If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... |
Ads |
#2
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
cfman wrote:
Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... Not innately. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#3
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
cfman wrote:
Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Yes, but not with the built-in Windows firewall. That it can not do this is probably its biggest disadvantage. Almost any third-party can do this, and is therefore a better choice. -- Ken Blake - Microsoft MVP Windows: Shell/User Please reply to the newsgroup Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... |
#4
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
"cfman" wrote:
Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... Use Leaktest to test your firewall program (and don't use windows firewall) http://www.grc.com/lt/leaktest.htm Just a small file that phones home - see if your firewall can stop it. -- Bump Key - Open any lock http://www.youtube.com/watch?v=7Uv45...rch=bump%20key |
#5
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
cfman wrote:
Can I prevent some unrecognized network communications which are originated from my PC from being initiated? Certainly. Simply install and properly configure a personal firewall. I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Again, simply install and properly configure a persoanl firewall. Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... To answer the question misplaced in the subject line: WinXP's built-in firewall is adequate at stopping incoming attacks, and hiding your ports from probes. What WinXP SP2's firewall does not do, is provide an important additional layer of protection by informing you about any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going network traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the Windows Firewall is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized. ZoneAlarm or Kerio are much better than WinXP's built-in firewall, in that they do provide that extra layer of protection, are much more easily configured, and have free versions readily available for downloading. Even the commercially available Symantec's Norton Personal Firewall provides superior protection, although it does take a heavier toll of system performance then do ZoneAlarm or Kerio. Firewalls and anti-virus applications, which should always be used and should always be running, are important components of "safe hex," but they cannot, and should not be expected to, protect the computer user from him/herself. Ultimately, it is incumbent upon each and every computer user to learn how to secure his/her own computer. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrum Russell |
#6
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
You can also check out a handy utility built into XP called netstat.
Go to start, run, cmd netstat /? and hit enter More information here... http://www.microsoft.com/resources/d....mspx?mfr=true "cfman" wrote in message ... Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... |
#8
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
B. Nice wrote:
On Sun, 06 Aug 2006 17:40:40 -0700, wrote: "cfman" wrote: Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... Use Leaktest to test your firewall program (and don't use windows firewall) http://www.grc.com/lt/leaktest.htm Just a small file that phones home - see if your firewall can stop it. You can also take a look at http://www.firewallleaktester.com/tests_overview.php - Nice link to various leaktesters http://www.firewallleaktester.com/leaktest9.htm press the "view results" button at the bottom to see how personal firewalls in general perform as far as controlling outbound connections is concerned. It's not very reliable. Windows Firewall kinda sucks huh It's better to install a good anti-virus software to stop the malware before it is allowed to run. Trying to control a malware that is already allowed to run does not work. NOD32, it's got a thing called IMON (internet monitor) going for it. I can't download any malware files from http://vx.netlux.org/ (my virus checker checking site); NOD32 catches them still zip'd -- Bump Key - Open any lock http://www.youtube.com/watch?v=7Uv45...rch=bump%20key |
#9
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Mon, 07 Aug 2006 00:08:55 -0700, wrote:
press the "view results" button at the bottom to see how personal firewalls in general perform as far as controlling outbound connections is concerned. It's not very reliable. Windows Firewall kinda sucks huh Actually not. The XP SP2 firewall does a very good job at controlling inbound traffic. At least as good or even better than any personal firewall. And outbound checking was left out intentionally - knowing that it cannot be done reliably within a windows environment anyway. There are simply too many ways for malware to circumvent it. It's better to install a good anti-virus software to stop the malware before it is allowed to run. Trying to control a malware that is already allowed to run does not work. NOD32, it's got a thing called IMON (internet monitor) going for it. I agree. NOD32 is among the best. But again, antivirus software is'nt something you should rely too much on either. The best hard-/software appliance available is your brain ;-) I can't download any malware files from http://vx.netlux.org/ (my virus checker checking site); NOD32 catches them still zip'd Good :-) |
