If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Fri, 11 Aug 2006 02:04:07 GMT, Leythos wrote:
In article , says... If you cannot provide better advice than that, please do us all a favour and disconnect your computer from the internet. And your "Software firewalls the monitor outbound traffic aren't 100% perfect so don't bother" is better advice? Get real. Even imperfect detection is better than none whatsoever. Bruce, B.Nice is part of the VB/SG group that believes nothing is good for security and the only solution is to not use a computer, just read their posts in the security groups some time. Thank you, Leythos - for giving me so many good laughs :-) First of all, I'm not a part of any "group". My opinion was formed long before I even knew about the ones you are referring to. My very first posting to c.s.f. proves that - and is there for everyone to find. But since you seem to be resistant to facts, I don't expect you to bother go looking. BTW, talking about "groups" - you seem to belong to the group of people refusing to provide references for your claims. The proof of that is freely available in the same group too for everyone to check. That leaves you with no credibility. I think we should just let people decide for themselves who they want to listen to. Anyone that suggests anything running on the host PC is crucified on the spot. |
Ads |
#32
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Thu, 10 Aug 2006 19:44:03 -0600, Bruce Chambers
wrote: B. Nice wrote: On Tue, 08 Aug 2006 20:31:23 -0600, Bruce Chambers wrote: If you don't know what you have installed on your own computer, and don't know what each application is supposed to be doing, please do us all a favor and disconnect the computer from the Internet. That's just ridiculous. If you know exactly what applications are running on your computer you have absolutely no need for a personal firewall at all. I see that reading comprehension isn't one of your strong suits. Yup. Offensive talk and no arguments is what I get from you. That does'nt surprise me. I said "If *you* don't know what *you* have installed...." Where did I even imply that unknown software couldn't get into the system without the OP's knowledge. Impressive spin attempt. I must applaude you on that :-) That's precisely why a firewall that checks outbound traffic is so essential. And unreliable. If you were serious you would know that malware is not something you try to control. Therefore your first advice should have been about how to get rid of it. Completely. Your next advice should have been about how to prevent something similar to happen again. Controlling malware that is already running is simply a silly idea. The OP stated that he suspected some hidden programs in his PC making outgoing connections. And you threw in your usual "install and properly configure a personal firewall" magic bullet completely ignoring the fact that outbound control is highly unreliable. It's no "magic bullet." It certainly is'nt. But you repeatedly use it as one. It's best means of detecting unwanted outbound network traffic there is. No. How would you recommend the OP do it? A packet sniffer, perhaps? A hardware firewall appliance on his home LAN's perimeter? A packet sniffer on a known clean machine in the network neighbourhood is probably the only foolproof method. But of course that is no good advice for the average user. A good anti-malware product (a few maybe) is what should be recommended for the average user. That is'nt foolproof. But if such programs cannot spot and clean it, don't expect that personal firewalls will be able to spot its outgoing connection attempts. If afterwards you still suspect something to be wrong, there really is just one option: Flatten and rebuild. Oh, and one cannot ignore a "fact" that isn't a fact at all, but just your unsubstantiated opinion. Sure, personal firewalls are imperfect, but the good ones, when properly used, most definitely aren't "highly unreliable." Not even close. That's your opinion then. One only needs to visit http://www.firewallleaktester.com/tests_overview.php and press the "view results" button at the botom to get an idea about how personal firewalls in general perform as far as outbound connection control is concerned. And remember, malware needs only one hole (therefore you cannot use these results to make decisions about which one to choose either). And what about the possibilities that leaktests have not yet been written for? What clever malware does is either check which firewall is running to figure out the right way to get out, or simply try different methods until it finds one that works. In the meantime your user feels safe, because a connection attempt was blocked. What really happend was that 3 seconds later the malware succeeded using a different approach. To make a clear statement: If you need outbound control, it is already too late. If you cannot provide better advice than that, please do us all a favour and disconnect your computer from the internet. And your "Software firewalls the monitor outbound traffic aren't 100% perfect so don't bother" is better advice? Where did I say that? Get real. Even imperfect detection is better than none whatsoever. Actually you cannot argue like that. You are saying that adding a detection method is good by definition. That's not nescessarily true. You have to consider all pros and cons of both options. |
#33
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
