If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Straight Talk wrote:
On Sun, 29 Jul 2007 20:18:45 -0300, John John wrote: If you know how to internally stop the Sysinternal Help utilities from calling home please post your findings here. It's not the app itself "phoning home". Yes it is. If you use the help utility it calls an Akamai server. I know why it's doing it and I am not saying that it is necessarily good or bad. The example was used to demonstrate that there *are* things making outbound connections without users being aware. If the applications that we think of as "tame" are doing it you can be sure that other not so tame applications may also be doing it. Clearing the CodeBaseSearchPath key in the registry (Internet Settings) probably does the job. But maybe it's not such a good idea after all. Anyway, if you had taken the time to packet sniff the "phoning home" instead of letting your PFW drive you paranoid, you would probably have realized that it's no big deal and that this big scary MS thingy isn't really spying on you. Once again, I know what it is doing and I am not saying that anyone is spying, that is not the point. The point is that Microsoft and many others are consistently saying that monitoring outbound connection is a useless firewall feature for *any* reason. I disagree with that. All good firewalls have outbound connection monitoring available, the Microsoft XP firewall doesn't. When users made mention of this, or if they asked why it wasn't available, the response from Microsoft and its fans was to embark on a campaign of discrediting all firewalls that do outbound monitoring and to claim the feature as absolutely useless. When that tactic failed they then decided that anyone who even suggests that the firewall should do outbound monitoring should be immediately clobbered, it may keep some people quiet but it won't keep me quiet. Microsoft customers spoke and asked a valid question. Instead of Microsoft saying something as simple as: "We have received requests for this feature and are investigating the possibility of including it in a future update", they decided that it was best to kill the messengers and to proclaim their firewall as superior to all others. I would also like to hear your advice and solutions as to port monitoring and outbound traffic in general on Windows operating systems. App's like CurrPorts and WireShark come to mind. Brilliant. Give that to novice users. Instead of having the firewall do what firewalls usually do have the users dig about and find utilities on their own to do the job! And for your information you don't have to go out of the Microsoft stable to find port monitoring tools. Should users follow your advice and ignore all outbound traffic? Users should think twice before installing all kinds of stuff. And they should not let PFW's drive them paranoid. Problem is, neither the PFW nor the user understands what's happening. I've seen users freak out about app's "phoning home" to IP address 127.0.0.1 More BS. There are all kinds of computer users and computer users do all kinds of things. Good firewalls know what is going on and most seasoned users know what the loopback address is. The simple fact that the extra ability to detect outbound connections can be a useful firewall feature is something that guys like you are insisting on denying. You are on a campaign to discredit this as a useful feature, but you offer no simple, easy way or alternative for users to even have basic outbound connection monitoring. However, there won't be much inter netting without allowing outbound traffic. No there won't be. But that doesn't mean that everything installed on a computer should be calling out and it doesn't mean that firewalls that help identifying those "call home" utilities are bad, useless firewalls! If that is the case then why would Microsoft include such a useless feature in its newest flagship operating system? And then insist that it is useless for XP users? John |
Ads |
#32
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Kerry Brown wrote:
"John John" wrote in message ... Kerry Brown wrote: You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe." was baloney. I never said that and don't attribute things that I have not said to me! Reread my post! I quoted this from the article: "Speaking of host firewalls, why is there so much noise about outbound filtering? Think for a moment about how ordinary users would interact with a piece of software that bugged them every time a program on their computer wanted to communicate with the Internet..." And I said that (quoted material) was baloney! A firewall monitoring outbound connections will ask you if you want to permanently allow or disallow the connection, you will not be "...bugged them every time a program on their computer wanted to communicate with the Internet...". That is false information in the article, and for some reason or other and for sometime now Microsoft has been trying to discredit *all* firewalls except its own. What is it that Microsoft is hiding? Why are they so adamant that users not be aware of outgoing connections on their computers? That may have been what you intended to say but here is the the relevant snippet from your post: -------------------------------------- " and scroll down to: Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. That article itself is baloney. It is true that any malware can circumvent a firewall's outbound protection but it is also true that a lot of malware is detected by firewall outbound monitoring. The outbound monitoring also alerts you when otherwise legitimate software is trying to call home. Perhaps you like it better when things like Media player call home without your knowledge, a pesky annoyance that you should be aware of things like that." ----------------------------------------- It sure sounds to me like you are calling the whole article baloney. I don't presume to speak for Microsoft but personally I'm not hiding anything. Software firewalls are a useful part of a layered security setup. They can't be relied upon to protect you from malicious outbound traffic. Anybody who says they can and tries to sell this to you is deceiving you. They are selling snake oil. Software firewalls became popular because the current versions of Windows at the time didn't have any firewall. When XP came out with a firewall the vendors realized that they had to give people a reason to keep buying their product. This is when they started pushing the outbound monitoring features. Software firewalls can, and most do, give you a level of protection against inbound attacks from unsolicited traffic. That is all they are good for as a defense against malware. Even that can't be relied on if something does get inside the security perimeter. Once your security has been breached you can no longer trust anything running on the computer. Monitoring outbound traffic does have it's uses. One is as you say to stop legitimate programs from making outbound connections that you don't want. I don't know why Microsoft didn't include outbound monitoring in the XP firewall. Personally I don't care as I believe it to be of limited use anyway. Outbound monitoring is included in the Vista firewall and many other Microsoft products like ISA server. This is obviously something I'm passionate about :-) Don't take it as personal attack. Whenever I see a post espousing the