FIREWALL CHECK

[Richard]

I need some help please. I have Windows Vista Home Premium and Norton
Internet Security 2008.
When I try to log onto the Internet, I get a firewall check. I reply:
(1) disable the (Windows) firewall,
(2) don't perform this check again.
But this check reappears every time I try to log onto the Internet.
How do I stop this message reappearing?

 

[Charlie Tame]

I need some help please. I have Windows Vista Home Premium and Norton
Internet Security 2008.
When I try to log onto the Internet, I get a firewall check. I reply:
(1) disable the (Windows) firewall,
(2) don't perform this check again.
But this check reappears every time I try to log onto the Internet.
How do I stop this message reappearing?

At some point in the future you will be forced to completely remove
Norton, it is the single worst piece of junk ever sold for the PC.
McAfee is no better really.

By default the Windows firewall causes little trouble, but to isolate
the problem you need to go into the Norton Settings and disable it all,
work back from there. Actually it would be better to uninstall Norton
completely but you MUST follow their instructions and use their removal
tool because otherwise trying to uninstall it will likely trash your
system. This is quite deliberate on their part to stop you from getting
rid of it.

 

[FromTheRafters]

At some point in the future you will be forced to completely remove
Norton, it is the single worst piece of junk ever sold for the PC. McAfee
is no better really.

By default the Windows firewall causes little trouble, but to isolate the
problem you need to go into the Norton Settings and disable it all, work
back from there. Actually it would be better to uninstall Norton
completely but you MUST follow their instructions and use their removal
tool because otherwise trying to uninstall it will likely trash your
system. This is quite deliberate on their part to stop you from getting
rid of it.

They make a removal tool to stop you from getting rid of it?
Are you insane?
)

 

[Peter Foldes]

Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

 

[Kayman]

I need some help please. I have Windows Vista Home Premium and Norton
Internet Security 2008.
When I try to log onto the Internet, I get a firewall check. I reply:
(1) disable the (Windows) firewall,
(2) don't perform this check again.
But this check reappears every time I try to log onto the Internet.
How do I stop this message reappearing?

A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and bloated for the average user.

The major Norton criticisms are related to stability and footprint, the
most common problem being slow-downs because of the massive system
resources Norton hogs. There are products on the market with equal or
better test results than Symantec's products, consuming less resources at a
lower price (even free ones).

The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool:

Download and run the Norton Removal Tool and try to get a refund:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003
products and Norton 360 from your computer.

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx

Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available).
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/
The free version may be all you need, check the comparisons under
the "Download and Buy" link.

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Viral Irony: The Most Common Cause of Corruption.
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser

and (optional but highly recommendable)

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.

Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Note: It is Free for private use. Just download (do NOT buy) and install.

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

After the software is updated, it is suggested scanning the system in Safe
Mode.

A clarification on the terminology: the word "malware" is short for
"malicious software." Most Anti-Virus applications detect many types of
malware such as viruses, worms, trojans, etc.
What AV applications usually don't detect is "non-viral" malware, and the
term "non-viral malware" is normally used to refer to things like spyware
and adware.

Good luck

 

[Hank Arnold (MVP)]

Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

????????? I can accept that there is an argument as to whether it is
adequate or not (I'm clearly on the "It's not!" camp), but I've *NEVER*
heard it rated as better than any other firewall!!!

What do you base this statement on??

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Paul Montgomery]

????????? I can accept that there is an argument as to whether it is
adequate or not (I'm clearly on the "It's not!" camp), but I've *NEVER*
heard it rated as better than any other firewall!!!

What do you base this statement on??

This is the same guy who last week told someone that a failing CMOS
battery was the probably cause of a system clock losing time during
the day while it was powered-up with Windows running.

 

[Kayman]

????????? I can accept that there is an argument as to whether it is
adequate or not (I'm clearly on the "It's not!" camp), but I've *NEVER*
heard it rated as better than any other firewall!!!

Peter said: "any *3rd party* Firewall"* and most probably referred
specifically to 3rd party software personal firewalls (PFW).

What do you base this statement on??

I can't speak for Peter but there are credible reports in circulation
confirming his assertion. The reports are not commercially sponsored.
BTW, test reports conducted by some firewall testing organizations used to
test the Windows Firewall for *outbound traffic control* (a function which
never ever was incorporated) and compared it with 3rd party f/w apps.

 

[+Bob+]

Peter said: "any *3rd party* Firewall"* and most probably referred
specifically to 3rd party software personal firewalls (PFW).

I can't speak for Peter but there are credible reports in circulation
confirming his assertion. The reports are not commercially sponsored.

