J
Jon
cquirke (MVP Windows shell/user) said:
Exactly. Anyhow it's time for a beer before bed.....
Exactly. Anyhow it's time for a beer before bed.....
M
Mike Hall - MVP
M
Mike Hall - MVP
In an ever changing scene, it is next to impossible to protect all people
from themselves.. maybe if some can be saved, that is a good thing, but is
shows that present security is still not what it should be.. or does it
prove that not enough is done to ensure that the security threats never
appear in the first place.. either task is daunting..
Send somebody into a grocery store and tell them that they are only allowed
healthy foods.. the call of potato chips can be strong, way more so than
some invisible abstract barrier.. so it is with the 'rude' emotes that
everybody else has in a chat room.. you can hear them say 'well, I have them
and nothing has gone wrong here.. oops.. two minutes later, the person
returns safe in the knowledge that Yahoo 'booted' them.. it couldn't be the
emotes, could it, or more correctly, the mini app that controls them? Hell
no..
--
Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
from themselves.. maybe if some can be saved, that is a good thing, but is
shows that present security is still not what it should be.. or does it
prove that not enough is done to ensure that the security threats never
appear in the first place.. either task is daunting..
Send somebody into a grocery store and tell them that they are only allowed
healthy foods.. the call of potato chips can be strong, way more so than
some invisible abstract barrier.. so it is with the 'rude' emotes that
everybody else has in a chat room.. you can hear them say 'well, I have them
and nothing has gone wrong here.. oops.. two minutes later, the person
returns safe in the knowledge that Yahoo 'booted' them.. it couldn't be the
emotes, could it, or more correctly, the mini app that controls them? Hell
no..
cquirke (MVP Windows shell/user) said:
--
Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
M
Mr. Arnold
Jon said:
What software FW are you talking about or do you mean a packet filter
running at the machine level?
That's exactly what it does. It tries to help/protect the user by getting
the user involved in the decision making process, which it has no business
doing. I blame this crap on the *clown* named Gibson that really doesn't
know jack.
The only other security solution I am running is an AV and of course Vista
has got some other junk running, but I let it run. You see, I always know
what's happening on the machine. I don't need some pop corn pop-ups in my
face.
The Vista FW along with IPsec is all that's needed.
No I didn't say that. I said that a network host based gateway software FW
solution running on a host computer is on par with FW router and a FW
applinace. You keep in mind now that I AM NOT talking about a PFW solution.
And yes, a getway software FW solution running on a gateway computer is
more secure than a PFW solution running on a computer used by some
*clueless* or they got a little *clue* user.
The reason being that solution is going to be more secure is the the O/S is
going to be. It will be stripped of all vulnerable software and services on
the gateway computer.
The O/S in general will be harden to attack, such as the registry, file
system, etc etc locked down so that the machine can face the Internet and
act as gateway FW solution device protecting a LAN.
You show me where any *clueless* or they got a little bit of *clue* home
user running a PFW on a computer that knows how to do any of it, other than,
they are going to reply *yes* or *no* to some questions that they hardly or
don't have a clue about what's happening.
But they got that snake-oil security blanket running asking a bunch of
questions and they are clicking, so it doesn't matter. The security blanket
has got things covered.
Let me ask you this since you have been asking the questions.
What happens to the PFW a boot and login when the PFW solution is not
protecting the network connection, because nothing else running on the O/S
has a dependency and is waiting on the PFW before anything else is made
available?
What happens when the network connection is active first, before the PFW is
up and running and the malware gets there first?
What happens then? Who is stopping what?
The simple fact that it's a standalone solution that is not running with the
O/S, which makes it more secure. The fact that malware CANNOT be installed
on such devices that can easily circumvent their protection, like it can
happen with a PFW solution that's running with the O/S, with some *clueless*
user that doesn't know what is happening, replying to questionsa.
It doean't make any differnce if UAC is there or not, if the malare can get
there and can be executed. It doesn't matter what O/S is being used, MS,
Linux, Apple or otherwise.
I am trying to figure out what you're talking about, with some kind of
limited view about snake-oil. It is what it is.
Do you think someone has time to be running around writting programs to do
that?
One uses the tools at hand, but I don't use the snake-oil.All the malware has to do is interrogate the registry to find out what it
wants and take measures to attack, circumvent and defeat.
Sorry, you have no *clue* as to what malware can do when it hits a machine
or hits a network. Not only can malware target an O/S, it can target
software running on the machine to exploit it.
Let me ask you a question.
Since in your opinion with PFW(s) using pop-up questions being the greatest
thing since *pop-up* toasters doing pop-up toast, why is NOT PFW(s) running
on Linux and Linux does have PFW solutions running have all this pop corn
pop-up with users doing the clicketty, click, click?
