Firewall etc

Discussion in 'Windows Vista Security' started by jo5030, Jul 16, 2008.

  1. jo5030

    Mr. Arnold Guest

    If you think I was tuff on you, you post this nonsense to
    comp-security-firewalls and let them rip you a new one. And I am going to
    tell you again that Commode or any other 3rd party host based personal
    firewall/packet filter are not FW(s). A FW's job is to stop unsolicited
    inbound traffic by default, to stop inbound or outbound traffic by creating
    packet filtering rules and two separate networks by the usage of two
    interfaces with one facing the network it is protecting from and the other
    interface protecting the network it is to protect. That's is their job. A
    good 3rd party packet filter, I won't call them FW(s), but their job is NOT
    to be malware detection/stoppage solutions with snake-oil in them.

    The buck stops at the O/S for anyone that knows how to harden the O/S to
    attack. The protection doesn't stop at some snake-oil solution that's trying
    to protect *you* from *you*.
     
    Mr. Arnold, Jul 17, 2008
    #21
    1. Advertisements

  2. jo5030

    Chappy Guest


    Tuff?
    That's a laugher

    What I don't understand tho is the absolutely maniacal and almost violent
    hatred of any 3rd party firewalls?
    If you don't remember, the firewall in Windows was purchased from a 3rd
    party and embedded into Windows, it was NOT designed by MS engineers!! Are
    you all saying that other engineers can't design and build a useful & secure
    firewall? I think they may have something to say about that, especially
    considering that they do very well in unsponsored testing facilities.
    Are you also saying that these testing facilities are full of it or don't
    know what they're doing?
    I would ask where would we be without those unsponsored testing facilities
    doing the job of sorting out the good from the bad for us. I can't imagine
    having to run our own tests on AV and other security software and I don't
    think you'd relish that thought either, so we depend on those who've decided
    to make a living from it to do this for us.

    I'm certainly NOT against MS, in fact I stand up for their efforts against
    allot of MS bashers, I know how difficult it is to make something this
    complex perfect...it aint gonna happen. Just because I think another
    company's firewall offers me better protection and an opportunity to
    configure advanced rules to suit my needs, doesn't mean I hate the Windows
    firewall or any other part of it. I'm sure there's things in Windows you
    don't like either.
    But I am entitled to my opinion just as you to yours, and I never hold yours
    against you or call your decisions foolish. You have your reasons for your
    decision and I mine. You can attempt to get others to listen to your advice,
    and I can attempt to do the same, but we allow them to make the final
    decision based on whatever information we can provide for our respective
    points of view.

    You can find a dozen sites that say Win Firewall Rox...and I can list a
    dozen that says differently...so what. It's up to the end user to decide
    which suits their needs best. If Windows starts embedding an AV app, is
    everyone all of a sudden idiots if they stay with another proven product? I
    certainly hope not, so why the big deal over their firewall, which again was
    written by others outside of the MS family...proving that there are in fact
    some intelligent and competent engineers out there writing software solutions
    that can do the job.

    We could go forever replying to little snippets of each others posts and
    still make no headway, it's simply a waste of all of our time and energies.
    Despite your arguments to the contrary, there are perfectly good, secure and
    well designed firewall solutions out there ans MANY other people use these
    products with excellent results. If you get excellent results from your
    product, well that's excellent and more power to you, but don't go nutzoid on
    others for their choice of solution.

    In a way, I almost agree with you about all the other forms of protection
    that even Comodo firewall has. In fact, I have most of that turned off and
    use it basically as a packet filtering solution, I don't need all the HIPS
    and hook alerts because I know what I'm doing, just as you others do too. But
    we all know the majority of users haven't the time or opportunity to learn
    what we have, so they can benefit from the higher forms of protections these
    products can offer besides simply being a filtering interface. We can harden
    our systems without (as you put it) having someone protect Us from Us, we
    don't have poor habits and we know better. But 80% of todays users just don't
    have that knowledge and that's where those of us that do, come in to help
    them as best we can. And in my opinion, and a few others too, most casual
    users can benefit from the enhanced forms of protections that some of these
    other solutions can offer them. They need something that in it's default
    configuration can keep them protected from themselves since they have no idea
    how to take advantage of advanced configuration.
    I agree that there are certainly some questionable products out there, and
    that can be said for almost any class of s'ware product, and that's why we
    depend on informed reviews to help sort out the cruft. And anyone who's been
    following security software for any length of time, they know the labs and
    reviewers they can trust.

