Firewall etc

[Chappy]

If you think I was tuff on you, you post this nonsense to

Tuff?
That's a laugher

What I don't understand tho is the absolutely maniacal and almost violent
hatred of any 3rd party firewalls?
If you don't remember, the firewall in Windows was purchased from a 3rd
party and embedded into Windows, it was NOT designed by MS engineers!! Are
you all saying that other engineers can't design and build a useful & secure
firewall? I think they may have something to say about that, especially
considering that they do very well in unsponsored testing facilities.
Are you also saying that these testing facilities are full of it or don't
know what they're doing?
I would ask where would we be without those unsponsored testing facilities
doing the job of sorting out the good from the bad for us. I can't imagine
having to run our own tests on AV and other security software and I don't
think you'd relish that thought either, so we depend on those who've decided
to make a living from it to do this for us.

I'm certainly NOT against MS, in fact I stand up for their efforts against
allot of MS bashers, I know how difficult it is to make something this
complex perfect...it aint gonna happen. Just because I think another
company's firewall offers me better protection and an opportunity to
configure advanced rules to suit my needs, doesn't mean I hate the Windows
firewall or any other part of it. I'm sure there's things in Windows you
don't like either.
But I am entitled to my opinion just as you to yours, and I never hold yours
against you or call your decisions foolish. You have your reasons for your
decision and I mine. You can attempt to get others to listen to your advice,
and I can attempt to do the same, but we allow them to make the final
decision based on whatever information we can provide for our respective
points of view.

You can find a dozen sites that say Win Firewall Rox...and I can list a
dozen that says differently...so what. It's up to the end user to decide
which suits their needs best. If Windows starts embedding an AV app, is
everyone all of a sudden idiots if they stay with another proven product? I
certainly hope not, so why the big deal over their firewall, which again was
written by others outside of the MS family...proving that there are in fact
some intelligent and competent engineers out there writing software solutions
that can do the job.

We could go forever replying to little snippets of each others posts and
still make no headway, it's simply a waste of all of our time and energies.
Despite your arguments to the contrary, there are perfectly good, secure and
well designed firewall solutions out there ans MANY other people use these
products with excellent results. If you get excellent results from your
product, well that's excellent and more power to you, but don't go nutzoid on
others for their choice of solution.

In a way, I almost agree with you about all the other forms of protection
that even Comodo firewall has. In fact, I have most of that turned off and
use it basically as a packet filtering solution, I don't need all the HIPS
and hook alerts because I know what I'm doing, just as you others do too. But
we all know the majority of users haven't the time or opportunity to learn
what we have, so they can benefit from the higher forms of protections these
products can offer besides simply being a filtering interface. We can harden
our systems without (as you put it) having someone protect Us from Us, we
don't have poor habits and we know better. But 80% of todays users just don't
have that knowledge and that's where those of us that do, come in to help
them as best we can. And in my opinion, and a few others too, most casual
users can benefit from the enhanced forms of protections that some of these
other solutions can offer them. They need something that in it's default
configuration can keep them protected from themselves since they have no idea
how to take advantage of advanced configuration.
I agree that there are certainly some questionable products out there, and
that can be said for almost any class of s'ware product, and that's why we
depend on informed reviews to help sort out the cruft. And anyone who's been
following security software for any length of time, they know the labs and
reviewers they can trust.

Ok, I'm done, and if you insist on continuing on after this, be my
guest...it's your energy and time, not mine...well, not any more anyway. I'm
simply tired of this, I usually avoid getting caught up in this type of
useless merry-go-round. I could care less if I get the last word in or not,
but if that's what you need to make you feel good then have at it, it's all
yours.

 

[Root Kit]

On Wed, 16 Jul 2008 23:06:20 -0400, "Mr. Arnold" <MR.

And I am going to tell you again that Commode or any other 3rd party host based personal
firewall/packet filter are not FW(s).

The same goes for the windows FW.

 

[Kerry Brown]

Thanks for the info!

You're welcome.

 

[Chappy]

I also have a couple of letters behind my name too.
I don't usually throw them around as any sort of sign of anything, but I'll
let you see my business card and you tell me if they mean anything.

 

[Gordon]

I also have a couple of letters behind my name too.
I don't usually throw them around as any sort of sign of anything, but
I'll
let you see my business card and you tell me if they mean anything.

