does windows Firewall block "outgoing" traffics?

Gman wrote:
Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are originated
from my PC from being initiated?

Certainly. Simply install and properly configure a personal firewall.


Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.

Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.

After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.

If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.

If you, or anyone else knows of such a cookbook, point us in the right
direction.

Just one man's opinion, Bruce.

What's to configure? You just install it, and let it do its job. There
is no need to tweak it at all! If something is suspicious it will ask
you what to do, and will then remember what you decided. I've not used
Kerio, but when I used ZoneAlarm it was simple to install and simple to
use. Just right for beginners.

Cheers,

Cliff

"B. Nice" wrote in message
...

That's what I hate about those "leak test" sites. People who don't know
what the results mean conclude that good firewall products are not good.

Which would be the correct conclusion (as far as outbound control is
concerned).

Precisely. That's one of the reasons why "controlling outbound" is a
broken concept.

I agree with you, sort of. Like almost all security countermeasures,
"controlling outbound" [via personal firewall software] is never going to be
100% effective. That doesn't make it useless or broken. "Controlling
outbound" raises the bar, by blocking at least some bad things, and making
you aware of the existence of some other bad things. The opposite of
"controlling outbound" is to allow all traffic out without any monitoring or
logging. Given a choice, I'd take a security countermeasure with some
vulnerabilities over no countermeasure at all, especially if the
countermeasure is inexpensive. And throwing in an external firewall device,
proxy server, etc., makes "controlling outbound" alerting and blocking not
so broken.

Unfortunately, most leak test sites are part of the problem, not part of the
solution. Correct me if I'm wrong, but instead of suggesting that
"controlling outbound" is a broken concept, I think most leak test sites
suggest that "controlling outbound" is an important concept. Those sites
suggest that you can and should 1) buy the right firewall or 2) complain to
your firewall vendor, and then you'll be secure. I think that could lead
the user to having a false sense of security, which is a dangerous thing.
Most people reading those web sites are going to conclude that "controlling
outbound" is an important test and that it is an important factor they
should consider when choosing a product. As a result, some otherwise good
products might not be purchased.

B. Nice wrote:


After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.

It's very unlikely that something "slid in past the firewall". The
scumware most likely sneaked in by you surfing the internet in an
unsecure way (by using Internet Explorer for example) or by you
installing and/or running questionable software.

Dear Mr (or Ms) Nice (whichever the case may be),

I appreciate your sage comments and candid advice regarding the
inadequacies of all personal firewalls. I do use FireFox, have
McAfee's SiteAdvisor in place to warn me about unsafe websites and the
only 'questionable' software I'm running, that's given me any pause, is
MicroSoft's. Seems every time I do an XP or Office update, I get this
frenzied activity that wants to change the Browser's Home Page, both
IE's and FireFox's, to the MSN website.


If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.

It's better to skip these so-called "two-way" firewalls and replace
them with "brainware" :-)

Agreed, and I also agree with the subsequent poster that ZA is easy to
install, and, if every access Alert is approved, it generally doesn't
cause any problems. But that's kind of like using door-stops to prop
open the front and back doors of your house. Not much risk if you live
out in the country, terribly risky in the inner-cities, and the
Internet is the worst of every city in the world's, inner-city.

On Tue, 8 Aug 2006 08:40:20 -0400, "karl levinson, mvp"
wrote:


"B. Nice" wrote in message
.. .

That's what I hate about those "leak test" sites. People who don't know
what the results mean conclude that good firewall products are not good.

Which would be the correct conclusion (as far as outbound control is
concerned).

Precisely. That's one of the reasons why "controlling outbound" is a
broken concept.

I agree with you, sort of. Like almost all security countermeasures,
"controlling outbound" [via personal firewall software] is never going to be
100% effective.

Right. Not even close. Controlling inbound has proven to be possible
and reliable to a certain high degree. Controlling outbound (with a
personal firewall) has'nt - and never will. And therefore should'nt be
considered a security meassure.

That doesn't make it useless or broken.