J
Jon
Mr. Arnold said:
That is actually what I have running here.. BUT I've also implemented a
pop-up dialog box to alert me if any application is connecting or not, and
also to automatically create firewall rules for connecting applications, if
I so choose. This simply makes my life easier, and acts *on top* of the
existing Windows firewall + IpSec. It is simply a useful addition.
Impressed? You needn't be... You see the technology is already built in and
in place in form of the 'Windows Filtering Platform'and this is what makes
it even harder to understand. Why didn't MS finish the job and add the
pop-up that 99% of personal firewall users (whether you like them or not)
are familiar with and expect? It's a bit like building a house, with the
foundations and walls built correctly, but deciding at the last minute not
to put the roof on.
While I'm on the firewall / Ipsec I'll also add this.....You're not
seriously suggesting (as you seem to be in your post at the bottom of this
thread) that a user, that you don't credit with the ability to decide
whether sidebar.exe should access the Internet or not, is going to be
capable of creating their own mmc console, ploughing their way through
unfriendly IPSec dialog boxes and creating rules for https, tcp etc? If you
are then I'm sorry, that's just funny.
No I didn't say that. I said that a network host based gateway software FW
solution running on a host computer is on par with FW router and a FW
applinace. You keep in mind now that I AM NOT talking about a PFW
solution.
And yes, a getway software FW solution running on a gateway computer is
more secure than a PFW solution running on a computer used by some
*clueless* or they got a little *clue* user.
The reason being that solution is going to be more secure is the the O/S
is going to be. It will be stripped of all vulnerable software and
services on the gateway computer.
The O/S in general will be harden to attack, such as the registry, file
system, etc etc locked down so that the machine can face the Internet and
act as gateway FW solution device protecting a LAN.
You show me where any *clueless* or they got a little bit of *clue* home
user running a PFW on a computer that knows how to do any of it, other
than, they are going to reply *yes* or *no* to some questions that they
hardly or don't have a clue about what's happening.
But they got that snake-oil security blanket running asking a bunch of
questions and they are clicking, so it doesn't matter. The security
blanket has got things covered.
That was the way I interpreted it and I stand by what I said. Every OS has
vulnerabilities, stripped or not stripped, 'locked down' or not locked down,
which was my sole point there, and I don't think any sane person would
dispute.
As I've written previously, the use of one measure doesn't prohibit the use
of another. Just because I use a lock on my front door, doesn't mean I can't
install a burglar alarm too.
Not sure what your point is there, but ever heard of Guarddog?
M
Mr. Arnold
Jon said:
I am not impressed. I am not impressed that some tool is making rules for
the FW so that an application can punch through. BTW, what makes you think
that malware can't do the same thing and create rules for the FW? The API
for the Vista and XP FW(s) are well known with plenty of examples of
setting rules for the FW(s), programming wise.
Also what makes you think that this cannot happen to a 3rd party PFW
solution as well where malware can set rules for the solutions and punch
through, and you wouldn't even know that it's happening?
Because it's not part of a FW solution and should not be a part of it, IMHO.
It shouldn't be there as an intergeated part of the solution, and I'll never
use it, because I don't need the pop-ups in my face.
And if MS does try to implement the pop-ups as part of its FW solution, then
it had better have a way of totally disabling it, much like BlackIce has
done for it desktop solution for those that don't need the pop-up in their
face.
I have to say that you don't know what you're talking about when it comes to
IPsec.
All one has to do is implement the AnalogX policy rules for IPsec. All one
has to do is enable the client side rules for the services and disable the
server side rules for the services, unless one needs the rules for the
server side of a service enabled.
In the example where I had to change the AnalogX SMTP client rule from TCP
port 25 to TCP 587, because that's what the ISP uses, it was a piece of
cake, rather easy.
The link is not for you, because you obviously pick, choose and ignore
information that's put dead in your face. It's for others that are more
technically minded than joe blow *clueless* home user.
http://www.analogx.com/CONTENTS/articles/ipsec.htm
Here is another link for the more technically minded about how IPsec can be
used at the Command Prompt.
http://support.microsoft.com/kb/813878
So you see, it's not hard at all for those that are technically savvy. And
no, IPsec is is not for those that are not savvy enough, and I would also
include BlackIce and Wipfw in that category too.
The point is that some *clueless* home user running a PFW has no clue on how
to minimize the risks or the attack vector on the O/S.
Therefore, anything running with the O/S is only as secure as the O/S
itself. If the O/S is not secure or harden to attack, which there are books
an articles out on Google on how to to this, even from a home user
standpoint, then nothing running with the O/S is secure.
You miss the point.
The only three solutions that can protect the network connection at boot and
be there before anything else can get there first such as malware are the
following.
1) Vista's FW
2) XP's FW
3) Wipfw
No other solutions can get there when needed. So whatever FW rules you got
going on to stop something in some 3rd party PFW is beaten at that point. In
addition to that, most likely these pop-up boxes you got going even on
Vista are out of the picture too.
