Jon said:
That is actually what I have running here.. BUT I've also implemented a
pop-up dialog box to alert me if any application is connecting or not, and
also to automatically create firewall rules for connecting applications,
if I so choose. This simply makes my life easier, and acts *on top* of the
existing Windows firewall + IpSec. It is simply a useful addition.
Impressed? You needn't be...
I am not impressed. I am not impressed that some tool is making rules for
the FW so that an application can punch through. BTW, what makes you think
that malware can't do the same thing and create rules for the FW? The API
for the Vista and XP FW(s) are well known with plenty of examples of
setting rules for the FW(s), programming wise.
Also what makes you think that this cannot happen to a 3rd party PFW
solution as well where malware can set rules for the solutions and punch
through, and you wouldn't even know that it's happening?
You see the technology is already built in and in place in form of the
'Windows Filtering Platform'and this is what makes it even harder to
understand.
Why didn't MS finish the job and add the pop-up that 99% of personal
firewall users (whether you like them or not) are familiar with and
expect?
Because it's not part of a FW solution and should not be a part of it, IMHO.
It's a bit like building a house, with the foundations and walls built
correctly, but deciding at the last minute not to put the roof on.
It shouldn't be there as an intergeated part of the solution, and I'll never
use it, because I don't need the pop-ups in my face.
And if MS does try to implement the pop-ups as part of its FW solution, then
it had better have a way of totally disabling it, much like BlackIce has
done for it desktop solution for those that don't need the pop-up in their
face.
While I'm on the firewall / Ipsec I'll also add this.....You're not
seriously suggesting (as you seem to be in your post at the bottom of this
thread) that a user, that you don't credit with the ability to decide
whether sidebar.exe should access the Internet or not, is going to be
capable of creating their own mmc console, ploughing their way through
unfriendly IPSec dialog boxes and creating rules for https, tcp etc? If
you are then I'm sorry, that's just funny.
I have to say that you don't know what you're talking about when it comes to
IPsec.
All one has to do is implement the AnalogX policy rules for IPsec. All one
has to do is enable the client side rules for the services and disable the
server side rules for the services, unless one needs the rules for the
server side of a service enabled.
In the example where I had to change the AnalogX SMTP client rule from TCP
port 25 to TCP 587, because that's what the ISP uses, it was a piece of
cake, rather easy.
The link is not for you, because you obviously pick, choose and ignore
information that's put dead in your face. It's for others that are more
technically minded than joe blow *clueless* home user.
http://www.analogx.com/CONTENTS/articles/ipsec.htm
Here is another link for the more technically minded about how IPsec can be
used at the Command Prompt.
http://support.microsoft.com/kb/813878
So you see, it's not hard at all for those that are technically savvy. And
no, IPsec is is not for those that are not savvy enough, and I would also
include BlackIce and Wipfw in that category too.
That was the way I interpreted it and I stand by what I said. Every OS has
vulnerabilities, stripped or not stripped, 'locked down' or not locked
down, which was my sole point there, and I don't think any sane person
would dispute.
The point is that some *clueless* home user running a PFW has no clue on how
to minimize the risks or the attack vector on the O/S.
Therefore, anything running with the O/S is only as secure as the O/S
itself. If the O/S is not secure or harden to attack, which there are books
an articles out on Google on how to to this, even from a home user
standpoint, then nothing running with the O/S is secure.
As I've written previously, the use of one measure doesn't prohibit the
use of another. Just because I use a lock on my front door, doesn't mean I
can't install a burglar alarm too.
You miss the point.
The only three solutions that can protect the network connection at boot and
be there before anything else can get there first such as malware are the
following.
1) Vista's FW
2) XP's FW
3) Wipfw
No other solutions can get there when needed. So whatever FW rules you got
going on to stop something in some 3rd party PFW is beaten at that point. In
addition to that, most likely these pop-up boxes you got going even on
Vista are out of the picture too.
So, in this case, the malware has done it's thing and made contact with the
site, and in the meantime, the burglar alarm was never in the picture. It
was too late and it's over.
Not sure what your point is there,
The point is that Linux solutions for the home user from a FW solution
standpoint are not bombarding the user with should I allow this or should I
disallow that.
It's just like Linux doesn't have some kind UAC feature in it asking the
user questions. Is it ok? Is it ok? Should I allow? Is it ok? Should I
allow? Should allow or cancel? Hey user, is it ok, should I allow or should
I cancel?
Thank god it can be turned off, but I guess it's better than nothing being
in place. MS needs to dump UAC and come out with something better than that.
It's basically worthless, just like the same type of solution in PFW(s).
but ever heard of Guarddog?
If it's got pop question protection with application control, it's your cup
of tea. If it don't have the pop-up question protection with application
control, I suggest you leave it alone.
BTW, I only use Vista's FW and IPsec when this laptop is directly using a
modem to connect to the Internet or the machine is on a foreign LAN like a
wireless cafe, while I am on the road .Net program contracting.
Other than that, the solutions are disabled on all the machines, even the FW
on the Linux machine is disabled. I have no need for any of it, because the
machines are sitting behind a FW appliance on my network at home.
No traffic is coming in and out of the FW appliance, unless I am setting
rules to allow it. And if malware has infected a machine and is trying to
phone home, I am going to spot it and can set rules to stop the traffic to
the remote IP, until I find it on the machine.
If I have some application that trying to phone home, it can try all it
wants. I can set rules to stop the outbound traffic to an IP, IP(s), port,
protocol or subnet it's trying to connect to. It's not coming past the FW
appliance. And I do watch the traffic in real time and can review the logs
to see what is happening on the network.
The reason it's not coming past the FW appliance is because it's a
standalone device, it doesn't need to be booted, its software is not running
with the O/S, and the traffic is flat-out going to be stopped, without me
worrying about it.
The same holds true for FW router and the harden to attack O/S running on a
gateway computer that's using a host based network FW solution to protect a
network.
I can't say the same about your solutions, and as a matter of fact, I know
it's not the same, because I have been there and done that.
Sorry, you're wasting my time with all of this.