The idea itself is silly (if meant as a security meassure against
malware trying to make outbound connecion) since you are trying to
control malware that is already allowed to run. Malware is something
you stop at the gate (for example with a good anti-virus product or
simply by using your own common sense), not something you allow in and
try to control. It's not called malware for nothing :-)

"Controlling outbound" raises the bar,
by blocking at least some bad things, and making
you aware of the existence of some other bad things.

By being able to stop a few things that don't mind being stopped leads
to users believing that it works reliably and therefore poses a false
sense of security on them. And users should NOT feel secure. Only
providers of security software want users to feel secure. Well, a user
should'nt feel unsecure either. But a user should be constantly aware
of what he/she is doing.

The opposite of "controlling outbound" is to allow all traffic out without any monitoring or
logging. Given a choice, I'd take a security countermeasure with some
vulnerabilities over no countermeasure at all, especially if the
countermeasure is inexpensive.

That's your choice. And you are free to do that, as long as you
understand the limitations. But for reasons mentioned before, I find
it a bad idea in most cases.

And throwing in an external firewall device,
proxy server, etc., makes "controlling outbound" alerting and blocking not
so broken.

I fully agree. I am only objecting to outbound control of "firewalls"
running on the same machine as it is supposed to protect.

Unfortunately, most leak test sites are part of the problem, not part of the
solution.

I disagree. It is important that users know what the real capabilities
of the products they are using are. Especially since the topic is
security. Normal users have no other possibilities than to believe
what consultants or even worse, the software vendors, tell them. And
that info is, to be polite, very unreliable.

Correct me if I'm wrong, but instead of suggesting that
"controlling outbound" is a broken concept, I think most leak test sites
suggest that "controlling outbound" is an important concept. Those sites
suggest that you can and should 1) buy the right firewall or 2) complain to
your firewall vendor, and then you'll be secure. I think that could lead
the user to having a false sense of security, which is a dangerous thing.

I agree that a false sense of security is a dangerous thing. But I'm
not sure I fully understand what you are trying to say here.

Most people reading those web sites are going to conclude that "controlling
outbound" is an important test and that it is an important factor they
should consider when choosing a product. As a result, some otherwise good
products might not be purchased.


That's true to some extent. For example, one may be lead to believe
that the windows firewall is crap, while it is actually quite good.

But in the end, it does'nt make much difference how many leaktests a
firewall product can pass. Clever malware needs only one hole to get
through. Therefore my point is that it should be used to get an idea
of how personal firewalls in general perform - not for making
descisions on which one to use. If that was also the point you were
trying to make, then we agree.

"Gman" wrote in message
ups.com...
Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are
originated
from my PC from being initiated?


Certainly. Simply install and properly configure a personal firewall.


Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.

Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.

After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.

If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.

If you, or anyone else knows of such a cookbook, point us in the right
direction.

Just one man's opinion, Bruce.

I concur with Gman

SPAM ME wrote:
"Gman" wrote in message
ups.com...
Bruce Chambers wrote:
cfman wrote:
Can I prevent some unrecognized network communications which are
originated
from my PC from being initiated?

Certainly. Simply install and properly configure a personal firewall.

Ah, but here's the rub, Bruce, 'simply' and 'properly configured'
should not be used in the same sentence when discussing ZoneAlarm, or
any of the other personal firewalls.



Why not? I haven't come across one yet that wasn't mind-numbingly
simple to use.


Given all of the XP and other app's processes (most with unrecognizable
titles and unfathomable function) that insist on communicating with
something in the great beyond to function, the average user (I am one
of them) doesn't have a clue about how to properly configure a
firewall, which processes to Allow and which ones to Block. For us, it
is not simple.



It's not WinXP's processes that are the problem, nor have I seen an
alert from a personal firewwall that did not make it quite clear what
application was trying to send outbound signals.


After wrestling with ZoneAlarm alerts for several months, and getting
no help from the ZA User Forums, Google searches or anything else as to
what's good and what's bad, I just gave up, removed ZA and live, albeit
with a good deal of paranoia, with the XP firewall, meticulously
running various scans, sweeps and using a divining rod on a weekly
basis to detect and remove any scumware that slid in past that
firewall.



