Hi,

Is it possible to setup Windows Firewall to block suspicious outbound
traffic?

I want to use it as last line of defense against Trojans which have got
around my av scanner and are trying to dial out.

Thanks

Karl

The built-in firewall in Windows XP cannot block
outgoing traffic. Perhaps you should consider purchasing
a good internet security suite.

Internet Firewalls: Frequently asked questions
http://www.microsoft.com/athome/secu.../firewall.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------Â*----------------

"Karl" wrote:

| Hi,
|
| Is it possible to setup Windows Firewall to block suspicious outbound
| traffic?
|
| I want to use it as last line of defense against Trojans which have got
| around my av scanner and are trying to dial out.
|
| Thanks
|
| Karl

That's a shame, but thanks for the tip.

I've just been reading Paul Thurrot's site and he says:

"Windows Firewall doesn't prevent outbound, application-initiated
communications"

Can you tell me what he means by "application initiated" - he means an
application on the PC right, not one from outside making a call on a program
residing on the firewalled PC?

Are there non-application-initiated outbound communications that ICF doesn't
block?

Many Thanks

Karl

"Carey Frisch [MVP]" wrote:

> The built-in firewall in Windows XP cannot block
> outgoing traffic. Perhaps you should consider purchasing
> a good internet security suite.
>
> Internet Firewalls: Frequently asked questions
> http://www.microsoft.com/athome/secu.../firewall.mspx
>
> --
> Carey Frisch
> Microsoft MVP
> Windows - Shell/User
> Microsoft Community Newsgroups
> news://msnews.microsoft.com/
>
> ---------------------------------------------------------------------------Â*----------------
>
> "Karl" wrote:
>
> | Hi,
> |
> | Is it possible to setup Windows Firewall to block suspicious outbound
> | traffic?
> |
> | I want to use it as last line of defense against Trojans which have got
> | around my av scanner and are trying to dial out.
> |
> | Thanks
> |
> | Karl
>
>

Karl

You need to read the part called Trojan Horse..

http://www.stanford.edu/~plomio/history.html

Did you see the way that the Trojan Horse brought bad tidings passed the
defences?.. this is where the computer term derives..

--
Mike Hall
MVP - Windows Shell/User


"Karl" <(E-Mail Removed)> wrote in message
news:BDB56D23-D39C-460C-B02E-(E-Mail Removed)...
> That's a shame, but thanks for the tip.
>
> I've just been reading Paul Thurrot's site and he says:
>
> "Windows Firewall doesn't prevent outbound, application-initiated
> communications"
>
> Can you tell me what he means by "application initiated" - he means an
> application on the PC right, not one from outside making a call on a
> program
> residing on the firewalled PC?
>
> Are there non-application-initiated outbound communications that ICF
> doesn't
> block?
>
> Many Thanks
>
> Karl
>
> "Carey Frisch [MVP]" wrote:
>
>> The built-in firewall in Windows XP cannot block
>> outgoing traffic. Perhaps you should consider purchasing
>> a good internet security suite.
>>
>> Internet Firewalls: Frequently asked questions
>> http://www.microsoft.com/athome/secu.../firewall.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows - Shell/User
>> Microsoft Community Newsgroups
>> news://msnews.microsoft.com/
>>
>> ---------------------------------------------------------------------------*----------------
>>
>> "Karl" wrote:
>>
>> | Hi,
>> |
>> | Is it possible to setup Windows Firewall to block suspicious outbound
>> | traffic?
>> |
>> | I want to use it as last line of defense against Trojans which have got
>> | around my av scanner and are trying to dial out.
>> |
>> | Thanks
>> |
>> | Karl
>>
>>

You should also read the section called Leak Test at www.grc.com

You will be amazed how it is for Trojan horses to even slip through many
software firewalls, like wolves in sheep's clothing, masquerading as
legitimate programs, such as Internet Explorer, Outlook, or explore.exe



