Agnitum Outpost blocking everything

[Jim Scott]

I used to use Outpost(Free) on W98se, but when I install it on XPpro SP2 it
just blocks everything even if I tell it to trust email/news/browser etc.
Does it not work with XP?

 

[Tom J]

I used to use Outpost(Free) on W98se, but when I install it on XPpro
SP2 it
just blocks everything even if I tell it to trust email/news/browser
etc.
Does it not work with XP?

What's wrong with the built in XP firewall? I have had no breach with
it.

Tom J

 

[Beauregard T. Shagnasty]

What's wrong with the built in XP firewall? I have had no breach
with it.

Has Microsoft updated it so it is a two-way firewall?

AFAIK, it only looks at Inbound traffic. If something on your computer
wants to _send_ without your knowledge, how will you know?

 

[John Coutts]

What's wrong with the built in XP firewall? I have had no breach with
it.

Tom J

**************** RERLY SEPARATER ***************
What's wrong with it? I have a list of customers as long as your arm who have
had nothing but problems with this piece of crap that is activated
automatically with SP2. All of our customers are protected with a NAT router
(which is far more reliable than any software) and do not need this firewall.
The biggest problem with the MS firewall is that in true Microsoft fashion,
they chose to simply hide what the firewall was doing (the inexperienced user
wouldn't understand what it meant anyway). It became such a chronic problem
that I have since issued instructions to all our customers on how to disable
the firewall service and the accompanying nag service.

J.A. Coutts

 

[Tom J]

Has Microsoft updated it so it is a two-way firewall?
NO.


AFAIK, it only looks at Inbound traffic. If something on your
computer wants to _send_ without your knowledge, how will you know?

Between Avast, Ad-Aware SE & Spybot-Search & destroy, I don't worry to
much about sending. I also work with a close watch on the modem's
blinking lights.

Tom J

 

[Tom J]

**************** RERLY SEPARATER ***************
What's wrong with it? I have a list of customers as long as your arm
who have
had nothing but problems with this piece of crap that is activated
automatically with SP2. All of our customers are protected with a
NAT router
(which is far more reliable than any software)

I also have a router with firewall, but have no problem with the MS XP
built in firewall. To each his own.

Tom J

 

[Beauregard T. Shagnasty]

Between Avast, Ad-Aware SE & Spybot-Search & destroy, I don't worry
to much about sending.

...until you catch some malware that your anti-virus program isn't
looking for (a trojan?), or something that gets implanted between your
runs of Ad-Aware and SS&D, both of which are on-demand scanners, not
resident programs.

I also work with a close watch on the modem's blinking lights.

My lights are blinking all the time. How would you know? While you go
to fill your coffee cup, your computer could send 5,000 spams. <g>

I see in your other post that you have a router. This too, will allow
anything to pass that your computer sends.

 

[Art]

..until you catch some malware that your anti-virus program isn't
looking for (a trojan?), or something that gets implanted between your
runs of Ad-Aware and SS&D, both of which are on-demand scanners, not
resident programs.

Malware can easily defeat sw firewalls. The idea is to not take hits
in the first place. And there are a number of utils and methods of
checking internet activity besides a sw firewall.

A sw firewall isn't particulaly demanding of RAM and other system
resources nowdays, so if it gives users the warm fuzzies to use one,
by all means use one. But it's unnecesary ... just as realtime av is
unnecessary.

Art

http://home.epix.net/~artnpeg

 

[Martinez]

Between Avast, Ad-Aware SE & Spybot-Search & destroy, I don't worry to
much about sending. I also work with a close watch on the modem's blinking
lights.

Your dead wrong. I have all that on my PC and more, and caught a Trojan
somewhere.

 

[Beauregard T. Shagnasty]

Malware can easily defeat sw firewalls.

Regarding that, do you know if said malwares generally target only the
prominent firewalls (Norton, McAfee, ZoneAlarm..) or do they look for
all the others (Kerio, Sygate, etc), too?

The idea is to not take hits in the first place. And there are a
number of utils and methods of checking internet activity besides a
sw firewall.

A sw firewall isn't particulaly demanding of RAM and other system
resources nowdays, so if it gives users the warm fuzzies to use
one, by all means use one. But it's unnecesary ... just as realtime
av is unnecessary.

Probably still better than nothing, as certainly all malware won't be
disabling them.

 

[Art]

Regarding that, do you know if said malwares generally target only the
prominent firewalls (Norton, McAfee, ZoneAlarm..) or do they look for
all the others (Kerio, Sygate, etc), too?

I wasn't speaking of any particular malware. I was pointing out the
faulty logic of trusting sw firewalls to alert to Trojans.

Probably still better than nothing, as certainly all malware won't be
disabling them.

If it gives you the warm fuzzies It doesn't do anything for me. I
have Sygate installed and rarely use it.

The point is that if your realtime av or your sw fireall go "ding",
you're doing something wrong. So fix _that_ problem rather than
screwing around.

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

I wasn't speaking of any particular malware. I was pointing out the
faulty logic of trusting sw firewalls to alert to Trojans.

Well, I thought you could provide some kind of example. Y'know, cite
and defend your statement?

If it gives you the warm fuzzies It doesn't do anything for me.
I have Sygate installed and rarely use it.

The point is that if your realtime av or your sw fireall go "ding",
you're doing something wrong. So fix _that_ problem rather than
screwing around.

