A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

does windows Firewall block "outgoing" traffics?



 
 
Thread Tools Display Modes
  #1  
Old August 7th 06, 12:33 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
cfman
external usenet poster
 
Posts: 179
Default does windows Firewall block "outgoing" traffics?

Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...


Ads
  #2  
Old August 7th 06, 01:03 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default does windows Firewall block "outgoing" traffics?

cfman wrote:
Can I prevent some unrecognized network communications which are
originated from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are
making outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever
there is a software that wants to make outgoing traffice, the
blocker will raise an alarm and let me know so I will be able to
know where do these programs hide...


Not innately.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old August 7th 06, 01:12 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
Ken Blake, MVP
external usenet poster
 
Posts: 10,402
Default does windows Firewall block "outgoing" traffics?

cfman wrote:

Can I prevent some unrecognized network communications which are
originated from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are
making outgoing or outbound network communications.

Can I prevent any such network traffic from happening?



Yes, but not with the built-in Windows firewall. That it can not do this is
probably its biggest disadvantage.

Almost any third-party can do this, and is therefore a better choice.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup


Ideally, if I set an option to block all outgoing traffic, whenever
there is a software that wants to make outgoing traffice, the blocker
will raise an alarm and let me know so I will be able to know where
do these programs hide...



  #4  
Old August 7th 06, 01:40 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
No_Name
external usenet poster
 
Posts: 699
Default does windows Firewall block "outgoing" traffics?

"cfman" wrote:

Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...


Use Leaktest to test your firewall program (and don't use windows
firewall) http://www.grc.com/lt/leaktest.htm

Just a small file that phones home - see if your firewall can stop it.

--
Bump Key - Open any lock
http://www.youtube.com/watch?v=7Uv45...rch=bump%20key
  #5  
Old August 7th 06, 02:38 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
Bruce Chambers
external usenet poster
 
Posts: 6,208
Default does windows Firewall block "outgoing" traffics?

cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?


Certainly. Simply install and properly configure a personal firewall.

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?


Again, simply install and properly configure a persoanl firewall.


Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...



To answer the question misplaced in the subject line:

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell
  #6  
Old August 7th 06, 03:07 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
Joe
external usenet poster
 
Posts: 7
Default does windows Firewall block "outgoing" traffics?

You can also check out a handy utility built into XP called netstat.

Go to start, run, cmd
netstat /? and hit enter

More information here...
http://www.microsoft.com/resources/d....mspx?mfr=true



"cfman" wrote in message
...
Can I prevent some unrecognized network communications which are
originated from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there
is a software that wants to make outgoing traffice, the blocker will raise
an alarm and let me know so I will be able to know where do these programs
hide...




  #7  
Old August 7th 06, 07:17 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Sun, 06 Aug 2006 17:40:40 -0700, wrote:

"cfman" wrote:

Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...


Use Leaktest to test your firewall program (and don't use windows
firewall)
http://www.grc.com/lt/leaktest.htm

Just a small file that phones home - see if your firewall can stop it.


You can also take a look at
http://www.firewallleaktester.com/tests_overview.php - press the "view
results" button at the bottom to see how personal firewalls in
general perform as far as controlling outbound connections is
concerned. It's not very reliable.

It's better to install a good anti-virus software to stop the malware
before it is allowed to run. Trying to control a malware that is
already allowed to run does not work.
  #8  
Old August 7th 06, 08:08 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
No_Name
external usenet poster
 
Posts: 699
Default does windows Firewall block "outgoing" traffics?

B. Nice wrote:

On Sun, 06 Aug 2006 17:40:40 -0700, wrote:

"cfman" wrote:

Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...


Use Leaktest to test your firewall program (and don't use windows
firewall)
http://www.grc.com/lt/leaktest.htm

Just a small file that phones home - see if your firewall can stop it.


You can also take a look at
http://www.firewallleaktester.com/tests_overview.php -


Nice link to various leaktesters
http://www.firewallleaktester.com/leaktest9.htm

press the "view
results" button at the bottom to see how personal firewalls in
general perform as far as controlling outbound connections is
concerned. It's not very reliable.