Karl wrote:
> That's a shame, but thanks for the tip.
>
> I've just been reading Paul Thurrot's site and he says:
>
> "Windows Firewall doesn't prevent outbound, application-initiated
> communications"
>
> Can you tell me what he means by "application initiated" - he means an
> application on the PC right, not one from outside making a call on a program
> residing on the firewalled PC?
>
> Are there non-application-initiated outbound communications that ICF doesn't
> block?
>
> Many Thanks
>
> Karl
>
> "Carey Frisch [MVP]" wrote:
>
>> The built-in firewall in Windows XP cannot block
>> outgoing traffic. Perhaps you should consider purchasing
>> a good internet security suite.
>>
>> Internet Firewalls: Frequently asked questions
>> http://www.microsoft.com/athome/secu.../firewall.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows - Shell/User
>> Microsoft Community Newsgroups
>> news://msnews.microsoft.com/
>>
>> ---------------------------------------------------------------------------Â*----------------
>>
>> "Karl" wrote:
>>
>> | Hi,
>> |
>> | Is it possible to setup Windows Firewall to block suspicious outbound
>> | traffic?
>> |
>> | I want to use it as last line of defense against Trojans which have got
>> | around my av scanner and are trying to dial out.
>> |
>> | Thanks
>> |
>> | Karl
>>
>>

You are wise to be concerned about malicious outbound communication, a
direction that most uninformed PC users never think about.

Here are 3 tools I have found very helpful regarding malicious outbound
communication:

http://www.mvps.org/winhelp2002/hosts.htm
is great, free, and uses no resources (CPU, memory, etc.)

Most anti-virus programs do a poor job of catching Trojans because they
do not specialize in Trojans. It's just a side job for many AV
programs, like the carpenter who performs pet surgery on the side.
Trojan Hunter and Ewido specialize in catching and removing Trojans.

You can set ZoneAlarm to either block selected programs from attempting
outbound communication, or pause them to ask you a question like,
"Do you want @#$%&.exe to access the internet ?" where @#$%&.exe
represents a program you either know about already, or don't know about
yet. It's easy when you get the hang of it. Just be sure to speak up
and ask again, if you start using ZoneAlarm, and have a question like
"What about Generic Host Processor for Win32 ?"




Karl wrote:
> That's a shame, but thanks for the tip.
>
> I've just been reading Paul Thurrot's site and he says:
>
> "Windows Firewall doesn't prevent outbound, application-initiated
> communications"
>
> Can you tell me what he means by "application initiated" - he means an
> application on the PC right, not one from outside making a call on a program
> residing on the firewalled PC?
>
> Are there non-application-initiated outbound communications that ICF doesn't
> block?
>
> Many Thanks
>
> Karl
>
> "Carey Frisch [MVP]" wrote:
>
>> The built-in firewall in Windows XP cannot block
>> outgoing traffic. Perhaps you should consider purchasing
>> a good internet security suite.
>>
>> Internet Firewalls: Frequently asked questions
>> http://www.microsoft.com/athome/secu.../firewall.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows - Shell/User
>> Microsoft Community Newsgroups
>> news://msnews.microsoft.com/
>>
>> ---------------------------------------------------------------------------Â*----------------
>>
>> "Karl" wrote:
>>
>> | Hi,
>> |
>> | Is it possible to setup Windows Firewall to block suspicious outbound
>> | traffic?
>> |
>> | I want to use it as last line of defense against Trojans which have got
>> | around my av scanner and are trying to dial out.
>> |
>> | Thanks
>> |
>> | Karl
>>
>>

Thank you very much all three of you! I will get stuck in to those articles
over the weekend. Very much appreciated.

"Karl" wrote:

> Hi,
>
> Is it possible to setup Windows Firewall to block suspicious outbound
> traffic?
>
> I want to use it as last line of defense against Trojans which have got
> around my av scanner and are trying to dial out.
>
> Thanks
>
> Karl
>

JW

They slip past Firefox too..

