Microsoft Windows Vista includes a two-way firewall. TO THE TOP

Discussion in 'Windows Vista Security' started by I.C. Greenfields, Feb 14, 2009.

  1. I.C. Greenfields

    +Bob+ Guest


    Oh, but you don't have to worry about that anymore, because MS's
    magical Vista firewall will figure out that programs are hiding as
    svchost and stop them! (Right after the Easter Bunny drops in on a
    flying pig and brings you your chocolate eggs).
     
    +Bob+, Feb 18, 2009
    #21
    1. Advertisements

  2. I.C. Greenfields

    +Bob+ Guest

    Actually, it's the fact that MS lets all of it's programs, as well as
    most others, phone home whenever they want to that bugs most people.
    No one objects to actual security (but then again, running MS Windows,
    few people have illusions about that).
     
    +Bob+, Feb 18, 2009
    #22
    1. Advertisements

  3. When there is no "grey area" ones and zeroes describe things
    accurately.
     
    FromTheRafters, Feb 18, 2009
    #23
  4. Thanks for the link, although I'm not sure why you posted it
    here. This poster seemed to imply that there is middle
    ground to cover for programs that you trust to play your
    video files, yet don't trust to access the internet for
    instance. My point is that there is no middle ground - if
    you don't trust it to access the internet, don't have it on
    your system (who knows what other horrible things it could
    be doing that you aren't aware of). There is no problem
    having an API that allows a program you have given
    permission to execute the ability to configure your
    firewall. You indicated your trust when you installed or
    executed the program.

    In the case of foistware/malware, there is no reason to
    assume outbound filtering would catch it in egression.
    Houdini demonstrated that a safe isn't designed to keep a
    person locked *in*. When he repeatedly managed to escape
    from them, it didn't cause the manufacturers to redesign
    their safes to be escape proof. You just have to work within
    the safe's specifications.
     
    FromTheRafters, Feb 19, 2009
    #24
  5. I.C. Greenfields

    +Bob+ Guest

    Nonsense. I run programs that have no need to access the Internet - at
    least not unless I want them too. They aren't intrinsically evil
    programs, but they also don't need to do internet access unless there
    is a specific need for it.
    Some is very sharp (in an evil sense) and no doubt will sneak through.
    THen again, some isn't and will be easily trapped. This is like having
    a dead bolt on your front door - some thieves are sharp enough to pick
    such a lock and will get in. Most will not and move on to easier prey.
     
    +Bob+, Feb 19, 2009
    #25
  6. I.C. Greenfields

    +Bob+ Guest

    You sure post under a lot of different names. Is that a joke?
     
    +Bob+, Feb 19, 2009
    #26
  7. You didn't answer the question. Therefore, I know that you don't know
    what you are talking about.
     
    Jack the Ripper, Feb 19, 2009
    #27
  8. Nonesense, you either know what is running on the computer or you don't.
    If you trust the program, then you should have no problems in allowing
    that program to access the Internet. If you don't trust the program,
    then you shouldn't have the program on the computer period.

    It's as simple as that, and it doesn't take a rocket scientist to figure
    it out.

    No, some are sharp in a technical sense, and the developer of the
    exploit knew where the holes are at, while some are still learning and
    have to practice on someone before moving to bigger game.
     
    Jack the Ripper, Feb 19, 2009
    #28
  9. I.C. Greenfields

    Sam Hobbs Guest

    Actually it is possible to determine what each instance of svchost is doing.
    WMI can show what is executed by each instance and you can use the Task
    Manager interactively to determine that information (you probably need to
    modify the view to show the columns). The sysinternals site in Microsoft has
    a process monitor that can show the information.

    The ZoneAlarm people are technical enough that they could hook each instance
    of svchost if necessary.
     
    Sam Hobbs, Feb 19, 2009
    #29
  10. I.C. Greenfields

    Sam Hobbs Guest

    Using that logic, most users of SQL Server should not use it. SQL Server can
    communicate over a network, including the network, but Microsoft recommends
    not allowing SQL Server to access the internet unless there is a need for
    it. I think the MBSA suggests closing the SQL Server ports if they are open.

    MySQL is worse, unless they fixed it in the past few years. It does, or at
    least did, require access to the internet in order to communicate among
    processes in a single system. I think it used localhost and therefore
    perhaps it is possible to configure firewalls to only allow localhost but
    that is still more than what you are suggesting to allow, correct?
     