    Ok, I'm done, and if you insist on continuing on after this, be my
    guest...it's your energy and time, not mine...well, not any more anyway. I'm
    simply tired of this, I usually avoid getting caught up in this type of
    useless merry-go-round. I could care less if I get the last word in or not,
    but if that's what you need to make you feel good then have at it, it's all
    yours.
     
    Chappy, Jul 17, 2008
    #22
    1. Advertisements

  3. jo5030

    Root Kit Guest

    On Wed, 16 Jul 2008 23:06:20 -0400, "Mr. Arnold" <MR.
    The same goes for the windows FW.
     
    Root Kit, Jul 17, 2008
    #23
  4. jo5030

    Kerry Brown Guest


    You're welcome.
     
    Kerry Brown, Jul 17, 2008
    #24
  5. jo5030

    Chappy Guest

    I also have a couple of letters behind my name too.
    I don't usually throw them around as any sort of sign of anything, but I'll
    let you see my business card and you tell me if they mean anything.
    [​IMG]
     
    Chappy, Jul 17, 2008
    #25
  6. jo5030

    Gordon Guest

    And what has that got to do with anything that Kerry said?
     
    Gordon, Jul 17, 2008
    #26
  7. jo5030

    Chappy Guest

    Chappy, Jul 17, 2008
    #27
  8. jo5030

    Chappy Guest

    Actually, about as much as anybody has said around here, but Kerry had to
    throw that he's an MVP for 3 years so he's a security pro.
    Well, like I said I don't usually bring this up but I do have a few letters
    that lend credibility to my computer skills too, it's call a "Doctorate
    Degree", Professor of Computer Science and "Assistant Dean of Sciences,
    Computer Science", University of ******.
    I dunno...does that qualify me as a "Pro" also??

     
    Chappy, Jul 17, 2008
    #28
  9. jo5030

    Gordon Guest

    No - re read his post. he said "I manage network security for three
    companies as a living". the bit about being MVP was thrown in as an extra.
     
    Gordon, Jul 17, 2008
    #29
  10. jo5030

    Charlie Tame Guest

    It indicates that you are pretty good with a black crayon, although
    definitely not heading for a career with one.

    Outbound firewalls "Can" be useful if you know what you are doing but
    for most people they represent closing the stable door after the horse
    is gone - snake oil.

    http://stlouiemoesblogaboutanything.blogspot.com/2008/06/show-him-your-card.html
     
    Charlie Tame, Jul 17, 2008
    #30
  11. jo5030

    Root Kit Guest

    What I don't understand is the almost religious admiration for a
    security concept which is broken already by design.
    No. If you ask me, I'm saying the designers of the MS firewall,
    whoever they might be, made a clever design choice to not waste code
    on useless trials.

    And don't come up with "ooh - but the Vista FW does outbound control,
    so they changed their minds" because the outbound control of Vista is
    different and builds on the overall security enhancements of the OS
    compared to XP, W2K etc.
    No. But if you take matousec as an example (since you mentioned them
    yourself), they do try to sell their knowledge (both in general and
    also about specific FW vulnerabilities) to vendors. So calling them
    "un sponsored" may be a bit over the top.

    If by "other testing facilities" you refer to computer magazines etc.
    making product tests, please have in mind that they seldom have the
    needed deep skills to actually look under the hood of such products to
    test if they actually do what they claim to do. They mostly test and
    compare the "look and feel" user experience and come up with
    "recommendations" based on that. They also probably aren't going to be
    too harsh on potential advertisers, so...

    To be honest, if I was selling firewall software, I would prioritize a
    light weight user friendly experience over hard core security -
    because what makes sense in a B2C market place does not necessarily go
    hand in hand with what makes sense in terms of security.

    Just for the record, I have no problem with matousec or the work they
    do except that they unfortunately help promote the idea that host
    based outbound control makes sense. That said, I consider them to be
    skilled guys.
    That's the whole point. If you understand what this stuff actually
    means, you don't really need it.
    I disagree entirely. The majority of users don't have the slightest
    idea how to correctly deal with such pop-ups.
    And believing that pop-ups containing technical nonsense and
    misinformation is of any help to that segment is the only reason why
    there is a market for these products in the first place.
     
    Root Kit, Jul 17, 2008
    #31
  12. jo5030

    Kerry Brown Guest


    You intimated that security pros endorse 3rd party firewalls and Commodo in
    particular. I was pointing out that I am a security pro who thinks
    otherwise.

    Since you pointed out you have some technical skills can you tell me the
    answer to this question. How would a firewall running in an OS detect a
    rootkit that has it's own TCP/IP stack completely independent of the OS? For
    that matter can a software firewall detect that it's running on a virtual
    machine with several other OS's running in virtual machines all using the
    same NIC? Don't you think that malware may use similar methods? If someone
    pwns your computer there is no way you can stop them from communicating
    outbound with software running on that same computer. You can make it hard
    but you can't stop them.
     