You can use them for other pertinent reasons too, such as alerting you
each time Internet Exploder starts up. I never use the thing, but some
years ago I was testing a piece of trialware and had forgotten about
it. A few days after the 30-day period, I started the app, and it
immediately opened IE, and went to a web page with my OE default email
address attached to the URL. Since that day, IE is on "the list."

Now, I don't use OE either, so the default address was a mung. But
newbies don't know to do that.

The firewalls do have their uses.

 

[Art]

Well, I thought you could provide some kind of example. Y'know, cite
and defend your statement?

Since when does logic need to be defended? And don't rely on security
by obscurity. Kerio, Sygate and Outpost are just as likely to be
disabled by malware as ZA and the others you mentioned.

I don't need the warm fuzzies, either. <g> I'm suggesting it for
those with small amount of clue.

Just don't place too much confidence in having just one method of
finding malware/spyware infestations.

The latest av offering from KAV, for example, offers multiple methods
of detection, including a intrusion detection module for the clueless.
Their version 6 KIS (Kaspersky Internet Security) requires the fastest
PC available so as to not choke it to death.

Since that's the direction things are going, it's more important than
ever to address prevention and safe hex alternatives.

Those who don't have a clue and refuse to learn prevention are
hopeless. They don't even know enough to stay off the internet
when hit by a worm or RAT. Telling them to use a sw firewall to
alert them to the inevitable infestation is actually just a lot of
arm waving

You can use them for other pertinent reasons too, such as alerting you
each time Internet Exploder starts up. I never use the thing, but some
years ago I was testing a piece of trialware and had forgotten about
it. A few days after the 30-day period, I started the app, and it
immediately opened IE, and went to a web page with my OE default email
address attached to the URL. Since that day, IE is on "the list."

Now, I don't use OE either, so the default address was a mung. But
newbies don't know to do that.

Any app that starts IE is a Trojan. What app was it? I'm sure you
didn't have IE as your default browser.

If I ever found such a Trojan, I'd submit it to Kaspersky and others
so they could offer detection.

BTW, if you never use OE, how could it have your email addy?

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

Since when does logic need to be defended?

2+2=5 because I said so!

And don't rely on security by obscurity. Kerio, Sygate and Outpost
are just as likely to be disabled by malware as ZA and the others
you mentioned.

That was why I asked for some cites.

Just don't place too much confidence in having just one method of
finding malware/spyware infestations.

That statement would be for newbies; I already have several methods.

The latest av offering from KAV, for example, offers multiple
methods of detection, including a intrusion detection module for
the clueless. Their version 6 KIS (Kaspersky Internet Security)
requires the fastest PC available so as to not choke it to death.

Since that's the direction things are going, it's more important
than ever to address prevention and safe hex alternatives.

Those who don't have a clue and refuse to learn prevention are
hopeless. They don't even know enough to stay off the internet when
hit by a worm or RAT. Telling them to use a sw firewall to alert
them to the inevitable infestation is actually just a lot of arm
waving

I try to educate my friends. This is but one way.

Any app that starts IE is a Trojan. What app was it? I'm sure you
didn't have IE as your default browser.

This was a reputable anti-trojan application. It was since fixed to
not do that after my revelation in some newsgroups. And no, IE is not
my default browser, and has not been for many years.

If I ever found such a Trojan, I'd submit it to Kaspersky and
others so they could offer detection.

That would have been as embarrassing to the author as my public

BTW, if you never use OE, how could it have your email addy?

As I stated, the *default* addy was a munged address, just for that
purpose. I do have OE available, but only for looking up answers to
"how do I do .." questions from friends.

 

[kurt wismer]

Art wrote:
[snip]

Since when does logic need to be defended? And don't rely on security
by obscurity. Kerio, Sygate and Outpost are just as likely to be
disabled by malware as ZA and the others you mentioned.

true, but with kerio (and possibly others) you'd have to give the
process that would potentially disable kerio permission to run before it
would be able to disable kerio...

 

[Art]

That was why I asked for some cites.

Too lazy to google them up yourself, eh? Here's one that disables
Kerio:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html

I found dozens of firewall disabling Trojans aimed at various sw
firewalls and IDEs such as Black Ice. There's Trojan generator
described at Symantec's site. The kiddies just have to enter the
name of the firewalls and avs they want disabled

Art

http://home.epix.net/~artnpeg

 

[Duane Arnold]

NO.

You want to supplement XP's FW and stop inbound or outbound traffic by
port, protocol and IP, then there is IPsec that can be used that's on the
XP O/S too.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/?id=813878

Some people like to run with two PFW(s)/packet filters. You can run with
one PFW(s) no matter what it is and supplement with Ipsec which is a very
powerful supplement.


Duane

 

[Art]

Art wrote:
[snip]

Since when does logic need to be defended? And don't rely on security
by obscurity. Kerio, Sygate and Outpost are just as likely to be
disabled by malware as ZA and the others you mentioned.

true, but with kerio (and possibly others) you'd have to give the
process that would potentially disable kerio permission to run before it
would be able to disable kerio...

Here's another Kerio killer that allegedly works on Win 2K/XP:

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.az.html

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

Too lazy to google them up yourself, eh?

No, but you were the one claiming. ;-)

Here's one that disables Kerio:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html

Ok then. You've done your job.

 

[Art]

No, but you were the one claiming. ;-)

That it's obviously possible.

Ok then. You've done your job.

What job? What does it pay? I never get a paycheck so I quit

Art

http://home.epix.net/~artnpeg