usefulness of software firewalls I am compelled to point out the fallacy of this approach to security. To tell you the truth, Kerry, when a published article from a supposedly authoritative source contains even only one such blatant outright lie as the one in the above mentioned article, it casts doubts on the whole article, one cannot rely on anything said in the article because it is extremely prejudiced and tarnished by some of the false information it contains. Serious publishers, researchers or technical writers would automatically correct the false information or pull such flawed articles. You won't see companies like Intel publishing seriously tarnished articles like the one above. As for "espousing the usefulness of software firewalls", if they are so useless why did Microsoft include one in XP SP2? I whole heartedly agree with you that some firewall vendors are making exaggerated claims in an attempt to sell their products and that some of the firewalls offered by some companies are crappy products, Microsoft too at times makes exaggerated claims to sell its products. But long before Windows XP and Windows 2000 even came out, many users were using firewalls, several *very* good, free personal firewalls were available and were being used to protect computers from outside attacks. Microsoft invented nothing new with its firewall. Companies like Kerio and Sygate made good free firewalls long before Microsoft decided that it could no longer ship its operating systems without basic firewall protection, some companies still make good free firewalls. That there are shoddy products out there is a fact, but outbound traffic detection has *always* been one of the tasks that any good firewall does and there is no reason to label all firewalls that do this as *useless* products and there are even fewer reasons to label such a feature as a *useless* feature. Firewalls do not only deal with malware, they deal with *all* traffic, inbound and outbound, and with *all* applications. If the firewall doesn't do outbound monitoring then novice users are left on their own to try and detect these things, with outbound connection monitoring even advanced experienced users are sometimes surprised to find out that certain applications are trying to establish outbound connections. Sure, there are all kinds of malware that can circumvent this monitoring, things like rootkits and what not can easily get around firewalls. That is beside the point, firewalls are not and were never meant to be used as virus or rootkit detectors, you need special tools to detect and deal with those insidious pests. Anti virus software cannot detect all or some of those pests and that is what they are supposed to do. Should we tar all AV software as useless because they can't detect rootkits? Strange that most persons would say no but that they would then insist that firewalls that monitor outbound traffic are devilishly bad because they can't detect those same rootkits or pests. I understand that you are passionate on this subject and I don't take your posts and comments as personal attacks. I hope that you don't take mine as personal attacks against you or anyone else. I too am passionate on the issue and I don't like it when good products are all tarred at the same time with a wide brush. I am also passionate when I read posts saying that outbound traffic monitoring is completely useless or that it is completely unnecessary because users should not be concerned about outbound traffic on their computers, the logic being that only sloppy uninformed users have applications that call home, or that you should not be concerned about legitimate applications that might be calling home even if they have absolutely no valid reason to do so. I am somewhat vindicated by the fact that Microsoft thought that this feature was useful enough to be included it in its Vista firewall. John |
#33
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
Thank you. Strangely enough, when I tried Help on those two apps, the pages
all failed to load. Go figure. -- Gary S. Terhune MS-MVP Shell/User www.grystmill.com "John John" wrote in message ... Preocess Explorer and Autoruns are two that do. John Gary S. Terhune wrote: What "help menu"? Hey, I just asked a question and I really want to know the answer. Which Sysinternal apps call home? I presume you know of at least some, or you wouldn't have made that statement. |
#34
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
The Autoruns 8.52 that I have here wants to connect to 207.46.197.16,
port 80 or 142.176.121.13, port 80 or others in these ranges. Same kind of thing with the newer versions of Process Explorer. John Gary S. Terhune wrote: Thank you. Strangely enough, when I tried Help on those two apps, the pages all failed to load. Go figure. |
#35
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Straight Talk wrote:
On Mon, 30 Jul 2007 09:43:12 -0300, John John wrote: Straight Talk wrote: On Sun, 29 Jul 2007 20:18:45 -0300, John John wrote: If you know how to internally stop the Sysinternal Help utilities from calling home please post your findings here. It's not the app itself "phoning home". Yes it is. No. It's windows. You don't know what you are talking about, why don't you monitor one of the apps and find out what is going on. It isn't Windows doing the calling it's the application itself. Being that you are so smart and that I know nothing you should at least do a few tests before you post about things you pretend to know of. John |
#36
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Straight Talk wrote:
On Mon, 30 Jul 2007 14:02:49 -0300, John John wrote: You don't know what you are talking about, why don't you monitor one of the apps and find out what is going on. That's what I did. You did no such thing with the newer Sysinternal apps mentioned elsewhere, if you had you would have seen that the utilities establish outbound connections if you use the help files. Why and for what reasons you now chose to post lies is something that only you know. Being that you now insist on lying my discussion with you is over. John |
#37
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
"Andy Walker" wrote in message ... dc wrote: Andy, What does the -b parameter do? Here is the help description from netstat: -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient You can use an alternative method through the use of the -o switch. -o Displays the owning process ID associated with each connection. In order to determine the process name you can run task manger (ctrl-alt-del), select view/select columns and add Process Identifier. This will allow you to match the process ID output from the netstat command with a process name. I couldn't find it, and when I included it, I got the help legend. Older versions of the netstat command did not include the -b switch. After looking at the legend, I did this... c:\netstat -na netstat.txt Did you mean to use another pararmeter and if so, what is the command See the -o info above. What is this for? c:\more netstat.txt It is the "more" command used to read the file "netstat.txt" created when you used the "" pipe command. Using more allows you to see the entire file one page at a time. You could also use a text reader like notepad or to stay in the DOS window try "edit netstat.txt". Thank you Andy, Appreciate your taking the time dc |
Thread Tools | |
Display Modes | |
|
|