    Kerry Brown, Jul 17, 2008
    #32
  13. jo5030

    Mr. Arnold Guest


    I think I have mentioned Vista's personal packet filter in the same light of
    it not being a FW, in previous posts.
     
    Mr. Arnold, Jul 17, 2008
    #33
  14. jo5030

    Mr. Arnold Guest

    I don't hate them as long as they are kept in their proper prosective of
    being a persone packet filter with no fluff.
    Who cares about that? The solution has hooks into the O/S that no 3rd party
    solution can match.
    For the 1 millon times more, the solutions you talk about are NOT FIREWALLS.
    To strike the fear into people that think that they need some kind of
    complicated solution with snake oil in it, when all is needed is a simple
    packet? Yes I do think that they put too much snake oil in the solutions.
    That's you not me. I look at the log on a FW or personal packet filter to
    view unsolicited inbound packets that have been blocked and outbound packets
    being send out due to a solicitation or no solicitation.
    I can do the same thing with the Vista packet filter, that is , to create
    filtering rules for inbound or outbound packets, based on port, protocol, IP
    or subnet.

    I can do the same thing with IPsec as well.

    That's the only thing that counts is one can set advanced packet filtering
    rules. I don't need the solution to be doing anything else.
    ..
    About this, pfft!
    I say pfft to this too.
    I say pfft too this too.
    No one said they were not competent, as long as the keep the basic rules of
    a paket filter filtering packets.
    I am going to tell you once again that what you're taking about are NOT FW
    solutions. What you're talking about DO NOT fit nor do they fall into the
    category of being FW SOLUTIONS.
    And I know what I doing also, and whatever little features beyond packet
    filtering rules in the solution, I don't need.
    And what they don't need is some solution telling them what they need to do
    forcing them to make decisions.
    What they need to learn is safe hex computing habits. The link is not for
    you, but it is for others that may be reading this post.

    http://www.claymania.com/safe-hex.html
    I disagree because all they are doing is leaning on the security blanket
    like a crutch, when they should be learning what to do. This is what
    separates Linux users from MS users in some cases.
    Once malware hits the machine and is executed, it' over to begin with, and
    no packet filtering solutions are going to stop it in their default state.
    What they need to learn is how to take it out of its default state.

    <snipped>

    What users need to do is understand what an exploit is about, take the
    proper tools and go look at what's happening, and not lean on the solutions
    you talk about like a crutch, which I don't even do with what's' running on
    Vista such its packet filter or IPsec. I look around for myself from time to
    time, and I let nothing tell me it's okay dokey.

    The link is not for you, but for others that may be reading this posts.

    <http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

    CurrPort instead Active Port and put a short-cut in the start-up so you can
    look at connections being made at the boot and login. This is one of the
    places that malware can beat your 3rd party solutions, because malware can
    beat the solutions and get to the network connection before your solutions
    are up and running to protect the connection. This is not so with Vista's
    packet filter.
     
    Mr. Arnold, Jul 17, 2008
    #34
  15. jo5030

    Kerry Brown Guest

    A root kit that loads before the OS could bypass the Vista packet filter as
    well. It would be harder but it could be done.
     
    Kerry Brown, Jul 17, 2008
    #35
  16. While we're on the subject of these so-called firewalls, I'm reminded of
    the old saw about increasing security by adding software.

    We have already seen what can happen when security software tries
    to do too much - AV's have actually reduced security in the form of
    supporting worms. They grab incoming email and extract attachment
    data - decompress the zipfile it represents - only to find it has been
    crafted to exploit the decompression routine by overflowing a buffer.
    So, maybe nobody wrote a worm for any of these exploits, but that
    is not the point.

    What happens when so-called firewalls (actually just applications)
    Start looking for everything that could possibly be part of a data
    leak attack. My bet is that they will prove to be more trouble than
    they are worth. The more software you have, the greater your risk
    of software flaws being exploited. Even more so if said software is
    running. Even more so if it faces the web.
     
    FromTheRafters, Jul 18, 2008
    #36
  17. jo5030

    Kerry Brown Guest

    Kerry Brown, Jul 18, 2008
    #37
  18. jo5030

    Root Kit Guest

    You make it sound like such issues are rare. They aren't ;-)
     
    Root Kit, Jul 18, 2008
    #38
  19. jo5030

    Kerry Brown Guest

    Sadly, you are correct.
     
    Kerry Brown, Jul 18, 2008
    #39
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.