Your choice, of course.



If there were a cookbook solution for properly configuring ZoneAlarm,
Kerio or any of the other personal firewalls, I think we average users
would be more amenable to using one of those two-way firewall.



How could there be? How would anyone else know what applications *you*
have installed on *your* computer, and which of those applications *you*
want accessing the Internet? This is something only *you* can
determine. If you don't know what you have installed on your own
computer, and don't know what each application is supposed to be doing,
please do us all a favor and disconnect the computer from the Internet.



--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell

"B. Nice" wrote in message
...

Correct me if I'm wrong, but instead of suggesting that
"controlling outbound" is a broken concept, I think most leak test sites
suggest that "controlling outbound" is an important concept. Those sites
suggest that you can and should 1) buy the right firewall or 2) complain
to
your firewall vendor, and then you'll be secure. I think that could lead
the user to having a false sense of security, which is a dangerous thing.

I agree that a false sense of security is a dangerous thing. But I'm
not sure I fully understand what you are trying to say here.

I believe most leak test sites lead the user to believe that you should buy
the firewall that does the best at "blocking outbound." Leak test sites
often don't make it clear that once malware is on the computer, your
personal firewall is toast. Personal firewalls can't block malware on your
system, but leak test sites tend to make users think that the right ones
can.

On the other hand, personal firewalls can alert you to the existence of
spyware, adware and some malware like viruses. Things like antivirus,
network IDS, SSL, SSH, PGP, DEP execution prevention, etc. aren't 100%
foolproof, they can be evaded and fooled. And yet they are frequently used,
because they help reduce your risk. Most security countermeasures only
reduce risk, not eliminate risk. That doesn't make them worthless.

On Wed, 9 Aug 2006 09:42:07 -0400, "karl levinson, mvp"
wrote:


"B. Nice" wrote in message
.. .

Correct me if I'm wrong, but instead of suggesting that
"controlling outbound" is a broken concept, I think most leak test sites
suggest that "controlling outbound" is an important concept. Those sites
suggest that you can and should 1) buy the right firewall or 2) complain
to
your firewall vendor, and then you'll be secure. I think that could lead
the user to having a false sense of security, which is a dangerous thing.

I agree that a false sense of security is a dangerous thing. But I'm
not sure I fully understand what you are trying to say here.

I believe most leak test sites lead the user to believe that you should buy
the firewall that does the best at "blocking outbound."

Agreed. As we also agree that this is not a correct conclusion.

Leak test sites often don't make it clear that once malware is on the computer, your
personal firewall is toast.

Ack.

Personal firewalls can't block malware on your system, but leak test sites tend to make
users think that the right ones can.

Yes, that's bad.

On the other hand, personal firewalls can alert you to the existence of
spyware, adware and some malware like viruses.

It can detect a few non-clever ones, yes. But as you also said: "Once
malware is in, your computer is toast". And catching these few ones
lead to a false sense of security for novices - and that's dangerous.

Things like antivirus, network IDS, SSL, SSH, PGP, DEP execution prevention,
etc. aren't 100% foolproof, they can be evaded and fooled. And yet they
are frequently used, because they help reduce your risk.

Yes, but well knowing that things like IDS and anti-virus products are
also not too reliable, at least they are trying to stop things before
they do any harm. Trying to control malware that is already running is
just plain stupid. And users should know that.

Most security countermeasures only reduce risk, not eliminate risk.

True to some extent. There is however something about security. One
can gain 100% security against a specific threat. Let's say a
vulnerability is found in a specific network service. If you stop
running that service you are 100% protected against that threat. And
IMO for something to be considered a security meassure it has to at
least be reliable to a certain high degree (like inbound control can
be for example). Outbound control is not worthy of being considered a
security meassure, IMHO.

That doesn't make them worthless.

Nearly. And dangerous, because novices are led to believe they are
protected - fooled by the product vendors marketing departments.

Some products are even dangerous because they add new vulnerabilities
to your computer that you would not have without them.