#10
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
"B. Nice" wrote in message ... Windows Firewall kinda sucks huh Actually not. The XP SP2 firewall does a very good job at controlling inbound traffic. At least as good or even better than any personal firewall. And outbound checking was left out intentionally - knowing that it cannot be done reliably within a windows environment anyway. There are simply too many ways for malware to circumvent it. That's what I hate about those "leak test" sites. People who don't know what the results mean conclude that good firewall products are not good. Leak test sites test what happens once malware is on the computer. But malware on a computer [with System or Administrator privileges] can do just about anything it wants to, including disable just about every firewall out there. Also, once malware is on your computer, you've usually got bigger problems than whether your personal firewall software is blocking outbound traffic. So then what good is a leak test? I think leak tests are more useful to security experts, by demonstrating largely academic security issues, and less useful to the general public. -- kind regards, Karl Levinson, CISSP, CCSA, MCSE [MS MVP] -------------------------------- Microsoft Security FAQ: http://securityadmin.info |
#11
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Mon, 7 Aug 2006 07:19:18 -0400, "karl levinson, mvp"
wrote: "B. Nice" wrote in message .. . Windows Firewall kinda sucks huh Actually not. The XP SP2 firewall does a very good job at controlling inbound traffic. At least as good or even better than any personal firewall. And outbound checking was left out intentionally - knowing that it cannot be done reliably within a windows environment anyway. There are simply too many ways for malware to circumvent it. That's what I hate about those "leak test" sites. People who don't know what the results mean conclude that good firewall products are not good. Which would be the correct conclusion (as far as outbound control is concerned). Leak test sites test what happens once malware is on the computer. But malware on a computer [with System or Administrator privileges] can do just about anything it wants to, including disable just about every firewall out there. Very true. But still the vendors claim to be able to provide complete internet protection - and to be able to stop malware from connecting, right? :-) You must however also realise that some of the leaktests also work perfectly even when run under restricted rights. And malware needs only one possible way to get out to do so. Therefore you cannot even look at which ones block most leak tests. In the end that does'nt make much difference for clever malware. Also, once malware is on your computer, you've usually got bigger problems than whether your personal firewall software is blocking outbound traffic. Precisely. That's one of the reasons why "controlling outbound" is a broken concept. So then what good is a leak test? Hopefully leaktests can help people realise that outbound protection is unreliable and should not be considered a security meassure. Furthermore the so-called "phoning home" issue is highly overrated and lead to users preventing legitimate programs from checking for updates - thereby leaving them vulnerable instead of more secure. I think leak tests are more useful to security experts, by demonstrating largely academic security issues, and less useful to the general public. Wrong. It's about time users start to realise that "outbound connection control" is a broken concept. Just look at the leak test site. Would you accept if your software got a similar rating at ShieldsUp"? - No. You would be screaming and yealling and posting to newsgroups until you got each and every little dot turned green :-) |
#12
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
cfman wrote:
Can I prevent some unrecognized network communications which are originated from my PC from being initiated? I am suspecting that some hidden malicious programs in my PC are making outgoing or outbound network communications. Can I prevent any such network traffic from happening? Ideally, if I set an option to block all outgoing traffic, whenever there is a software that wants to make outgoing traffice, the blocker will raise an alarm and let me know so I will be able to know where do these programs hide... The new Windows Live OneCare blocks outgoing traffic. It's very chatty tho, which I don't care for. MikeR |
#13
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
Bruce Chambers wrote:
cfman wrote: Can I prevent some unrecognized network communications which are originated from my PC from being initiated? Certainly. Simply install and properly configure a personal firewall. Ah, but here's the rub, Bruce, 'simply' and 'properly configured' should not be used in the same sentence when discussing ZoneAlarm, or any of the other personal firewalls. Given all of the XP and other app's processes (most with unrecognizable titles and unfathomable function) that insist on communicating with something in the great beyond to function, the average user (I am one of them) doesn't have a clue about how to properly configure a firewall, which processes to Allow and which ones to Block. For us, it is not simple. After wrestling with ZoneAlarm alerts for several months, and getting no help from the ZA User Forums, Google searches or anything else as to what's good and what's bad, I just gave up, removed ZA and live, albeit with a good deal of paranoia, with the XP firewall, meticulously running various scans, sweeps and using a divining rod on a weekly basis to detect and remove any scumware that slid in past that firewall. If there were a cookbook solution for properly configuring ZoneAlarm, Kerio or any of the other personal firewalls, I think we average users would be more amenable to using one of those two-way firewall. If you, or anyone else knows of such a cookbook, point us in the right direction. Just one man's opinion, Bruce. |