Windows Firewall kinda sucks huh

It's better to install a good anti-virus software to stop the malware
before it is allowed to run. Trying to control a malware that is
already allowed to run does not work.


NOD32, it's got a thing called IMON (internet monitor) going for it.
I can't download any malware files from http://vx.netlux.org/ (my
virus checker checking site); NOD32 catches them still zip'd


--
Bump Key - Open any lock
http://www.youtube.com/watch?v=7Uv45...rch=bump%20key
  #9  
Old August 7th 06, 08:38 AM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Mon, 07 Aug 2006 00:08:55 -0700, wrote:

press the "view
results" button at the bottom to see how personal firewalls in
general perform as far as controlling outbound connections is
concerned. It's not very reliable.


Windows Firewall kinda sucks huh


Actually not. The XP SP2 firewall does a very good job at controlling
inbound traffic. At least as good or even better than any personal
firewall. And outbound checking was left out intentionally - knowing
that it cannot be done reliably within a windows environment anyway.
There are simply too many ways for malware to circumvent it.

It's better to install a good anti-virus software to stop the malware
before it is allowed to run. Trying to control a malware that is
already allowed to run does not work.


NOD32, it's got a thing called IMON (internet monitor) going for it.


I agree. NOD32 is among the best. But again, antivirus software is'nt
something you should rely too much on either. The best hard-/software
appliance available is your brain ;-)

I can't download any malware files from
http://vx.netlux.org/ (my
virus checker checking site); NOD32 catches them still zip'd


Good :-)
  #10  
Old August 7th 06, 12:19 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
karl levinson, mvp
external usenet poster
 
Posts: 73
Default does windows Firewall block "outgoing" traffics?


"B. Nice" wrote in message
...

Windows Firewall kinda sucks huh


Actually not. The XP SP2 firewall does a very good job at controlling
inbound traffic. At least as good or even better than any personal
firewall. And outbound checking was left out intentionally - knowing
that it cannot be done reliably within a windows environment anyway.
There are simply too many ways for malware to circumvent it.


That's what I hate about those "leak test" sites. People who don't know
what the results mean conclude that good firewall products are not good.

Leak test sites test what happens once malware is on the computer. But
malware on a computer [with System or Administrator privileges] can do just
about anything it wants to, including disable just about every firewall out
there. Also, once malware is on your computer, you've usually got bigger
problems than whether your personal firewall software is blocking outbound
traffic. So then what good is a leak test? I think leak tests are more
useful to security experts, by demonstrating largely academic security
issues, and less useful to the general public.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info



  #11  
Old August 7th 06, 02:40 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On Mon, 7 Aug 2006 07:19:18 -0400, "karl levinson, mvp"
wrote:


"B. Nice" wrote in message
.. .

Windows Firewall kinda sucks huh


Actually not. The XP SP2 firewall does a very good job at controlling
inbound traffic. At least as good or even better than any personal
firewall. And outbound checking was left out intentionally - knowing
that it cannot be done reliably within a windows environment anyway.
There are simply too many ways for malware to circumvent it.


That's what I hate about those "leak test" sites. People who don't know
what the results mean conclude that good firewall products are not good.


Which would be the correct conclusion (as far as outbound control is
concerned).

Leak test sites test what happens once malware is on the computer. But
malware on a computer [with System or Administrator privileges] can do just
about anything it wants to, including disable just about every firewall out
there.


Very true. But still the vendors claim to be able to provide complete
internet protection - and to be able to stop malware from connecting,
right? :-)

You must however also realise that some of the leaktests also work
perfectly even when run under restricted rights. And malware needs
only one possible way to get out to do so. Therefore you cannot even
look at which ones block most leak tests. In the end that does'nt make
much difference for clever malware.

Also, once malware is on your computer, you've usually got bigger
problems than whether your personal firewall software is blocking outbound
traffic.


Precisely. That's one of the reasons why "controlling outbound" is a
broken concept.