--
Mike Hall
MVP - Windows Shell/User


"JW" <(E-Mail Removed)> wrote in message
news:y09Qf.5972$(E-Mail Removed)...
> You should also read the section called Leak Test at www.grc.com
>
> You will be amazed how it is for Trojan horses to even slip through many
> software firewalls, like wolves in sheep's clothing, masquerading as
> legitimate programs, such as Internet Explorer, Outlook, or explore.exe
>
>
>
> Karl wrote:
>> That's a shame, but thanks for the tip. I've just been reading Paul
>> Thurrot's site and he says:
>>
>> "Windows Firewall doesn't prevent outbound, application-initiated
>> communications"
>>
>> Can you tell me what he means by "application initiated" - he means an
>> application on the PC right, not one from outside making a call on a
>> program residing on the firewalled PC?
>>
>> Are there non-application-initiated outbound communications that ICF
>> doesn't block?
>>
>> Many Thanks
>>
>> Karl
>>
>> "Carey Frisch [MVP]" wrote:
>>
>>> The built-in firewall in Windows XP cannot block
>>> outgoing traffic. Perhaps you should consider purchasing
>>> a good internet security suite.
>>>
>>> Internet Firewalls: Frequently asked questions
>>> http://www.microsoft.com/athome/secu.../firewall.mspx
>>>
>>> --
>>> Carey Frisch
>>> Microsoft MVP
>>> Windows - Shell/User
>>> Microsoft Community Newsgroups
>>> news://msnews.microsoft.com/
>>>
>>> ---------------------------------------------------------------------------*----------------
>>>
>>> "Karl" wrote:
>>>
>>> | Hi,
>>> |
>>> | Is it possible to setup Windows Firewall to block suspicious outbound
>>> | traffic?
>>> |
>>> | I want to use it as last line of defense against Trojans which have
>>> got
>>> | around my av scanner and are trying to dial out.
>>> |
>>> | Thanks
>>> |
>>> | Karl
>>>
>>>

You're right.

Since Firefox is neither an anti-spyware program nor a software firewall
(I believe the point of the thread was blocking outbound communication),
then the obvious logical conclusion would be that Trojans and spyware
would slip through Firefox without Firefox detecting them as infections.



Mike Hall (MS-MVP) wrote:
> JW
>
> They slip past Firefox too..
>

You can create ipsec filters to manage outbound traffic but they do not care
about the application and will either allow or block all traffic as per
ipsec filter. Though ipsec filters can be effective it is much easier to use
a firewall like Zone Alarm instead or a firewall device that can have a
block all default rule for outbound connections and then you define the
allowed exceptions which is what I do with my Netscreen 5XP which are
available on Ebay used for well under $100. The link below explains the
basics on creating an ipsec filter using block and allow filter
ions. --- Steve

http://www.securityfocus.com/infocus/1559 --- applies to Windows XP also

"Karl" <(E-Mail Removed)> wrote in message
news:BDB56D23-D39C-460C-B02E-(E-Mail Removed)...
> That's a shame, but thanks for the tip.
>
> I've just been reading Paul Thurrot's site and he says:
>
> "Windows Firewall doesn't prevent outbound, application-initiated
> communications"
>
> Can you tell me what he means by "application initiated" - he means an
> application on the PC right, not one from outside making a call on a
> program
> residing on the firewalled PC?
>
> Are there non-application-initiated outbound communications that ICF
> doesn't
> block?
>
> Many Thanks
>
> Karl
>
> "Carey Frisch [MVP]" wrote:
>
>> The built-in firewall in Windows XP cannot block
>> outgoing traffic. Perhaps you should consider purchasing
>> a good internet security suite.
>>
>> Internet Firewalls: Frequently asked questions
>> http://www.microsoft.com/athome/secu.../firewall.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows - Shell/User
>> Microsoft Community Newsgroups
>> news://msnews.microsoft.com/
>>
>> ---------------------------------------------------------------------------*----------------
>>
>> "Karl" wrote:
>>
>> | Hi,
>> |
>> | Is it possible to setup Windows Firewall to block suspicious outbound
>> | traffic?
>> |
>> | I want to use it as last line of defense against Trojans which have got
>> | around my av scanner and are trying to dial out.
>> |
>> | Thanks
>> |
>> | Karl
>>
>>