files or make modifications to the setup, all of which are things over which Microsoft has no control and would be virtually impossible for them to anticipate and, as such, write a useful response. Hence, we have things such as System Restore which is sort of a catch all but basically is meant to restore system settings and the registry, a repair install, something the user only has if they have a retail CD or an OEM that is equivalent and identical to a retail CD and the recovery console which is not only too complicated for most users but often requires access to help files and explanations that can only be had if the system is booted...in other words, useless if they can't boot, yet, that is the primary reason for its existence. That one, Microsoft can control and I expect it will improve in future iterations of Windows. I agree almost totally with what you see as problems and certainly see the value of the types of responses you have outlined, some of which can be implemented. Unfortunately, I think you and many others would still find the system woefully lacking because of all the variables that cannot be anticipated. You don't need to be a mechanic to drive a car. Unfortunately, we have not quite gotten to the point where you truly need no computer knowledge in order to operate a PC. A user may start out that way but, eventually, the very nature of the system, updates, upgrades, etc. will eventually catch up with them. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Buddy" wrote in message ... In response to Michael and Kelly, IMO the "we" Kelly refers to are deserving of your level of insight and outlook and even an esoteric joke or two on us fools who jump blindly into the sea of technology and try to get some of it to work. For example, I agree with Michael that it is important for an inexperienced user to explore incoming and outgoing alerts and requests as a means to learning. After using a college's computers for years with no responsibilties or authority, I bought this big ol' PC four years ago and jumped right in, reading Langa and Kelly's website, lurking on forums like this one, asking questions of you experts, trying every type of security app anybody recommended until at this point I have a security battery that seems to work together and is set up to provide alerts to as much info as to what is going on online as I can get, so far. Beyond that I also scan for malware on a regular basis with a variety of tools that are supposedly faithful. I have become very good at using applications of all kinds because I am a skilled learner. I am as diligent on a daily basis as I can be because I know, in relative terms, I am always going to be inexperienced at many, many things. The thing is, I didn't buy this PC to become a computer scientist, and as amazed with technology and curious as I am to keep on top of advances, including threats (I subscribe to more PC newsletters than I have time to read); and understand all the neat processes, the raison d'etre of this PC is primarily to do my work. Inasmuch as there are probably many more people like me than there are experts, as well as, I'll bet, a majority who will never even read a newsgroup, there is a burden placed on all of us unecessarily, I think. Those of you who have expertise give plenty of yourselves on these forums and newsgroups with endless appreciation from us "...for Dummies" readers. I myself, a college grad, have to research, often endlessly, for simple answers (once they are found) to solve what are sometimes huge obstacles hampering computing, and I am a pretty good researcher. In my opinion it is the responsibility of the Microsofts, Apples, Mozillas, etc. to employ educators more effectively--not just scientists and programmers, but educators that could work on ways to use this enormous tool more educationally effective. I can think of as many ways computing for the layman could be made more simple and more safe as there are problematic situations that appear out of the blue, and all of them center on getting the right information to the user more effectively. I can't help but be amazed that a photographic process that used to take hours in a color lab is now accomplished with a few mouseclicks, but frustrated that those answers that it takes so much work to find about this PC could also be a few clicks away if links to them were always automatically provided in pace with the problematic processes. One good example is the user you describe who gets alerts but doesn't know what to do with them: following the "INFO" tab in ZoneAlarm after an alert is, more often than not, meaningless. What good is that alert to me when I am busy in the middle of a job if ZA can't even explain it? Like you say, that may be just a repeat alert that has come up benignly in the past, but today it may have turned deadly. Why can't I right-click on ANYTHING and be connected to an "answer-machine" that has been set up by a department of educational experts cooperating with scientists so I can solve a problem right now? An alert that says "explorer.exe wants to act as a server" should be right-clickable for an immediate answer, and not from ZA's programmers, but from an MS department-- and for safety, analyzed right there for viruses that are trying to spread. In my mind Microsoft gets paid well enough to accept that responsibility. Then, why not, "you had a worm because of a buffer overflow and both have been fixed", or "You have a buffer overflow, (or whatever), click here to fix it. If you're not a server, forget it. If it messes anything up you can toggle it on and off as necessary by clicking here" instead of "go to MS KB 43298056 and read the whole page to see if this only applies to beige PCs on a LAN with an orange-colored router v. l.3.3.345. Don't know the version?