So then what good is a leak test?


Hopefully leaktests can help people realise that outbound protection
is unreliable and should not be considered a security meassure.

Furthermore the so-called "phoning home" issue is highly overrated and
lead to users preventing legitimate programs from checking for updates
- thereby leaving them vulnerable instead of more secure.

I think leak tests are more
useful to security experts, by demonstrating largely academic security
issues, and less useful to the general public.


Wrong. It's about time users start to realise that "outbound
connection control" is a broken concept. Just look at the leak test
site. Would you accept if your software got a similar rating at
ShieldsUp"? - No. You would be screaming and yealling and posting to
newsgroups until you got each and every little dot turned green :-)
  #12  
Old August 7th 06, 05:20 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.configuration_manage
MikeR
external usenet poster
 
Posts: 158
Default does windows Firewall block "outgoing" traffics?

cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are making
outgoing or outbound network communications.

Can I prevent any such network traffic from happening?

Ideally, if I set an option to block all outgoing traffic, whenever there is
a software that wants to make outgoing traffice, the blocker will raise an
alarm and let me know so I will be able to know where do these programs
hide...


The new Windows Live OneCare blocks outgoing traffic. It's very chatty tho,
which I don't care for.
MikeR
  #13  
Old August 7th 06, 05:22 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
Gman
external usenet poster
 
Posts: 8
Default does windows Firewall block "outgoing" traffics?

Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?


Certainly. Simply install and properly configure a personal firewall.



Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.

Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.

After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.

If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.

If you, or anyone else knows of such a cookbook, point us in the right
direction.

Just one man's opinion, Bruce.

  #14  
Old August 7th 06, 06:18 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
B. Nice
external usenet poster
 
Posts: 56
Default does windows Firewall block "outgoing" traffics?

On 7 Aug 2006 09:22:10 -0700, "Gman" wrote:

Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?


Certainly. Simply install and properly configure a personal firewall.



Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.


Precisely.

Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.


Precisely.

After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.


It's very unlikely that something "slid in past the firewall". The
scumware most likely sneaked in by you surfing the internet in an
unsecure way (by using Internet Explorer for example) or by you
installing and/or running questionable software.

If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.


It's better to skip these so-called "two-way" firewalls and replace
them with "brainware" :-)

I have looked closely at different personal firewalls, and they simply
don't live up to the vendors claims.

For example I find it very funny that the Kerio Personal Firewall when
installed in "simple" mode (which they recommend for novices) actually
allows most if not all outbound connections by default. At the same
time, at their web-site, they claim that the windows firewall is "half
asleep" for not doing the same thing.

Another funny example is the Outpost firewall which is almost a
security risk in itself because it violates microsofts most basic
recommendations regarding windows security, thereby allowing
restricted users to gain administrative priviliges.

Instead, don't trust too much in such security products (and certainly
not the vendors) and instead take responsibility for what you do.

Feel free to visit my site for some ground rules. Read them -
understand them - and follow them.
http://home20.inet.tele.dk/b_nice/

You can start here to find out why personal firewalls may not be the
best solution:
http://home20.inet.tele.dk/b_nice/PFW.htm

If you, or anyone else knows of such a cookbook, point us in the right
direction.

Just one man's opinion, Bruce.

  #15  
Old August 7th 06, 09:59 PM posted to microsoft.public.windowsxp.network_web,microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.help_and_support
Enkidu
external usenet poster
 
Posts: 195
Default does windows Firewall block "outgoing" traffics?

Gman wrote:
Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

Certainly. Simply install and properly configure a personal firewall.



Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.

Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.

After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.

If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.

If you, or anyone else knows of such a cookbook, point us in the right
direction.

Just one man's opinion, Bruce.

What's to configure? You just install it, and let it do its job. There
is no need to tweak it at all! If something is suspicious it will ask
you what to do, and will then remember what you decided. I've not used
Kerio, but when I used ZoneAlarm it was simple to install and simple to
use. Just right for beginners.

Cheers,

Cliff
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 01:24 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.