So, in this case, the malware has done it's thing and made contact with the
site, and in the meantime, the burglar alarm was never in the picture. It
was too late and it's over.
The point is that Linux solutions for the home user from a FW solution
standpoint are not bombarding the user with should I allow this or should I
disallow that.
It's just like Linux doesn't have some kind UAC feature in it asking the
user questions. Is it ok? Is it ok? Should I allow? Is it ok? Should I
allow? Should allow or cancel? Hey user, is it ok, should I allow or should
I cancel?
Thank god it can be turned off, but I guess it's better than nothing being
in place. MS needs to dump UAC and come out with something better than that.
It's basically worthless, just like the same type of solution in PFW(s).
If it's got pop question protection with application control, it's your cup
of tea. If it don't have the pop-up question protection with application
control, I suggest you leave it alone.
BTW, I only use Vista's FW and IPsec when this laptop is directly using a
modem to connect to the Internet or the machine is on a foreign LAN like a
wireless cafe, while I am on the road .Net program contracting.
Other than that, the solutions are disabled on all the machines, even the FW
on the Linux machine is disabled. I have no need for any of it, because the
machines are sitting behind a FW appliance on my network at home.
No traffic is coming in and out of the FW appliance, unless I am setting
rules to allow it. And if malware has infected a machine and is trying to
phone home, I am going to spot it and can set rules to stop the traffic to
the remote IP, until I find it on the machine.
If I have some application that trying to phone home, it can try all it
wants. I can set rules to stop the outbound traffic to an IP, IP(s), port,
protocol or subnet it's trying to connect to. It's not coming past the FW
appliance. And I do watch the traffic in real time and can review the logs
to see what is happening on the network.
The reason it's not coming past the FW appliance is because it's a
standalone device, it doesn't need to be booted, its software is not running
with the O/S, and the traffic is flat-out going to be stopped, without me
worrying about it.
The same holds true for FW router and the harden to attack O/S running on a
gateway computer that's using a host based network FW solution to protect a
network.
I can't say the same about your solutions, and as a matter of fact, I know
it's not the same, because I have been there and done that.
Sorry, you're wasting my time with all of this.
J
Jon
This is where UAC comes in and is where the discussion started, in case
you'd forgotten.
......... In
They're not 'out of the picture' since as I said before they work *on top*
of the Windows Firewall, or more specifically on top of the boot-time
filters + BFE (Base Filter Engine), which prevents any network access prior
to the Windows Firewall service start. But then of course you already knew
that, since you are so 'technically savvy' ( lol ).
<snip anti pop-up, anti-UAC "all the world is clueless apart from me"
misguided rant >
Mine too. Time to move on.
M
Mr. Arnold
Jon said:
Well, the bottom line is UAC is just about worthless as far as I am
concerned and MS needs to move to something else.
LOL, LOL and LOL it's a service stupid. Do you think a malware program
cannot interface with the Service Controller and disable the service?
In reality, since you're just a bubble gum, pop-up pop tart home user, that
has no game, tries to talk with no nothing trash talk, have your hands
immersed deeply in snake-oil other than MS's, and in general, you're pretty
much *clueless*, what was the point of talking to you?
You were pretty much worthless. said:
The real meaing is that you can't counter any of it.
asta la VISTA clueless
J
Jon
<snip the laughing of a deranged moron>
Look Mr '.net on the road professional programmer'. My first job as a
professional programmer (for a top blue chip company) when I was aged 16 (a
number of years ago now) which represents the dizzy heights you consider
yourself the 'bees knees' for having reached now. I progressed, matured and
moved on to better things. You clearly never will.
And it's not worth bothering with your response, since you clearly don't
even understand the distinction between a boot-time filter and a service.
Look Mr '.net on the road professional programmer'. My first job as a
professional programmer (for a top blue chip company) when I was aged 16 (a
number of years ago now) which represents the dizzy heights you consider
yourself the 'bees knees' for having reached now. I progressed, matured and
moved on to better things. You clearly never will.
And it's not worth bothering with your response, since you clearly don't
even understand the distinction between a boot-time filter and a service.
M
Mr. Arnold
Let me end it for you, <plank>, that's a soft logical <plonk>.
I know you're not talking about anything, as usual. You never were, and it's
not read, pop-ups.
I know you're not talking about anything, as usual. You never were, and it's
not read, pop-ups.
J
Jon
nizan said:
Thanks nizan. Those are certainly disturbing statistics about the percentage
spyware trapped.
M
Mr. Arnold
nizan said:
One should use safe hex computing practices where one doesn't put the
machine or one's self at risk.
If one does that, then one doesn't need Ad-Adware, Sypbot, Windows Defender
running sucking up CPU cycles.
Ad-Aware I stopped using about 2 maybe 2.5 years ago. All Ad-Aware ever
found was cookies. One cannot be attacked by cookies, There is no executable
code in cookies that can attack the machine.
One needs a good AV and one needs to practice safe hex.