And what has that got to do with anything that Kerry said?

 

[Chappy]

link keeps getting doubled up for some reason, here's the direct -
http://img172.imageshack.us/img172/3770/scan0807170001uy4.jpg

 

[Chappy]

Actually, about as much as anybody has said around here, but Kerry had to
throw that he's an MVP for 3 years so he's a security pro.
Well, like I said I don't usually bring this up but I do have a few letters
that lend credibility to my computer skills too, it's call a "Doctorate
Degree", Professor of Computer Science and "Assistant Dean of Sciences,
Computer Science", University of ******.
I dunno...does that qualify me as a "Pro" also??

I also have a couple of letters behind my name too.
I don't usually throw them around as any sort of sign of anything, but
I'll
let you see my business card and you tell me if they mean anything.

And what has that got to do with anything that Kerry said?

 

[Gordon]

Actually, about as much as anybody has said around here, but Kerry had to
throw that he's an MVP for 3 years so he's a security pro

No - re read his post. he said "I manage network security for three
companies as a living". the bit about being MVP was thrown in as an extra.

 

[Charlie Tame]

Actually, about as much as anybody has said around here, but Kerry had to
throw that he's an MVP for 3 years so he's a security pro.
Well, like I said I don't usually bring this up but I do have a few letters
that lend credibility to my computer skills too, it's call a "Doctorate
Degree", Professor of Computer Science and "Assistant Dean of Sciences,
Computer Science", University of ******.
I dunno...does that qualify me as a "Pro" also??

It indicates that you are pretty good with a black crayon, although
definitely not heading for a career with one.

Outbound firewalls "Can" be useful if you know what you are doing but
for most people they represent closing the stable door after the horse
is gone - snake oil.

http://stlouiemoesblogaboutanything.blogspot.com/2008/06/show-him-your-card.html

 

[Root Kit]

What I don't understand tho is the absolutely maniacal and almost violent
hatred of any 3rd party firewalls?

What I don't understand is the almost religious admiration for a
security concept which is broken already by design.

If you don't remember, the firewall in Windows was purchased from a 3rd
party and embedded into Windows, it was NOT designed by MS engineers!! Are
you all saying that other engineers can't design and build a useful & secure
firewall?

No. If you ask me, I'm saying the designers of the MS firewall,
whoever they might be, made a clever design choice to not waste code
on useless trials.

And don't come up with "ooh - but the Vista FW does outbound control,
so they changed their minds" because the outbound control of Vista is
different and builds on the overall security enhancements of the OS
compared to XP, W2K etc.

I think they may have something to say about that, especially
considering that they do very well in unsponsored testing facilities.
Are you also saying that these testing facilities are full of it or don't
know what they're doing?

No. But if you take matousec as an example (since you mentioned them
yourself), they do try to sell their knowledge (both in general and
also about specific FW vulnerabilities) to vendors. So calling them
"un sponsored" may be a bit over the top.

If by "other testing facilities" you refer to computer magazines etc.
making product tests, please have in mind that they seldom have the
needed deep skills to actually look under the hood of such products to
test if they actually do what they claim to do. They mostly test and
compare the "look and feel" user experience and come up with
"recommendations" based on that. They also probably aren't going to be
too harsh on potential advertisers, so...

To be honest, if I was selling firewall software, I would prioritize a
light weight user friendly experience over hard core security -
because what makes sense in a B2C market place does not necessarily go
hand in hand with what makes sense in terms of security.

Just for the record, I have no problem with matousec or the work they
do except that they unfortunately help promote the idea that host
based outbound control makes sense. That said, I consider them to be
skilled guys.

In a way, I almost agree with you about all the other forms of protection
that even Comodo firewall has. In fact, I have most of that turned off and
use it basically as a packet filtering solution, I don't need all the HIPS
and hook alerts because I know what I'm doing,

That's the whole point. If you understand what this stuff actually
means, you don't really need it.

just as you others do too. But we all know the majority of users haven't
the time or opportunity to learn what we have, so they can benefit from
the higher forms of protections these products can offer besides simply
being a filtering interface.

I disagree entirely. The majority of users don't have the slightest
idea how to correctly deal with such pop-ups.

We can harden our systems without (as you put it) having someone protect
Us from Us, we don't have poor habits and we know better.

