Discussion in 'Windows Vista Security' started by Richard, Jul 27, 2008.

  1. Including yours??? ;-)


    Hank Arnold
    Microsoft MVP
    Windows Server - Directory Services
    Hank Arnold (MVP), Jul 30, 2008
    1. Advertisements

  2. Richard

    Root Kit Guest

    On Wed, 30 Jul 2008 13:01:16 -0400, "Mr. Arnold" <MR.
    Okay. There is a big difference between outbound packet filtering and
    application control. Neither are reliable counter measures against
    malware allowed to run.
    Root Kit, Jul 30, 2008
    1. Advertisements

  3. Richard

    Root Kit Guest

    That's true for any kind of "outbound control". One who doesn't
    understand networking shouldn't be expected to be able to properly
    configure a firewall.

    For application control the situation is even worse, since it requires
    a deep understanding of the inner workings of the OS.

    "Do you want svchost.exe to connect to the internet?" - Erhmmm, NO -

    And how about when the "firewall" asks you to make decisions based on
    utter nonsense? How about this one that I have come across in several
    "personal firewalls": "Program X is trying to contact the internet on
    IP address"? Not only is it nonsense, it's of absolutely NO
    help to a user and worst of all gives the impression of the program
    having been developed by coders who have no clue about networking
    That's true. It does have value. A good feeling of being in control
    certainly has value. Just not in terms of security.
    It's possible for average users to turn it on and shoot themselves
    seriously in the foot.
    Root Kit, Jul 30, 2008
  4. Richard

    Root Kit Guest

    No. But no matter what, that has to be always the default assumption.
    Unless you have a baseline and can identify exactly what has been
    changed you are basing your security on hope.
    Repair is possible if you're very skilled. It's certainly not a job
    for Mr. Average. If you rely on running a few anti-tools in order to
    declare a system clean as soon as the symptom seems to be gone, you're
    on a very slippery slope.
    If you allow even poorly coded malware to have a ball on your
    computer, your defenses are non-existing anyway.
    The real and the virtual worlds don't easily compare. This has lead to
    a variety of bad analogies. Yours is just yet another one.
    The possible increase in security from an outbound firewall must as a
    minimum outweigh the drawbacks. For me that's a very easy assessment
    to make.
    One shouldn't utilize a security measure one can't rely on to a very
    high degree. Especially not one which has a serious impact on the
    system it's trying to protect.
    Root Kit, Jul 30, 2008
  5. Richard

    Root Kit Guest

    If it was only that simple.
    That's true. In fact they are getting less effective every day.
    But a "firewall" implementing "outbound application control"
    unfortunately does not fall into that category.
    Root Kit, Jul 30, 2008
  6. Richard

    Mr. Arnold Guest

    Any personal FW/packet filter that has outbound packet filtering, the user
    faces the same problem using the solution effectively and need serious
    training. They don't know how to do it. So what's the difference in some 3rd
    party solution and Vista's packet filter/ FW, none.
    99% of clueless average users have no idea as to what is happening with it,
    it takes a lot of hand holding because I have been there holding their hands
    and it's worthless.
    Mr. Arnold, Jul 30, 2008
  7. Richard

    Mr. Arnold Guest

    The job of a real FW, which I don't consider some 3rd party personal
    FW/packet filter or even Vista's FW/packet filter to be a FW is not to stop
    malware. A FW's job is not to stop malware running on a computer.

    A packet filtering FW router, FW appliance or host based software FW
    running on a secured gateway computer jobs are not to be stopping a malware
    program running on some computer.


    What is a firewall?

    A firewall protects networked computers from intentional hostile intrusion
    that could compromise confidentiality or result in data corruption or denial
    of service. It may be a hardware device or a software program running on a
    secure host computer. In either case, it must have at least two network
    interfaces, one for the network it is intended to protect, and one for the
    network it is exposed to.

    *And for those that don't know what two network interfaces means for a
    computer running a host based FW, it means the the computer must have two
    network interface cards (NICS) in them with one NIC protecting from the
    network it is protecting from, and the other NIC protecting the network it
    is protecting.*
    A firewall sits at the junction point or gateway between the two networks,
    usually a private network and a public network such as the Internet. The
    earliest firewalls were simply routers. The term firewall comes from the
    fact that by segmenting a network into different physical subnetworks, they
    limited the damage that could spread from one subnet to another just like
    firedoors or firewalls.

    A firewall examines all traffic routed between the two networks to see if it
    meets certain criteria. If it does, it is routed between the networks,
    otherwise it is stopped. A firewall filters both inbound and outbound
    traffic. It can also manage public access to private networked resources
    such as host applications. It can be used to log all attempts to enter the
    private network and trigger alarms when hostile or unauthorized entry is
    attempted. Firewalls can filter packets based on their source and
    destination addresses and port numbers. This is known as address filtering.
    Firewalls can also filter specific types of network traffic. This is also
    known as protocol filtering because the decision to forward or reject
    traffic is dependant upon the protocol used, for example HTTP, ftp or
    telnet. Firewalls can also filter traffic by packet attribute or state.

    *That is FW technology, and the Vista FW/packet filter or some 3rd party
    personal FW/packet filter are NOT FW(s).*
    Mr. Arnold, Jul 30, 2008

  8. All generalizations are false (including this one).
    Ken Blake, MVP, Jul 30, 2008
  9. As Captain Kirk said to the robot:

    "Everything I tell you is a lie!"............ :)


    Hank Arnold
    Microsoft MVP
    Windows Server - Directory Services
    Hank Arnold (MVP), Jul 30, 2008
  10. Richard

    Kayman Guest

    Well, in this thread I haven't made up any stats, I think :)
    Kayman, Jul 31, 2008
  11. Richard

    Kayman Guest

    We are talking about 3rd party software (so-called) firewall) and their
    effectiveness in relation to monotoring outbound traffic as a security
    Read above in-line response!
    Google *is* your friend!
    Yes, employing cd and re-installing the OS.
    Spend your "wondering time" on educating yourself;
    Make it a habit checking credentials of authors writing articles/messages
    in advertisement sponsored publications and take commercial messages with a
    ton of salt.
    (Amazing how a bit of online research makes me sound like an expert... :)
    You don't know me, if you group me in some arbitrary fashion, it is your
    own inability to see clearly; Not my issue!

    Unlike you, I can claim to walk away from this pointless quibble knowing
    what I am doing. This is me, granting you whatever last words you feel
    might make you whole again.

    Have a wondeful day :)
    Kayman, Jul 31, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.