--get out your manual...". The flow of information needs to follow levels: Basic first, maybe quick; difficult if you need it. So I can be safe and still get some work done. Simplicity and redundancy should be the goal of technology, not complication. Maybe so long as every new buffer overflow spawns a new industry, the status quo will self-perpetuate. No mater what, experts like you all will always be needed that are able to see the larger picture, because guys like me are trying, but are resigned to barely keeping up because even brilliant scientific innovators cannot be expected to be specialists in teaching us the stuff on levels that universally apply. Buddy "Kelly" wrote in message ... I hear you, Michael. But "we" know the value of Walter's words. And again, is always great to read them. Miss him, too! Beings many of the 'greats' are still in Win98 and never showed via XP, am really starting to wonder if they will surface during LH. ( -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Michael Solomon (MS-MVP)" wrote in message ... And besides, he screws up all our fun with all that logic stuff!:-) I have to agree with a lot of what Walter says because it's self-evident. It doesn't happen as often now, perhaps because users are more experienced. However, we used to see tons of posts from people with no experience with firewalls who installed them for the first time asking for information about what they should allow and what they should block. It's not that difficult to figure out but it does take time before you understand what things should have access or to be more precise are relatively benign, hence no harm in allowing them versus things which you might not recognize and need to do some research. Of course, that opens another can of worms, if you allow something, even something you understand and realize is necessary for you to be able to access most websites or do so without being shortchanged on what you are able to view at most websites, is it not possible that any one of those things might be exploited and the answer is yes. That said, I think I would rather know when there is outgoing information. If something is going to try such an exploit, it probably would trigger your antivirus software and even if it was unable to stop the activity, this would certainly give the user clear warning something is going on and given the number of "always on" broadband connections, it gives the opportunity for user intervention as you can very quickly pull the power plug on that broadband modem and shutdown all activity. So, I guess to some extent, it's a matter of personal taste whether or not you are willing to pay the price in the beginning, not panic over the inundation of alerts of outgoing connections and wish to take the time to do a little research. There is an upside to that research. You will learn a lot about your PC, you'll learn a lot about various services, what they do, what they mean and you will eventually become familiar enough that you will likely recognize if something strange or unfamiliar is trying to access the Internet and take appropriate action to stop it until you find out what it is and what it's all about. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Kelly" wrote in message ... Nice to see your great info, even though via a cross, Walter. w -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? |
#30
|
|||
|
|||
Wow, you are some writer, Buddy. ) As for the "we" only meant that
Walter isn't known in the XP groups. Nothing harmful or insulting from it, was my intention. -- All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Buddy" wrote in message ... In response to Michael and Kelly, IMO the "we" Kelly refers to are deserving of your level of insight and outlook and even an esoteric joke or two on us fools who jump blindly into the sea of technology and try to get some of it to work. For example, I agree with Michael that it is important for an inexperienced user to explore incoming and outgoing alerts and requests as a means to learning. After using a college's computers for years with no responsibilties or authority, I bought this big ol' PC four years ago and jumped right in, reading Langa and Kelly's website, lurking on forums like this one, asking questions of you experts, trying every type of security app anybody recommended until at this point I have a security battery that seems to work together and is set up to provide alerts to as much info as to what is going on online as I can get, so far. Beyond that I also scan for malware on a regular basis with a variety of tools that are supposedly faithful. I have become very good at using applications of all kinds because I am a skilled learner. I am as diligent on a daily basis as I can be because I know, in relative terms, I am always going to be inexperienced at many, many things. The thing is, I didn't buy this PC to become a computer scientist, and as amazed with technology and curious as I am to keep on top of advances, including threats (I subscribe to more PC newsletters than I have time to read); and understand all the neat processes, the raison d'etre of this PC is primarily to do my work. Inasmuch as there are probably many more people like me than there are experts, as well as, I'll bet, a majority who will never even read a newsgroup, there is a burden placed on all of us unecessarily, I think. Those of you who have expertise give plenty of yourselves on these forums and newsgroups with endless appreciation from us "...for Dummies" readers. I myself, a college grad, have to research, often endlessly, for simple answers (once they are found) to solve what are sometimes huge obstacles hampering computing, and I am a pretty good researcher. In my opinion it is the responsibility of the Microsofts, Apples, Mozillas, etc. to employ educators more effectively--not just scientists and programmers, but educators that could work on ways to use this enormous tool more educationally effective. I can think of as many ways computing for the layman could be made more simple and more safe as there are problematic situations that appear out of the blue, and all