Bruce Chambers wrote: And I apologize for coming off as rudely as I did. You managed, through no fault of your own, to hit one of my pet peeves. I have little to no tolerance for people who steadfastly refuse to learn how to safely use their computers, and then whine when they have problems. While you didn't whine, you did seem (to me) to be playing the "I don't know, and I shouldn't have to learn" card. Just an old, and I do mean 'old', penchant of mine when trying to learn something new or solve a pesky problem, getting a number of smart people to tell me how much they know about a subject, versus my telling them how much I do or don't know. I've found out I learn a whole lot more by listening to smart people, than talking to them. These NGs have a lot of bright people with a wealth of knowledge and information, who are interesting, as well as entertaining, to read. There are also some here whose parents must have done a bellyflop in to the gene pool. BTW, I do have an older version of ZA protecting a Win98 machine (setup exactly the way you suggested), and it's on-line 24/7, going to a lot of weird places, with no problems what-so-ever. However, the recent version of ZA, combined with the myriad of XP processes, caused me to back-off ZA and seek some wisdom. Thank you for taking the time to respond. That said, B. Nice does make a good point about the futile effort of trying to 'control' malware with an outbound firewall, and the false sense of security that can give naive users. I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, it is now inside, trying to get out, and I've got S&D work to do, immediately. Not all bad. |
#34
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
SPAM ME wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, it is now inside, trying to get out, and I've got S&D work to do, immediately. Not all bad. In fact, Bruce, that's what you said. See, I was listening. |
#35
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On 11 Aug 2006 04:40:22 -0700, "SPAM ME"
wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, How would you know that if your firewall does'nt tell you? ;-) it is now inside, trying to get out, and I've got S&D work to do, immediately. Not all bad. |
#36
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
B. Nice wrote: On 11 Aug 2006 04:40:22 -0700, "SPAM ME" wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, How would you know that if your firewall does'nt tell you? ;-) Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper and AVG would find them. If not, my PC will probably be toast. Got any suggestions? |
#37
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On 11 Aug 2006 10:43:03 -0700, "No More Spam?"
wrote: B. Nice wrote: On 11 Aug 2006 04:40:22 -0700, "SPAM ME" wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, How would you know that if your firewall does'nt tell you? ;-) Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper and AVG would find them. If not, my PC will probably be toast. Okay, but you were explicitely saying that you looked at an outbound firewall as an alert mechanism that would let you know if something slipped past your best efforts to stop it - and now you are pointing to all other kinds of products instead. That confuses me. Got any suggestions? For what? |
#38
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
B. Nice wrote: On 11 Aug 2006 10:43:03 -0700, "No More Spam?" wrote: B. Nice wrote: On 11 Aug 2006 04:40:22 -0700, "SPAM ME" wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, How would you know that if your firewall does'nt tell you? ;-) Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper and AVG would find them. If not, my PC will probably be toast. Okay, but you were explicitely saying that you looked at an outbound firewall as an alert mechanism that would let you know if something slipped past your best efforts to stop it - and now you are pointing to all other kinds of products instead. That confuses me. It must be me, B. Nice, because you don't seem to be the variety that would be easily confused. As I know you must know, the other kinds of products I was pointing to are just the ordinary layers of malware defense and detection apps that any prudent user employees, updates and has in place to protect their system. Also, as I think you would agree, none of these apps are perfect, so, there is always the possability that some scum will get in. When it does, hopefully, an outbound-blocking firewall would warn me, OR, if things are running poorly, a scan of the FW log will show that something else besides my trusted apps are talking about me with others on the Internet. That would prompt me to take action to find and quiet that nasty thing. If I can't find it by myself, I would probably be back here asking for guidance from the experts, like Elephant Boy. Got any suggestions? For what? That reminds me of Bubba's response when the cop asked him if had any ID, "Bout wut?" Any suggestions as to other measures I should take, other apps I should use to improve my malware defenses, in addition to practicing Safe Hex. Now, I'm sure you had another point you wanted to make, other than to attempt to show me up as a novice, what was it? I'm always eager to learn new stuff. |
#39
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
SPAM ME wrote:
Just an old, and I do mean 'old', penchant of mine when trying to learn something new or solve a pesky problem, getting a number of smart people to tell me how much they know about a subject, versus my telling them how much I do or don't know. Not an entirely bad approach, but I'd think you'd have to sift through a lot of repetition.... I've found out I learn a whole lot more by listening to smart people, than talking to them. A truism, if ever I heard one. (One I need to practice a bit more, sometimes.) That said, B. Nice does make a good point about the futile effort of trying to 'control' malware with an outbound firewall, Here, I'd have to vehemently disagree. In the first place, the purpose of an outbound firewall isn't to control malware; it's to control what your computer sends to the outside world. One of the beneficial side affects is that it can alert one to the presence of certain types of malware. Secondly, even partial protection is better than none at all. ... and the false sense of security that can give naive users. As I've repeatedly said, the most important component of computer security is a knowledgeable and pro-active user. *NO* software product should ever be expected to make up for a user's intellectual laziness. If a user wants to practice "security by faith," he pretty much deserves whatever malware he gets. I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, it is now inside, trying to get out, and I've got S&D work to do, immediately. Not all bad. Which has been precisely my point, all along. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrum Russell |
#40
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
Leythos wrote:
Bruce, B.Nice is part of the VB/SG group that believes nothing is good for security and the only solution is to not use a computer, .... Then they should probably follow their own advice. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrum Russell |
#41
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Fri, 11 Aug 2006 18:28:42 -0600, Bruce Chambers
wrote: Leythos wrote: Bruce, B.Nice is part of the VB/SG group that believes nothing is good for security and the only solution is to not use a computer, .... Then they should probably follow their own advice. These "guys" never indicate anything like "not use a computer"- What they are saying is: "Run only programs you trust". Which is actually very good advice. Leythos just does'nt understand or does'nt want to understand why that makes perfect sense. |
#42
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On 11 Aug 2006 16:23:04 -0700, "SPAM ME"
wrote: B. Nice wrote: On 11 Aug 2006 10:43:03 -0700, "No More Spam?" wrote: B. Nice wrote: On 11 Aug 2006 04:40:22 -0700, "SPAM ME" wrote: I look at an outbound firewall as an alert mechanism, it may not block a persistent malware app from communicating, but it does let me know that something slipped past my best efforts to stop it, How would you know that if your firewall does'nt tell you? ;-) Hopefully, my updated AV, Spyware Blaster and Spy Sweeper would keep them out, but if not, my weekly sweeps with SS&D, AdAware, Spy Sweeper and AVG would find them. If not, my PC will probably be toast. Okay, but you were explicitely saying that you looked at an outbound firewall as an alert mechanism that would let you know if something slipped past your best efforts to stop it - and now you are pointing to all other kinds of products instead. That confuses me. It must be me, B. Nice, because you don't seem to be the variety that would be easily confused. As I know you must know, the other kinds of products I was pointing to are just the ordinary layers of malware defense and detection apps that any prudent user employees, updates and has in place to protect their system. Yes, I know that's kind of like the "mainstream" way users are adviced to be working. I don't know if the word mainstream is the right one to use. English is not my native language, so sometimes I make mistakes. I hope you understand the meaning. My position is this: If you need all these extra "protective layers" it is basically because you are working in an unsecure way. In which case security apps won't be able to protect you properly. I normally refer to it as "driving the highway like a madman surrounded by airbags". It' does'nt really solve the basic problem. And it is just a question of time until you will get hurt. Security requires you to take responsibility of what you are doing and how you are using your computer. In that sense, I'm in line with people like Bruce. But it's a way too serious issue to leave to questionable software vendors to solve for you. Also, as I think you would agree, none of these apps are perfect, so, there is always the possability that some scum will get in. Yes, if you are not aware of what you are doing, I agree. When it does, hopefully, an outbound-blocking firewall would warn me, OR, if things are running poorly, a scan of the FW log will show that something else besides my trusted apps are talking about me with others on the Internet. And that is where you are wrong. Malware is just using your already trusted apps to get out. Furthermore, I would'nt base a security concept on hope ;-) That would prompt me to take action to find and quiet that nasty thing. If I can't find it by myself, I would probably be back here asking for guidance from the experts, like Elephant Boy. Got any suggestions? For what? That reminds me of Bubba's response when the cop asked him if had any ID, "Bout wut?" Good one :-) Any suggestions as to other measures I should take, other apps I should use to improve my malware defenses, in addition to practicing Safe Hex. Now, I'm sure you had another point you wanted to make, other than to attempt to show me up as a novice, what was it? It was'nt my intention to show you up as a novice. If I left that impression, I apologize. Normally my "try your best to be polite" filter is turned on. Only towards overselling security software vendors and "smart ass" consultants do I deliberately turn that off :-) I'm always eager to learn new stuff. That's a good basis. Now, there are a few things I think you should know about computer security. * Small is beautiful Within computer security, simplicity is generally good and complexity is generally bad. That's for example why I don't like these big "all-in-one" security suites. They really are awful - filled with all kinds of unnescessary features, instead of concentrating on