Microsoft Windows Vista includes a two-way firewall. TO THE TOP

Discussion in 'Windows Vista Security' started by I.C. Greenfields, Feb 14, 2009.

  1. Nice argument - they don't need to unless they need to.
    Yes, which is why I feel PFW's outbound filters are very
    nearly useless. The malware is running on the same machine
    the filtering is. A dedicated external device would be a
    different matter. While filtering on an external device
    makes sense, it doesn't follow that the same software
    running on the machine it hopes to protect makes any sense.
    Inbound filtering can help keep things out (to some extent),
    but once you have untrustworthy programs running on the
    local machine - it's "game over".
    Some, yes. So having additional software running all the
    time so that *some* of the less adept malwares that want
    access to the internet can be caught in the act is something
    you value, then by all means filter away. I think it is
    better to choose what programs are allowed to run.
    Actually it is more like having a "loop and hook" on the
    door with a sign saying "Protected by Titanium locking
    mechanism".
     
    FromTheRafters, Feb 19, 2009
    #41
    1. Advertisements

  2. Absolutely, if they don't trust it they shouldn't use it.
    A user's need, not a program's need. If the program needed
    it, do you think they would have it user configurable?
    Localhost? Internet? Not even a LAN. So, your firewall heard
    your computer talking to itself?

    Basically my point is that users shouldn't feel the need to
    run untrustworthy programs and then attempt to mitigate the
    consequences.
     
    FromTheRafters, Feb 19, 2009
    #42
    1. Advertisements

  3. I consider configurable items to be items you *are* (or at
    least should be) aware of. For instance, an earlier version
    of media player would fire up IE to access a website whos
    URL was contained in the media file. When they made this
    configurable, they regained my trust somewhat. Why should I
    make an exception for anything that can be configured when
    that very configuration is what that trust hinges upon?

    I really didn't expect that uttering a security platitude
    would be so much like poking a stick into a beehive. I
    thought the API thing would cause readers to gasp and
    exclaim "Doesn't that defeat the whole purpose of an
    outbound firewall!?". The idea is to not compromise the
    machine. Once you have compromised the machine then how much
    can you trust what other applications on that same machine
    are telling you?

    I'm not invested in this in any way, so if a user wants to
    stop consent.exe from accessing the internet because he or
    she doesn't think it should need to - then they can if it
    makes them happy. If you want to execute programs that you
    trust a little bit - go right ahead. Cripple it to your
    heart's content with additional applications if that is what
    you like to do. Just don't disable a better firewall just
    because it doesn't do some nearly useless function that you
    think you need.
     
    FromTheRafters, Feb 19, 2009
    #43
  4. Yes. Say someone sends you a supposedly "freeware" program.
    Once you click past that pesky EULA thingy and install the
    program you find it "phones home" - (your trusty firewall
    catches it) so its just gotta be spying on you. You set a
    rule to stop this behavior. Turns out that it was legitimate
    "adware" or more correctly "advertising supported software".
    You have defeated the advertisements (which you agreed to in
    the EULA) and have also defeated the ability to be notified
    of critical security vulnerabilities in the software.

    ....or was it really spyware?

    No mention in the EULA of any umbilical cord to the mother
    ship (as if anybody actually *reads* them). You install the
    program and it sends banking information
    to a criminal organization - without the firewall alerting
    to anything untoward.

    Bottom line, you had no reason to trust the program in
    either case. Your filters didn't save you, in fact in the
    first case your filters retrograded security.
    With a six shooter loaded with five bullets. :eek:)
    Ah, so that was the point of the URL
    http://www.securityfocus.com/infocus/1839/1 .
    A person trying to get into a safe is *living* outside the
    box. Malware running on a machine is *living* inside, and
    the box wasn't designed to keep escape artists from getting
    out. Having other security software inside the box is not as
    effective as having security outside the box (a real
    firewall) - even Houdini couldn't escape from within a
    locked safe if the safe had locked chains wrapped around the
    *outside*.
    Yes, or this could be just the side effect of having a
    blended threat. Three ingress methods, one of which gets
    caught out by a PFW.
    Yes, in which case the PFW user has had his *paranoia*
    misplaced. He should be more wary of what he allows to
    execute rather than to try to control or detect what actions
    the malware is taking.
     
    FromTheRafters, Feb 19, 2009
    #44
  5. I was looking for an analogy, the best I could come up with
    is those instances where someone doesn't want their admins
    to have access to a command prompt. If you can't trust your
    admins with a command prompt - they shouldn't be admins in
    the first place. If you can't trust a program, you shouldn't
    execute it.
     
    FromTheRafters, Feb 19, 2009
    #45
  6. Maybe Jack meant to post this to you rather than to me.

    http://www.securityfocus.com/infocus/1839/1
    Why are you running unauthorized software?
    What they call "attack surface" - NT has more attack surface
    with more security, W9x has lesser attack surface with
    almost no security.

    [...]
     
    FromTheRafters, Feb 19, 2009
    #46
  7. I.C. Greenfields

    mayayana Guest

    Actually it is possible to determine what each instance of svchost is
    doing.
    That would be nice, but they haven't done it
    that I know of. Maybe there are better options
    than ZA out there, though. I haven't looked into
    what's available for XP and/or Vista.
     
    mayayana, Feb 19, 2009
    #47
  8. I.C. Greenfields

    +Bob+ Guest

    Let's try to stay in reality here, OK? Obviously I didn't code them,
    so toss that strawman.

    Back to a reasonable question and answer. Ex. There is no need for
    Adobe PDF to constantly check for updates. In fact, there is no need
    for it to check for updates - ever. Ex #2. There is no need for Media
    Player to access the Internet and check for whatever it's checking for
    every time I run it.
    If you say so. I'd say it's just a case of the company/programmers
    deciding that they know what's best for me. I'd prefer to make that
    decision whenever possible.
    We discussing reality. The reality is that I can stop some malicious
    programs from going outbound. Not all, some. In addition, and
    importantly to me, I can stop other programs which have no need for
    constant internet access from going outbound. While that is not
    perfect control in either situation, it's the level of control I can
    exert in the real world and still get work done.
     
    +Bob+, Feb 19, 2009
    #48
  9. I.C. Greenfields

    +Bob+ Guest

    The point is that I decide if they need to access at that particular
    moment, based on what I've done in the program and whether the access
    is related.

    An example would be MS Media Player. It needs to access the Internet
    for playing purposes. So, I let it. It does not need to call home
    after every session (but it tries to). So, I disallow it.

    MY choice. You can make YOUR own. Great world, isn't it?
     
    +Bob+, Feb 19, 2009
    #49
  10. I.C. Greenfields

    +Bob+ Guest


    And all totally hypothetical.
     
    +Bob+, Feb 19, 2009
    #50
  11. I.C. Greenfields

    +Bob+ Guest


    There are programs I trust to run on my machine that are fine locally.
    They do not require Internet Access to do their job. Therefore, they
    don't get it.

    You have apparently never done any physical security/site work. Your
    administrator analogy is akin to saying "if I give my secretary a key
    to go into my office and put papers in the in-basket, I should also
    give her a key to all my file cabinets" or how about "if I give the
    security guard a key to check the bank vault for intruders, I should
    also give him the combination to the safe"
     
    +Bob+, Feb 19, 2009
    #51
  12. I.C. Greenfields

    +Bob+ Guest

    'nuther strawman.
     
    +Bob+, Feb 19, 2009
    #52
  13. I.C. Greenfields

    +Bob+ Guest


    When the verbal going gets tough, people with lower IQ's and
    difficulties articulating (or even formulating) an arguable position
    tend to fall back to personal insults.
     
    +Bob+, Feb 19, 2009
    #53
  14. Not at all. Both of your "akin's" reflect the "limited user"
    account not the administrator.
    Let me guess - you are running as admin right now?
     
    FromTheRafters, Feb 19, 2009
    #54
  15. I.C. Greenfields

    +Bob+ Guest


    You just failed to address the real issue bring discussed.
     
    +Bob+, Feb 19, 2009
    #55
  16. I.C. Greenfields

    +Bob+ Guest

    In other words, posting to newsgroups is mental masturbation for you.
    Very clear, thanks.
     
    +Bob+, Feb 19, 2009
    #56
  17. [...]
    http://www.errorsite.com/815-boot-time-filtering-in-windows-7/

    This is one reason it is such a shame people drop the
    built-in and run a 3rd party firewall *because* they
    overvalue outbound filtering. This IMO is a case of "making
    the people think you are giving them what they think they
    want" with offering what appears to be outbound protection
    in Windows Firewall with Advanced Security.
    Clearly this is true for hardware firewall devices. As for
    software running on the machine you hope to protect, the
    incoming must come in to be filtered. Very nearly as good as
    the hardware version, since incoming gets stopped before
    anything can "execute" - unless the filtering software is
    flawed in a very bad way. Now with outbound, the assumption
    is that the program is being executed and generating (or
    attempting to generate) outbound traffic. The hardware
    firewall can still be trusted to filter as normal - but what
    of the filters on the local (compromised?) machine?

    I'm not saying filtering outbound is useless, only very
    nearly so.
    Exactly! Why is it that so many people judge a firewall's
    worthiness by such a feature?

    It's like tailfeathers on a peacock - artificial selection.

    [...]
     
    FromTheRafters, Feb 19, 2009
    #57
  18. Hey Root, Jack, Sam, Rafters, and Bob --

    Would y'all mind taking microsoft.public.vb.vista.compatibility out of the
    discussion?

    This thread seems to have *nothing* at all to do with Visual Basic.

    Thanks... Karl
     
    Karl E. Peterson, Feb 19, 2009
    #58
  19. I prefer to think I just hit the nail squarely...


    ....guess we'll never know...
     
    FromTheRafters, Feb 19, 2009
    #59
  20. I.C. Greenfields

    Sam Hobbs Guest


    I know you are an intelligent person, therefore you are using your
    intelligence to be ignorant. Obviously you don't want to understand.
     
    Sam Hobbs, Feb 19, 2009
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.