#14
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On 7 Aug 2006 09:22:10 -0700, "Gman" wrote:
Bruce Chambers wrote: cfman wrote: Can I prevent some unrecognized network communications which are originated from my PC from being initiated? Certainly. Simply install and properly configure a personal firewall. Ah, but here's the rub, Bruce, 'simply' and 'properly configured' should not be used in the same sentence when discussing ZoneAlarm, or any of the other personal firewalls. Precisely. Given all of the XP and other app's processes (most with unrecognizable titles and unfathomable function) that insist on communicating with something in the great beyond to function, the average user (I am one of them) doesn't have a clue about how to properly configure a firewall, which processes to Allow and which ones to Block. For us, it is not simple. Precisely. After wrestling with ZoneAlarm alerts for several months, and getting no help from the ZA User Forums, Google searches or anything else as to what's good and what's bad, I just gave up, removed ZA and live, albeit with a good deal of paranoia, with the XP firewall, meticulously running various scans, sweeps and using a divining rod on a weekly basis to detect and remove any scumware that slid in past that firewall. It's very unlikely that something "slid in past the firewall". The scumware most likely sneaked in by you surfing the internet in an unsecure way (by using Internet Explorer for example) or by you installing and/or running questionable software. If there were a cookbook solution for properly configuring ZoneAlarm, Kerio or any of the other personal firewalls, I think we average users would be more amenable to using one of those two-way firewall. It's better to skip these so-called "two-way" firewalls and replace them with "brainware" :-) I have looked closely at different personal firewalls, and they simply don't live up to the vendors claims. For example I find it very funny that the Kerio Personal Firewall when installed in "simple" mode (which they recommend for novices) actually allows most if not all outbound connections by default. At the same time, at their web-site, they claim that the windows firewall is "half asleep" for not doing the same thing. Another funny example is the Outpost firewall which is almost a security risk in itself because it violates microsofts most basic recommendations regarding windows security, thereby allowing restricted users to gain administrative priviliges. Instead, don't trust too much in such security products (and certainly not the vendors) and instead take responsibility for what you do. Feel free to visit my site for some ground rules. Read them - understand them - and follow them. http://home20.inet.tele.dk/b_nice/ You can start here to find out why personal firewalls may not be the best solution: http://home20.inet.tele.dk/b_nice/PFW.htm If you, or anyone else knows of such a cookbook, point us in the right direction. Just one man's opinion, Bruce. |
#15
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
Gman wrote:
Bruce Chambers wrote: cfman wrote: Can I prevent some unrecognized network communications which are originated from my PC from being initiated? Certainly. Simply install and properly configure a personal firewall. Ah, but here's the rub, Bruce, 'simply' and 'properly configured' should not be used in the same sentence when discussing ZoneAlarm, or any of the other personal firewalls. Given all of the XP and other app's processes (most with unrecognizable titles and unfathomable function) that insist on communicating with something in the great beyond to function, the average user (I am one of them) doesn't have a clue about how to properly configure a firewall, which processes to Allow and which ones to Block. For us, it is not simple. After wrestling with ZoneAlarm alerts for several months, and getting no help from the ZA User Forums, Google searches or anything else as to what's good and what's bad, I just gave up, removed ZA and live, albeit with a good deal of paranoia, with the XP firewall, meticulously running various scans, sweeps and using a divining rod on a weekly basis to detect and remove any scumware that slid in past that firewall. If there were a cookbook solution for properly configuring ZoneAlarm, Kerio or any of the other personal firewalls, I think we average users would be more amenable to using one of those two-way firewall. If you, or anyone else knows of such a cookbook, point us in the right direction. Just one man's opinion, Bruce. What's to configure? You just install it, and let it do its job. There is no need to tweak it at all! If something is suspicious it will ask you what to do, and will then remember what you decided. I've not used Kerio, but when I used ZoneAlarm it was simple to install and simple to use. Just right for beginners. Cheers, Cliff |
Thread Tools | |
Display Modes | |
|
|