Examples:

* The witty worm - targeting only computers running a specific PFW.

* The SelfDoS attack - targeting only computers running specific PFW's
with a faulty IDS implementation.

* Bad design - some PFW's have severe design errors by not following
MS's most basic recommendations for windows security - thereby
allowing restricted users to gain administrative rights. And since
this is by design, it is not something that can be fixed without
rewriting. Specific PFW's have, for example had this error for several
years - making it completely useless within a coorporate environment.
And, in principle, allowing malware to gain administrative rights by
itself, leading to a complete compromise - even though I am not aware
of any actual reports about that - yet.

There are many other examples. Just go google for personal firewall
vulnerability - you may be surprised.

If these were just ordinary applications I would'nt make much fuss
about it, but these companies claim to be in the security business.
They better start proving themselves worthy.

"B. Nice" wrote in message
...

Nearly. And dangerous, because novices are led to believe they are
protected - fooled by the product vendors marketing departments.

I agree that a false sense of security is dangerous, I also think that
novices are just often going to be uninformed and largely untrainable about
security issues. Novices are also prone to the opposite problem, an
unnecessary panic when warned about security issues, which can lead them to
make rash or unnecessary decisions, which should also be avoided. Security
awareness and training programs for home and corporate users generally pick
just a few of the most important take-home points and really dumb them down,
hoping they'll stick. We still haven't succeeded in getting all home users
to patch, use an AV, and use a firewall. The technical vulnerabilities of
firewalls is useful for some more moderately technical users to know, but is
too much info for other users.

Some products are even dangerous because they add new vulnerabilities
to your computer that you would not have without them.

Examples:

* The witty worm - targeting only computers running a specific PFW.

Yes, but the Witty worm was not that widespread or common an occurrence, and
people who were affected had neither the firewall update nor the antivirus
update that would have prevented Witty infections. You'd want to compare
the risk of using a firewall versus the risk of not using one, and choose
the better of the two. In most environments, you usually have less risk by
using some form of TCP/IP filtering on the workstation than not. I'm not a
fan of Windows IPSec filtering rules on workstations, because the logging is
not really good enough. So that pretty much leaves you with the Windows XP
firewall, a third party software firewall, or a firewall device of some
sort.

On Tue, 08 Aug 2006 20:31:23 -0600, Bruce Chambers
wrote:

If you don't know what you have installed on your own
computer, and don't know what each application is supposed to be doing,
please do us all a favor and disconnect the computer from the Internet.

That's just ridiculous. If you know exactly what applications are
running on your computer you have absolutely no need for a personal
firewall at all.

The OP stated that he suspected some hidden programs in his PC making
outgoing connections. And you threw in your usual "install and
properly configure a personal firewall" magic bullet completely
ignoring the fact that outbound control is highly unreliable.

If you cannot provide better advice than that, please do us all a
favour and disconnect your computer from the internet.

On Sun, 6 Aug 2006 17:12:32 -0700, "Ken Blake, MVP"
wrote:

cfman wrote:

Can I prevent some unrecognized network communications which are
originated from my PC from being initiated?

I am suspecting that some hidden malicious programs in my PC are
making outgoing or outbound network communications.

Can I prevent any such network traffic from happening?


Yes, but not with the built-in Windows firewall. That it can not do this is
probably its biggest disadvantage.

Almost any third-party can do this, and is therefore a better choice.

Staying with the windows firewall has some solid advantages. And
installing a third-party firewall provides both advantages and
disadvantages, so you cannot just conclude like you did.

On Wed, 9 Aug 2006 20:32:53 -0400, "karl levinson, mvp"
wrote:


"B. Nice" wrote in message
.. .

Nearly. And dangerous, because novices are led to believe they are
protected - fooled by the product vendors marketing departments.

I agree that a false sense of security is dangerous, I also think that
novices are just often going to be uninformed and largely untrainable about
security issues.

I don't think so. At least I will give it a try :-)

Novices are also prone to the opposite problem, an
unnecessary panic when warned about security issues, which can lead them to
make rash or unnecessary decisions, which should also be avoided.