I think you need to be a little more definitive on what reports to
make the claim you did. Lots of reports (in many industries) make
claims but when you examine their testing criteria and methods you
come to other conclusions.

BTW, test reports conducted by some firewall testing organizations used to
test the Windows Firewall for *outbound traffic control* (a function which
never ever was incorporated) and compared it with 3rd party f/w apps.

Which is why you want a real personal FireWall like Zone Alarm. If you
have a router in place with NAT and WPA with a good password, inbound
is of relatively limited concern. Outbound, OTOH, not only prevents MS
programs and others from calling home for no apparent reason, but
helps identify when an evil program has infected your system and is
attempting net access. These issues are much more of a concern than
inbound access.

 

[Mr. Arnold]

I think you need to be a little more definitive on what reports to
make the claim you did. Lots of reports (in many industries) make
claims but when you examine their testing criteria and methods you
come to other conclusions.


Which is why you want a real personal FireWall like Zone Alarm. If you
have a router in place with NAT and WPA with a good password, inbound
is of relatively limited concern. Outbound, OTOH, not only prevents MS
programs and others from calling home for no apparent reason, but
helps identify when an evil program has infected your system and is
attempting net access. These issues are much more of a concern than
inbound access.

And they can cut through the snake-oil crap in ZA or any other solution like
ZA like a hot knife through butter. The job of a personal FW (it's not a
FW)/packet filter is stop unsolicited inbound packets, by default, from
reaching services and the O/S running on the machine and to prevent outbound
packets from leaving the machine, by setting packet filtering by port
TCP/UDP, protocol -- HTTP, FTP, ICMP, etc, etc, IP, subnet mask or domain
for inbound and outbound traffic.

The job of the personal FW/packet filter has been blown up out of
proportion, and it's not a malware solution, trying to protect you from you
that it cannot do. That's snake-oil and candy technology in them as a home
user security blanket giving a false sense of security.


http://www.securityfocus.com/infocus/1840

There are other ways, that one can cut through the crap snake-oil like
Application Control in PFW(S). Another way is to beat the PFW(S) to the
network connection during the boot process before the PFW service is even up
and running. It has done its thing and is done before the PFW could even
know that it has happened.

 

[Peter Foldes]

Hello Hank

From personal testing (usage). I have tried a few 3rd party ones and aside from bloating and the obvious cost they are no better than the Firewall supplied by Windows.

 

[FromTheRafters]

I think you need to be a little more definitive on what reports to
make the claim you did. Lots of reports (in many industries) make
claims but when you examine their testing criteria and methods you
come to other conclusions.


Which is why you want a real personal FireWall like Zone Alarm. If you
have a router in place with NAT and WPA with a good password, inbound
is of relatively limited concern. Outbound, OTOH, not only prevents MS
programs and others from calling home for no apparent reason, but
helps identify when an evil program has infected your system and is
attempting net access. These issues are much more of a concern than
inbound access.

Once you have an "evil program" executing on your machine, the
game is over. That is unless it is a very lame "evil program". The
firewall application would now be running on a system that can't
be trusted - and so itself can't be trusted even if it tells you it can
be trusted.

IOW a false sense of security exists whether or not the machine
is compromised.

 

[+Bob+]

Once you have an "evil program" executing on your machine, the
game is over. That is unless it is a very lame "evil program". The
firewall application would now be running on a system that can't
be trusted - and so itself can't be trusted even if it tells you it can
be trusted.

I agree that some programs can work towards beating your outbound
firewall - but on a practical basis, it catches quite a few. Some is
better than none.

IOW a false sense of security exists whether or not the machine
is compromised.

99.99% of users have a false sense of security. THat's why so many of
their machines get infected. An outbound firewall is one more layer
that can help identify problems.

 

[Mr. Arnold]

On Mon, 28 Jul 2008 21:16:31 -0400, "FromTheRafters"

99.99% of users have a false sense of security. THat's why so many of
their machines get infected. An outbound firewall is one more layer
that can help identify problems.

Application control in PFW(s) is not outbound control. It's application
control, which should be under the control of the O/S. The buck stops with
the O/S not the PFW/packet filter. If the O/S can be fooled, then anything
that runs with the O/S can be easily fooled too.

Any of today's PFW(s)/personal packet filter even Vista's FW/packet filter
has the ability to stop outbound packets from leaving the machine by setting
outbound packet filtering rules. The stuff you're talking about has no
business trying to do application control. Their job is to act as packet
filter.

99.99% of users don't have a false sense of security. 99.99% of users don't
know what security is about period. 99.99% of them if a message comes up
into their face to allow or disallow something, they flat out don't know the
circumstances as to why it's even happening.