But 80% of todays users just don't have that knowledge

And believing that pop-ups containing technical nonsense and
misinformation is of any help to that segment is the only reason why
there is a market for these products in the first place.

 

[Kerry Brown]

Actually, about as much as anybody has said around here, but Kerry had to
throw that he's an MVP for 3 years so he's a security pro.
Well, like I said I don't usually bring this up but I do have a few
letters
that lend credibility to my computer skills too, it's call a "Doctorate
Degree", Professor of Computer Science and "Assistant Dean of Sciences,
Computer Science", University of ******.
I dunno...does that qualify me as a "Pro" also??

You intimated that security pros endorse 3rd party firewalls and Commodo in
particular. I was pointing out that I am a security pro who thinks
otherwise.

Since you pointed out you have some technical skills can you tell me the
answer to this question. How would a firewall running in an OS detect a
rootkit that has it's own TCP/IP stack completely independent of the OS? For
that matter can a software firewall detect that it's running on a virtual
machine with several other OS's running in virtual machines all using the
same NIC? Don't you think that malware may use similar methods? If someone
pwns your computer there is no way you can stop them from communicating
outbound with software running on that same computer. You can make it hard
but you can't stop them.

 

[Mr. Arnold]

On Wed, 16 Jul 2008 23:06:20 -0400, "Mr. Arnold" <MR.


The same goes for the windows FW.

I think I have mentioned Vista's personal packet filter in the same light of
it not being a FW, in previous posts.

 

[Mr. Arnold]

Tuff?
That's a laugher

What I don't understand tho is the absolutely maniacal and almost violent
hatred of any 3rd party firewalls?

I don't hate them as long as they are kept in their proper prosective of
being a persone packet filter with no fluff.

If you don't remember, the firewall in Windows was purchased from a 3rd
party and embedded into Windows, it was NOT designed by MS engineers!!

Who cares about that? The solution has hooks into the O/S that no 3rd party
solution can match.

Are
you all saying that other engineers can't design and build a useful &
secure
firewall?

For the 1 millon times more, the solutions you talk about are NOT FIREWALLS.

I think they may have something to say about that, especially
considering that they do very well in unsponsored testing facilities.
Are you also saying that these testing facilities are full of it or don't
know what they're doing?

To strike the fear into people that think that they need some kind of
complicated solution with snake oil in it, when all is needed is a simple
packet? Yes I do think that they put too much snake oil in the solutions.

I would ask where would we be without those unsponsored testing facilities
doing the job of sorting out the good from the bad for us. I can't imagine
having to run our own tests on AV and other security software and I don't
think you'd relish that thought either, so we depend on those who've
decided
to make a living from it to do this for us.

That's you not me. I look at the log on a FW or personal packet filter to
view unsolicited inbound packets that have been blocked and outbound packets
being send out due to a solicitation or no solicitation.

I'm certainly NOT against MS, in fact I stand up for their efforts against
allot of MS bashers, I know how difficult it is to make something this
complex perfect...it aint gonna happen. Just because I think another
company's firewall offers me better protection and an opportunity to
configure advanced rules to suit my needs, doesn't mean I hate the Windows
firewall or any other part of it. I'm sure there's things in Windows you
don't like either.

I can do the same thing with the Vista packet filter, that is , to create
filtering rules for inbound or outbound packets, based on port, protocol, IP
or subnet.

I can do the same thing with IPsec as well.

That's the only thing that counts is one can set advanced packet filtering
rules. I don't need the solution to be doing anything else.

But I am entitled to my opinion just as you to yours, and I never hold
yours
against you or call your decisions foolish. You have your reasons for your
decision and I mine. You can attempt to get others to listen to your
advice,
and I can attempt to do the same, but we allow them to make the final
decision based on whatever information we can provide for our respective
points of view

..
About this, pfft!

You can find a dozen sites that say Win Firewall Rox...and I can list a
dozen that says differently...so what. It's up to the end user to decide
which suits their needs best.

I say pfft to this too.

If Windows starts embedding an AV app, is
everyone all of a sudden idiots if they stay with another proven product?

I say pfft too this too.

certainly hope not, so why the big deal over their firewall, which again
was
written by others outside of the MS family...proving that there are in
fact
some intelligent and competent engineers out there writing software
solutions
that can do the job.