True. "A false sense of insecurity".

Security awareness and training programs for home and corporate users generally pick
just a few of the most important take-home points and really dumb them down,
hoping they'll stick.

Way better than nothing. Simple things like "install the updates",
"use a good anti-virus product", "use another browser than IE",
"don't use Outlook or Outlook Express for e-mails" and "control your
curiousity" make a big difference if followed IMHO.

We still haven't succeeded in getting all home users to patch, use an AV,
and use a firewall.

I'm not sure I would agree to that. My experience is, that users are
starting to be aware that they need to consider security. That does'nt
mean they know how to manage a firewall though.

The technical vulnerabilities of firewalls is useful for some more
moderately technical users to know, but is too much info for other users.

Vulnerabilities, yes. But if users can interpret the colourful ratings
at ShieldsUp they can also understand the colourful ratings at
firewallleaktester.com.

Some products are even dangerous because they add new vulnerabilities
to your computer that you would not have without them.

Examples:

* The witty worm - targeting only computers running a specific PFW.

Yes, but the Witty worm was not that widespread or common an occurrence, and
people who were affected had neither the firewall update nor the antivirus
update that would have prevented Witty infections.

It was just one of many examples of vulnerabilities of firewalls.
Google is your friend.

You'd want to compare the risk of using a firewall versus the risk of not using one,
and choose the better of the two.

Not fully correct. You'd need to consider the pros as well as the cons
of both options.

In most environments, you usually have less risk by using some form of TCP/IP filtering
on the workstation than not. I'm not a fan of Windows IPSec filtering rules on workstations,
because the logging is not really good enough.

Then there is something like this http://wipfw.sourceforge.net/ -
small, simple and reliable - as an alternative to IPSec rules. Or if
you want something bigger (and more IPSec rules alike) with a nice GUI
there is something like CHX-I from http://www.idrci.net/
Both alternatives come with stateful inspection / dynamic rules - and
logging.

So that pretty much leaves you with the Windows XP
firewall, a third party software firewall, or a firewall device of some
sort.

Or: The windows firewall (or another good packet filter), a good
anti-virus product and common sense.

B. Nice wrote:
On Tue, 08 Aug 2006 20:31:23 -0600, Bruce Chambers
wrote:

If you don't know what you have installed on your own
computer, and don't know what each application is supposed to be doing,
please do us all a favor and disconnect the computer from the Internet.

That's just ridiculous. If you know exactly what applications are
running on your computer you have absolutely no need for a personal
firewall at all.

The OP stated that he suspected some hidden programs in his PC making
outgoing connections. And you threw in your usual "install and
properly configure a personal firewall" magic bullet completely
ignoring the fact that outbound control is highly unreliable.

If you cannot provide better advice than that, please do us all a
favour and disconnect your computer from the internet.

Way to go B. Nice!!!!!! (Sorry Bruce, got carried away there.)

Bruce 'normally' gives good advice and I am 'usually' more informed
after reading his posts, so I will forgive him for jabbing me (and all
us average users), this time.

For your info, Bruce, I do know all of the programs I've installed,
know which ones need to call home and which ones don't. What I don't
know, but what techie-folks like you claim to know, is what all the MS
alphabet-soup processes do or what they need to call home about.

Googling those hieroglyphic processes gets generic info, with the
proviso to 'Beware', that at some time in the past (or perhaps in the
future), some scumbag has (or will) cleverly disguise a piece of
malware to use that processes' name to wreck havoc.

Then there are the demands from known legitimate MS processes, like
Windows Explorer and others, to access the Internet. I have not found
a good explanation as to why any of these processes 'have' to access
the Internet, without the same proviso, 'Beware', scumbags have found a
way to infiltrate those hallowed processes with malware also.

Wish there were a simple, easily configured solution to block the work
of those malware scumbags, but if there were, there would probably be a
lot of geeks standing in soup lines around the world. Those who create
malware, and those who create malware defenses.

I wonder, is it possible that many of them are one in the same?