So, they stop something like Svchost.exe from accessing the network.
Svchost.exe is not the one that wants access. Svchost.exe only host
something, a program, that wants the access. So, they stop Svchost.exe this
time never knowing what they really needed to stop. Then they turn around
and allow Svchost.exe to access the network, and then the exploit now has
its shot to get out un-detected, piggy backing of that instance of
Svchost.exe that was granted access.

 

[Kayman]

I agree that some programs can work towards beating your outbound
firewall - but on a practical basis, it catches quite a few. Some is
better than none.

What is there to 'catch'. Since malware already has/is manipulating your OS
the game is lost[PERIOD]!

99.99% of users have a false sense of security.

And 99.99% of quoted statistics are made up on the spot...

THat's why so many of their machines get infected.

No, unsafe browsing and relying on Phony-Baloney Ware such as 3rd party
software (so-called) firewalls aka Illusion Ware gets you in hot water.

An outbound firewall is one more layer that can help identify problems.

Relying on this layer is precisely what gives you this false sense of
security.

Educate yourself, Google can assist.
BTW, ever wondered why nobody responded to your WLM query?

 

[FromTheRafters]

I agree that some programs can work towards beating your outbound
firewall - but on a practical basis, it catches quite a few. Some is
better than none.

As an aside, would you feel safe with an antivirus that recognizes
"quite a few" viruses? True, some is better than none, but the
idea that only the lame ones will be caught would not give me the
warm fuzzy feeling that personal firewall applications seem to promise
the user.

99.99% of users have a false sense of security.

....and 90% of those achieve it without additional software running
on their machine telling them how safe they are.

THat's why so many of
their machines get infected. An outbound firewall is one more layer
that can help identify problems.

I agree that they are not *completely* useless.

 

[+Bob+]

As an aside, would you feel safe with an antivirus that recognizes
"quite a few" viruses? True, some is better than none, but the
idea that only the lame ones will be caught would not give me the
warm fuzzy feeling that personal firewall applications seem to promise
the user.

But the point be argued here is having an outbound firewall vs. none
at all (windows firewall).

No A/V solution will catch everything. Add a few layers - an extra
non-unobtrusive, non-performance impacting layer that can help is
worth it, IMHO.

...and 90% of those achieve it without additional software running
on their machine telling them how safe they are.

When has an outbound firewall ever done anything to make the 99% feel
safe? Most of them don't even know it's there until it reports
something. They feel safe thorough ignorance of the dangers, not
knowledge of the solutions.

 

[Mr. Arnold]

But the point be argued here is having an outbound firewall vs. none
at all (windows firewall).

Once again, will someone tell this person what outbound packet filtering
means, which Vista has outbound packet filtering. What he is talking about
is application control, which are two differnt things and is snake-oil.

 

[+Bob+]

I agree that some programs can work towards beating your outbound
firewall - but on a practical basis, it catches quite a few. Some is
better than none.

What is there to 'catch'. Since malware already has/is manipulating your OS
the game is lost[PERIOD]!

Nonsense. Not all malware is sharp enough to avoid firewall detection.
Not all malware infections are lost cases. Repair is possible quite
often. The earlier the problem is detected, the higher the probability
for repair. There are enough malware schemes that don't avoid the
firewall that it is worth using one. PERIOD.

Museums have sophisticated security systems. Nonetheless, criminals
get through them and steal valuable items fairly consistently. Do the
museums throw up their arms and say "we won't bother with an alarm
system since there are _some_ people who can beat it". No, they
install a security system that keeps out the large majority of
potential thieves, recognizing that no system is perfect.

No, unsafe browsing and relying on Phony-Baloney Ware such as 3rd party
software (so-called) firewalls aka Illusion Ware gets you in hot water.

The fact that some people have an illusion of safety does not negate
the increased security offered by an outbound firewall.

Relying on this layer is precisely what gives you this false sense of
security.

There's a difference between relying and utilizing.

Educate yourself, Google can assist.
BTW, ever wondered why nobody responded to your WLM query?

No, I've been spending my "wondering time" puzzling over how someone
becomes such a condescending, know-it-all, dick head like you.

 

[+Bob+]

On Wed, 30 Jul 2008 13:01:16 -0400, "Mr. Arnold" <MR.

Once again, will someone tell this person what outbound packet filtering
means, which Vista has outbound packet filtering. What he is talking about
is application control, which are two differnt things and is snake-oil.

Vista's outbound filtering needs manual configuration and is well
beyond the scope of anyone who doesn't have serious training.
Application filtering is not snake-oil and does have value. It's also
possible for average users to actually turn it on an have it work.