    Sam Hobbs, Feb 19, 2009
    #30
  11. If one doesn't trust the program in this case, then one shouldn't have
    it on the machine. Who has time to be playing Russian roulette, because
    that's what is happening when one starts playing that game?

    Those programs are smart enough to find
    other ways of punching out by piggy-backing off of other legit processes
    running on the machine.
    Malware can have several back doors and other means to punch its way
    out, undetected.

    You know, a malware maker can set-up a honey-pot situation sort of
    speaking, where as, they expose the exploit and let it be seen so that
    it can be caught, giving someone a false sense of accomplishment that
    they caught it.

    In the meantime, they are being back-doored somewhere else, undetected.
     
    Jack the Ripper, Feb 19, 2009
    #31
  12. Look man, those users using ZA (home users most likely) or any other
    personal FW solutions are not savvy enough to find a hidden process,
    because I have talked with them in other NG(s) including ZA users about
    using PE, how to use it and they couldn't find a thing, probably looking
    right at it in their face.
     
    Jack the Ripper, Feb 19, 2009
    #32
  13. If someone is in communications with SQL server from a SQL Server
    management standpoint remotely, then they are behind a network FW doing
    it in a LAN situation or a VPN solution it's over the Internet.

    With SQL server 2005 and now 2008 using CLR for even the express
    editions let alone the server editions of SQL Server, SQL server can be
    in communications with another SQL Server as a client over the
    Internet, which has nothing to do with TCP port 1434 I think it is, by
    means of queue processing.

    http://www.eggheadcafe.com/articles/20040703.asp

    So ports are open on SQL server and a FW, if a remote Internet client
    solution calls for it and one knows how to protect SQL server.
     
    Jack the Ripper, Feb 19, 2009
    #33
  14. I.C. Greenfields

    Root Kit Guest

    I'm convinced that's configurable and therefore doesn't need a PFW to
    "control" it.
    Since when did localhost reside on the Internet?
     
    Root Kit, Feb 19, 2009
    #34
  15. I.C. Greenfields

    +Bob+ Guest

    Seems like you are the one avoiding the question. Why do you post
    under so many different monikers?
     
    +Bob+, Feb 19, 2009
    #35
  16. I.C. Greenfields

    Root Kit Guest

    Exactly. People tend to forget that configuring the firewall requires
    proper privileges. Configuring the windows firewall programmatically
    requires admin or at least network admin rights. If you run/install a
    program as administrator YOU are responsible. That's what an
    administrator account is all about and what most people don't
    understand.
     
    Root Kit, Feb 19, 2009
    #36
  17. I.C. Greenfields

    +Bob+ Guest

    I know what's running.

    Your opinion, not mine. Many people disagree with you.

    Certainly no one will ever mistake you for a scientist as you are
    incapable of objectively analyzing anything.
     
    +Bob+, Feb 19, 2009
    #37
  18. I.C. Greenfields

    Root Kit Guest

    How do you know? Did you code them yourself? Or did you thoroughly
    investigate *exactly* what they are doing online? - Or are you just
    *assuming* that it must be bad?
    If a program does something against your will or policy and this is
    not programmatically configurable it is by definition malicious.
    Are we debating trustworthy security measures or trial-and-error
    approaches?
     
    Root Kit, Feb 19, 2009
    #38
  19. I.C. Greenfields

    Sam Hobbs Guest

    I said nothing about users. I said "ZoneAlarm people", not ZoneAlarm users.
     
    Sam Hobbs, Feb 19, 2009
    #39
  20. I.C. Greenfields

    Sam Hobbs Guest

    The statement made by FromTheRafters did not make an exception for anything
    that can be configured.
    Any software that uses localhost can use and/or be used by thousands of
    other IP addresses, simply by changing the IP address or domain name.
    Localhost is just an IP address (127.0.0.1); it is nothing more than an IP
    address. What I am saying is that use of MySQL requires that MySQL be
    allowed access to the internet, unless that has been changed in the past few
    years. Some firewalls probably provide the ability to limit internet access
    to just the localhost but localhost is the internet. MySQL uses RPC for
    inter-process communication and RPC is an internet protocol. RPC is also
    used by DCOM but only for inter-system communication.

    See: http://en.wikipedia.org/wiki/Localhost
     
    Sam Hobbs, Feb 19, 2009
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.