Keep your computer connected Bruce, we need all of your expert advise
and some of your flawed opinions.

p.s. I finally found the culprit that was wrecking havoc with my Home
Page. Turned out to be an app the computer mfgr. magnanimously threw
in to their pre-install brew.

Oh yeah, thankfully, gmail's SPAM filters do work.

B. Nice wrote:
On Tue, 08 Aug 2006 20:31:23 -0600, Bruce Chambers
wrote:

If you don't know what you have installed on your own
computer, and don't know what each application is supposed to be doing,
please do us all a favor and disconnect the computer from the Internet.

That's just ridiculous. If you know exactly what applications are
running on your computer you have absolutely no need for a personal
firewall at all.



I see that reading comprehension isn't one of your strong suits. I
said "If *you* don't know what *you* have installed...." Where did I
even imply that unknown software couldn't get into the system without
the OP's knowledge. That's precisely why a firewall that checks
outbound traffic is so essential.


The OP stated that he suspected some hidden programs in his PC making
outgoing connections. And you threw in your usual "install and
properly configure a personal firewall" magic bullet completely
ignoring the fact that outbound control is highly unreliable.



It's no "magic bullet." It's best means of detecting unwanted outbound
network traffic there is. How would you recommend the OP do it? A
packet sniffer, perhaps? A hardware firewall appliance on his home
LAN's perimeter?

Oh, and one cannot ignore a "fact" that isn't a fact at all, but just
your unsubstantiated opinion. Sure, personal firewalls are imperfect,
but the good ones, when properly used, most definitely aren't "highly
unreliable." Not even close.


If you cannot provide better advice than that, please do us all a
favour and disconnect your computer from the internet.


And your "Software firewalls the monitor outbound traffic aren't 100%
perfect so don't bother" is better advice? Get real. Even imperfect
detection is better than none whatsoever.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell

SPAM ME wrote:


For your info, Bruce, I do know all of the programs I've installed,
know which ones need to call home and which ones don't.


That's very good. All computer users should have that same level of
knowledge.


What I don't
know, but what techie-folks like you claim to know, is what all the MS
alphabet-soup processes do or what they need to call home about.

Googling those hieroglyphic processes gets generic info, with the
proviso to 'Beware', that at some time in the past (or perhaps in the
future), some scumbag has (or will) cleverly disguise a piece of
malware to use that processes' name to wreck havoc.

Then there are the demands from known legitimate MS processes, like
Windows Explorer and others, to access the Internet. I have not found
a good explanation as to why any of these processes 'have' to access
the Internet, without the same proviso, 'Beware', scumbags have found a
way to infiltrate those hallowed processes with malware also.



That's easy to handle. First of all, only allow outbound access to
named applications, such as iexplore.exe (Internet Explorer), msmin.exe
(Outlook Express), and any other applications that you know need
Internet access. For the anonymous processes, simply block them all.
If that causes some application to stop working properly, it'll tell
you. If an application or process asks to "act as a server," deny it.



Wish there were a simple, easily configured solution to block the work
of those malware scumbags, but if there were, there would probably be a
lot of geeks standing in soup lines around the world. Those who create
malware, and those who create malware defenses.

I wonder, is it possible that many of them are one in the same?



... A common and so far unsubstantiated conspiracy theory. (Although I
wouldn't be awfully surprised if some security firms have subsequently
hired particularly creative hackers, on the premise that it takes a
thief to catch a thief.)


Keep your computer connected Bruce, we need all of your expert advise
and some of your flawed opinions.


And I apologize for coming off as rudely as I did. You managed,
through no fault of your own, to hit one of my pet peeves. I have
little to no tolerance for people who steadfastly refuse to learn how to
safely use their computers, and then whine when they have problems.
While you didn't whine, you did seem (to me) to be playing the "I don't
know, and I shouldn't have to learn" card.

My position:

A computer is a tool, just like any other. A user who doesn't know how
to safely use his computer (and perform basic maintenance on) is no
better than a carpenter who can't safely use and maintain his power
tools. Both are as dangerous to others as they are to themselves.

There are five essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.



--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell