Windows Firewall and 3rd Party Firewall

Discussion in 'Windows Vista Security' started by JamesJ, Apr 21, 2009.

  1. FromTheRafters, Apr 22, 2009
    #41
    1. Advertisements

  2. No, what about programs that the system executes for you without your
    being asked beforehand?
     
    FromTheRafters, Apr 22, 2009
    #42
    1. Advertisements

  3. Why would you use a third party firewall compared to the built-in?
    filtering outgoing connections is pointless, because it's already gameover
    when malware is in ur system when running as local admin, and you can
    filter just fine with the built-in also.

    Incoming connections to a port that has no service running will be denied by
    default OS design.

    I can't see the idea in using a third party firewall compared to the
    built-in, maybe if you wanted another GUI?
     
    Mads Petersen, Apr 22, 2009
    #43
  4. JamesJ

    Jesper Ravn Guest

    Dong - Round 13

    Let us try to break it down a little bit.

    Computer with the 6 point are already implemented (10-15 min setup). So far
    so good.

    I have 2 account
    standard = day-to-day operations (web, mail, music, movie, work etc.)
    Admin = only used when installing new applications from a trusted source.
    Ex. on trusted source = adobe, winzip, Java, MS, winamp etc

    When I use my standard account, there is no way to be infected (LUA + SRP).
    LUA prevents malware to write in system area
    SRP prevents malware to execute in my userprofile
    Catch-22 situation

    Now I do agree with you, that there is a little chance to get infected when
    I use my admin account to install new software.
    But is it really a threat?. You only have to follow one rule. Always
    download software from trusted sources and think.
    You would have the same issue if you want to find a good plummer or
    restaurant. What do you do?.
    You do some research (google), ask your friends or famile, ask your
    co-workers, ask in forums etc.
    Even a complete newbie, should be able to handle that.
    To me its really that simple. There is no reason to complicate that fact and
    spread fear to the users and newbies.
    Combin the above with a little education, we will win the war on malware in
    a very short time.

    /Jesper
     
    Jesper Ravn, Apr 22, 2009
    #44
  5. From:

    http://technet.microsoft.com/en-us/library/cc507878.aspx

    "Virus Scanning Programs

    Most anti-virus software has a real-time scanner program that starts
    when the user logs in and scans all files accessed by the user, looking
    for possible virus contamination. Make sure your rules allow your virus
    scanning programs to run."

    Why would they mention that if it were no longer needed?
    Maybe not now, as malware writers have plenty of low hanging fruit to
    harvest. Things could change though.
    ....and then you wake up...
     
    FromTheRafters, Apr 22, 2009
    #45
  6. JamesJ

    Root Kit Guest

    Try keeping things in their proper perspective.
    As humans we can imagine all kinds of stuff. But try to keep some
    realism to the discussion.
    and try staying a little serious.
     
    Root Kit, Apr 23, 2009
    #46
  7. I am serious. AV is still needed even after a strict adherence to what
    Jesper has outlined. You could still have your files infected through
    worm intrusion or by viral infiltration into the trusted source
    scenario.

    Another tidbit from the same document:

    "Scope of Software Restriction Policies

    Software restriction policies do not apply to the following:

    [] Drivers or other kernel-mode software.

    [] Any program run by the SYSTEM account.

    [] Macros in Microsoft Office 2000 or Office XP documents.

    [] Programs written for the common language run time. (These programs
    use the Code Access Security Policy.)"

    Malware is the way it is, because the environment is the way it is.
    Reduce the quantity of the low hanging fruit, and malware will become
    more sophisticated. AV will still be necessary.
     
    FromTheRafters, Apr 24, 2009
    #47
  8. JamesJ

    Jesper Ravn Guest

    If you follow the 6 headlines I listed previous, none of the above will be a
    problem.
    I you install drivers/application with a admin account from cracksite.com,
    nothing can help you.
    Let me try to sum up, how the situation is today regarding "fight malware".
    Please have a look at the links below and cry or laugh together with me.

    quote:
    After I installed spybot, mbma, Hijackthis, also run F-secure, Panda,
    Kaspersky online scan (Kaspersky only scan for 51% after running for 7hrs,
    so I stopped it and did not finish that scan), my pc is SUPER slow, take
    ages to load, worrying might be conflict with my current firewall system
    (I read FAQ saying I should only have 1 anti-virus, 1- antispy, 1-
    anti-malware, 1-firewall, my firewall also includes anti-virus and anti-spy
    function),
    I uninstalled spybot, mbma, Hijackthis yesterday while waiting for your
    reply.
    My pc remains super slow when I try to access the internet even after the
    above uninstallation .
    As you pointed out in your reply, I should not skip any steps. That is why I
    want to ask you first before go ahead.
    Do I just need to reinstall Hijackthis, (without reinstall spybot and mbma),
    then follow your RSIT instruction?
    Or I need to reinstall spybot, mbma, Hijackthis, then continue with your
    RSIT steps?
    http://www.spywareinfoforum.com/index.php?showtopic=122965&st=0

    quote:
    I'm in a great deal of a mess. I was downloading different antiviruses
    (Kaspersky and a newer ESET) and then I blue screened out of nowhere while
    running Kaspersky.
    Now everytime I restart I blue screen. I don't know what to do. Can someone
    help?
    Also, I don't have tanything to backup onto and my laptop didn't come with
    the OS discs.
    http://www.spywareinfoforum.com/index.php?showtopic=123581

    quote:
    NIS09 DID NOT Detect 8 Threats & 23 Infected Objects..and 16 suspicious
    Objects??
    http://community.norton.com/norton/...thread.id=48439&view=by_date_ascending&page=1

    The same problems goes on and on in all the security forums today.
    The conclusion must be like this "If malware wont take down your computer,
    you can be absolutely sure that your Anti 2009 application will do the job".
    So, no we don't need more security applications, we need a secure standard
    setup and 5 min. education.

    /Jesper
     
    Jesper Ravn, Apr 26, 2009
    #48
  9. [...]

    I laughed, I cried...
    I agree, a person shouldn't need all that. Most of it can be done
    completely without by just doing as you suggest. Chances are good that a
    person will never encounter a virus on their machine in that scenario.
    Chances are good that someone will be infected despite the measures to
    avoid it - if you don't want to be that person, use antivirus in
    addition to those methods.
     
    FromTheRafters, Apr 27, 2009
    #49
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.