No one said they were not competent, as long as the keep the basic rules of
a paket filter filtering packets.

We could go forever replying to little snippets of each others posts and
still make no headway, it's simply a waste of all of our time and
energies.
Despite your arguments to the contrary, there are perfectly good, secure
and
well designed firewall solutions out there ans MANY other people use these
products with excellent results. If you get excellent results from your
product, well that's excellent and more power to you, but don't go nutzoid
on
others for their choice of solution.

I am going to tell you once again that what you're taking about are NOT FW
solutions. What you're talking about DO NOT fit nor do they fall into the
category of being FW SOLUTIONS.

In a way, I almost agree with you about all the other forms of protection
that even Comodo firewall has. In fact, I have most of that turned off and
use it basically as a packet filtering solution, I don't need all the HIPS
and hook alerts because I know what I'm doing, just as you others do too.

And I know what I doing also, and whatever little features beyond packet
filtering rules in the solution, I don't need.

But
we all know the majority of users haven't the time or opportunity to learn
what we have, so they can benefit from the higher forms of protections
these
products can offer besides simply being a filtering interface.

And what they don't need is some solution telling them what they need to do
forcing them to make decisions.

We can harden
our systems without (as you put it) having someone protect Us from Us, we
don't have poor habits and we know better.

What they need to learn is safe hex computing habits. The link is not for
you, but it is for others that may be reading this post.

http://www.claymania.com/safe-hex.html

But 80% of todays users just don't
have that knowledge and that's where those of us that do, come in to help
them as best we can. And in my opinion, and a few others too, most casual
users can benefit from the enhanced forms of protections that some of
these
other solutions can offer them.

I disagree because all they are doing is leaning on the security blanket
like a crutch, when they should be learning what to do. This is what
separates Linux users from MS users in some cases.

They need something that in it's default
configuration can keep them protected from themselves since they have no
idea
how to take advantage of advanced configuration.

Once malware hits the machine and is executed, it' over to begin with, and
no packet filtering solutions are going to stop it in their default state.
What they need to learn is how to take it out of its default state.

<snipped>

What users need to do is understand what an exploit is about, take the
proper tools and go look at what's happening, and not lean on the solutions
you talk about like a crutch, which I don't even do with what's' running on
Vista such its packet filter or IPsec. I look around for myself from time to
time, and I let nothing tell me it's okay dokey.

The link is not for you, but for others that may be reading this posts.

<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

CurrPort instead Active Port and put a short-cut in the start-up so you can
look at connections being made at the boot and login. This is one of the
places that malware can beat your 3rd party solutions, because malware can
beat the solutions and get to the network connection before your solutions
are up and running to protect the connection. This is not so with Vista's
packet filter.

 

[Kerry Brown]

CurrPort instead Active Port and put a short-cut in the start-up so you
can look at connections being made at the boot and login. This is one of
the places that malware can beat your 3rd party solutions, because malware
can beat the solutions and get to the network connection before your
solutions are up and running to protect the connection. This is not so
with Vista's packet filter.

A root kit that loads before the OS could bypass the Vista packet filter as
well. It would be harder but it could be done.

 

[FromTheRafters]

While we're on the subject of these so-called firewalls, I'm reminded of
the old saw about increasing security by adding software.

We have already seen what can happen when security software tries
to do too much - AV's have actually reduced security in the form of
supporting worms. They grab incoming email and extract attachment
data - decompress the zipfile it represents - only to find it has been
crafted to exploit the decompression routine by overflowing a buffer.
So, maybe nobody wrote a worm for any of these exploits, but that
is not the point.

What happens when so-called firewalls (actually just applications)
Start looking for everything that could possibly be part of a data
leak attack. My bet is that they will prove to be more trouble than
they are worth. The more software you have, the greater your risk
of software flaws being exploited. Even more so if said software is
running. Even more so if it faces the web.

 

[Kerry Brown]

That's a very good point. At least one popular personal firewall has been
found to have buffer overflow problems in the past.

http://download.zonelabs.com/bin/free/securityAlert/8.html

 

[Root Kit]

That's a very good point. At least one popular personal firewall has been
found to have buffer overflow problems in the past.

You make it sound like such issues are rare. They aren't ;-)

 

[Kerry Brown]

You make it sound like such issues are rare. They aren't ;-)

Sadly, you are correct.