doing one thing - and doing that reliably. * Code is buggy All computer software is buggy. Bugs lead to vulnerabilities that bad guys can use to exploit. * The more code - the more bugs - and the more vulnerabilities It's very simple. If no code is running on your computer, there is _nothing_ to attack. The more code is running, the more there is to attack. Therefore one should strive for reducing what is running instead of adding to it. An example: Your computer is providing network services (well known to be attack vectors). Your computer is not on a network, so you don't need those. To protect yourself, you then install a personal firewall. Now, what you have done is to keep your existing vulnerabilities running and adding further ones to it. If you had instead disabled these services, you would be 100% protected against attacks for these services. That's why reducing stuff (reducing complexity) is better than adding new stuff to protect existing stuff (increasing complexity). If you have no services running, that are listening for network traffic you can connect your computer directly to the internet just as safely as if you were running a firewall offering inbound protection. Then you would only be vulnerable to attacks fro the outside that would attack the lower levels like the TCP/IP stack itself - attacks that one should not expect personal firewalls to block either. Now this will not protect you from running other app's (iincluding malware) that starts to listen. But that´s where things like a good anti-virus product AND most importantly, your brain, comes into play. * Use the least buggy software When dealing with the internet you need apps that can stand the heat. One of the main reasons for getting infected with stuff like ad-ware is surfing with Internet Explorer in an unsecure way. Internet Eplorer has a bad history of being buggy - and still have some serious issues. An easy way to strengthen your security is to use another browser that does not by default come with client-side scripting possibilities like Microsofts ActiveX. The same goes for using Outlook or Outlook Express for e-mailing. Now feel free to visit my web-site to get a broader idea of what I'm saying. Read my rules. Understand them - and follow then. And if you find it interresting, feel free to ask further questions. But in the end do what fits your own habits the best. http://home20.inet.tele.dk/b_nice/ As you of course also know, you should'nt trust anybody on the internet (including myself ;-) - you will find many people offering good advice - but at the same time they might well be somehow in it for the money. So the advice they give is'nt always that neutral. /B. Nice |
#43
|
|||
|
|||
does windows Firewall block "outgoing" traffics?
On Fri, 11 Aug 2006 18:24:21 -0600, Bruce Chambers
wrote: SPAM ME wrote: That said, B. Nice does make a good point about the futile effort of trying to 'control' malware with an outbound firewall, Here, I'd have to vehemently disagree. In the first place, the purpose of an outbound firewall isn't to control malware; Wrong. One of the main selling points of personal firewalls is exactly the ability to stop malware from "phoning home", yes. (Please see footnote [1]). And that means exactly "controlling what malware does". it's to control what your computer sends to the outside world. Which precisely covers primarily malware issues, but does'nt work reliably. As soon as you have allowed e.g. your browser to connect, you have provided a variety of ways for malware to connect without being caught. One of the beneficial side affects is that it can alert one to the presence of certain types of malware. Secondly, even partial protection is better than none at all. ... and the false sense of security that can give naive users. As I've repeatedly said, the most important component of computer security is a knowledgeable and pro-active user. Agreed. So now please start educating them instead of throwing personal firewalls at them. *NO* software product should ever be expected to make up for a user's intellectual laziness. But please look at what vendors claim to provide. Arguments like "complete security" and "total invisibility to hackers" is what I see on vendors web-sites. They are simply taking advantage of peoples lack of knowledge and are blowing smoke at them. Under normal circumstances, I would'nt bother too much. But this is about security, g.. d..... Furthermore you continue to neglect that there are a many ways for malware to connect out without the user being warned about it. That has *nothing* to do with the intellectual laziness of users. It has to do with unreliable or defective software. Software which does'nt do what the vendor claims it does. You cannot expect every computer user to be a techie who knows how to "properly configure a firewall" - that's unfair. They don't know what a firewall does - and have no itention to learn. They just want to be protected while doing other, to them, more important things. If a user wants to practice "security by faith," he pretty much deserves whatever malware he gets. Sorry, but you really are arrogant. You sound exactly like many IT supporters who are convinced that users are wrong by default and that every problem is a PEBKAC issue until proven otherwise. /B. Nice ---- [1] Pasted from ZoneLabs web-site (the feature comparison chart). About the features available in ZA free: * Guards the network perimeter from inbound and outbound threats with the world's #1 firewall * Prevents spyware and other malicious programs from sending your personal information across the Internet * Automatically makes your computer invisible to anyone on the Internet * Protects your programs from malware |
Thread Tools | |
Display Modes | |
|
|