of them center on getting the right information to the user more effectively. I can't help but be amazed that a photographic process that used to take hours in a color lab is now accomplished with a few mouseclicks, but frustrated that those answers that it takes so much work to find about this PC could also be a few clicks away if links to them were always automatically provided in pace with the problematic processes. One good example is the user you describe who gets alerts but doesn't know what to do with them: following the "INFO" tab in ZoneAlarm after an alert is, more often than not, meaningless. What good is that alert to me when I am busy in the middle of a job if ZA can't even explain it? Like you say, that may be just a repeat alert that has come up benignly in the past, but today it may have turned deadly. Why can't I right-click on ANYTHING and be connected to an "answer-machine" that has been set up by a department of educational experts cooperating with scientists so I can solve a problem right now? An alert that says "explorer.exe wants to act as a server" should be right-clickable for an immediate answer, and not from ZA's programmers, but from an MS department-- and for safety, analyzed right there for viruses that are trying to spread. In my mind Microsoft gets paid well enough to accept that responsibility. Then, why not, "you had a worm because of a buffer overflow and both have been fixed", or "You have a buffer overflow, (or whatever), click here to fix it. If you're not a server, forget it. If it messes anything up you can toggle it on and off as necessary by clicking here" instead of "go to MS KB 43298056 and read the whole page to see if this only applies to beige PCs on a LAN with an orange-colored router v. l.3.3.345. Don't know the version?--get out your manual...". The flow of information needs to follow levels: Basic first, maybe quick; difficult if you need it. So I can be safe and still get some work done. Simplicity and redundancy should be the goal of technology, not complication. Maybe so long as every new buffer overflow spawns a new industry, the status quo will self-perpetuate. No mater what, experts like you all will always be needed that are able to see the larger picture, because guys like me are trying, but are resigned to barely keeping up because even brilliant scientific innovators cannot be expected to be specialists in teaching us the stuff on levels that universally apply. Buddy "Kelly" wrote in message ... I hear you, Michael. But "we" know the value of Walter's words. And again, is always great to read them. Miss him, too! Beings many of the 'greats' are still in Win98 and never showed via XP, am really starting to wonder if they will surface during LH. ( -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Michael Solomon (MS-MVP)" wrote in message ... And besides, he screws up all our fun with all that logic stuff!:-) I have to agree with a lot of what Walter says because it's self-evident. It doesn't happen as often now, perhaps because users are more experienced. However, we used to see tons of posts from people with no experience with firewalls who installed them for the first time asking for information about what they should allow and what they should block. It's not that difficult to figure out but it does take time before you understand what things should have access or to be more precise are relatively benign, hence no harm in allowing them versus things which you might not recognize and need to do some research. Of course, that opens another can of worms, if you allow something, even something you understand and realize is necessary for you to be able to access most websites or do so without being shortchanged on what you are able to view at most websites, is it not possible that any one of those things might be exploited and the answer is yes. That said, I think I would rather know when there is outgoing information. If something is going to try such an exploit, it probably would trigger your antivirus software and even if it was unable to stop the activity, this would certainly give the user clear warning something is going on and given the number of "always on" broadband connections, it gives the opportunity for user intervention as you can very quickly pull the power plug on that broadband modem and shutdown all activity. So, I guess to some extent, it's a matter of personal taste whether or not you are willing to pay the price in the beginning, not panic over the inundation of alerts of outgoing connections and wish to take the time to do a little research. There is an upside to that research. You will learn a lot about your PC, you'll learn a lot about various services, what they do, what they mean and you will eventually become familiar enough that you will likely recognize if something strange or unfamiliar is trying to access the Internet and take appropriate action to stop it until you find out what it is and what it's all about. -- In memory of our dear friend, MVP Alex Nichol. Michael Solomon MS-MVP Windows Shell/User https://mvp.support.microsoft.com/communities/mvp.aspx Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Kelly" wrote in message ... Nice to see your great info, even though via a cross, Walter. w -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Walter Clayton" wrote in message ... Can you say "Can of worms"? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
xp sp2 built-in firewall | Clo | Windows Service Pack 2 | 8 | March 17th 05 11:17 PM |
How can I kill IE?!?!?!!? | Galen | General XP issues or comments | 75 | February 16th 05 08:57 PM |
Is software firewall nessasery if hardware is available? | paul dallaire | Security and Administration with Windows XP | 18 | February 16th 05 03:15 AM |
Life is beautiful pps | Henry Stable | General XP issues or comments | 11 | January 29th 05 12:40 PM |
XP2 and the Firewall | Simon Hughes | Windows XP Help and Support | 5 | January 25th 05 02:02 PM |