Let's say you are running anti-virus and anti-spyware programs that
provide real-time protection. How important is it to have a firewall with
application protection, versus just a packet filter?
d
> Let's say you are running anti-virus and anti-spyware programs that
> provide real-time protection. How important is it to have a firewall
> with application protection, versus just a packet filter?
"Firewall" is a very broad term, and its meaning depends strongly on
what definition you are using. However, judging from your question I
assume that you are talking about personal firewalls here, and by
"application protection" you mean attempts to control what program may
or may not communicate outbound.
I wouldn't recommend using "application protection" as it is not
reliable. Stick with anti-virus (to prevent malware from actually being
run) and packet filter (to prevent worms/attackers from exploiting
vulnerabilities in network services). If you configure the computer to
not provide any network services in the first place, you don't even need
the packet filter.
In addition to that: use a normal user account for day-to-day work, and
keep all software on the computer up-to-date.
cu
59cobalt
--
"Personal Firewalls are crap. Throw away any personal firewall. Personal
Firewalls are bad[tm]."
--Malte von dem Hagen on security-basics
On 26 Oct 2006 13:06:14 GMT, Ansgar -59cobalt- Wiechers wrote:
>If you configure the computer to
> not provide any network services in the first place, you don't even need
> the packet filter.
What services should one disable on a Home PC and still have internet
connection working?
Crispy Critter
> On 26 Oct 2006 13:06:14 GMT, Ansgar -59cobalt- Wiechers wrote:
>> If you configure the computer to not provide any network services in
>> the first place, you don't even need the packet filter.
>
> What services should one disable on a Home PC and still have internet
> connection working?
http://www.ntsvcfg.de/ntsvcfg_eng.html
Depending on your ISP's requirements you may need to re-enable the
DHCP-Client service, but in general you don't need to provide any
network service to have Internet connectivity.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On 26 Oct 2006 23:07:06 GMT, Ansgar -59cobalt- Wiechers wrote:
> http://www.ntsvcfg.de/ntsvcfg_eng.html
>
> Depending on your ISP's requirements you may need to re-enable the
> DHCP-Client service, but in general you don't need to provide any
> network service to have Internet connectivity.
>
> cu
> 59cobalt
OK, thx. I'll do as that site says and see how it goes. I've read websites
that say what services to disable before and they always have different
ideas as to what should be disabled. Some have caused certain functions I
wanted to stop running too. Some people say you don't need to disable any
network services if XP is fully patched.
Crispy Critter
> On 26 Oct 2006 23:07:06 GMT, Ansgar -59cobalt- Wiechers wrote:
>> http://www.ntsvcfg.de/ntsvcfg_eng.html
>>
>> Depending on your ISP's requirements you may need to re-enable the
>> DHCP-Client service, but in general you don't need to provide any
>> network service to have Internet connectivity.
>
> OK, thx. I'll do as that site says and see how it goes. I've read
> websites that say what services to disable before and they always have
> different ideas as to what should be disabled. Some have caused
> certain functions I wanted to stop running too. Some people say you
> don't need to disable any network services if XP is fully patched.
They are right, to a certain extent. Patches should eliminate all known
bugs, so any worm/attacker targeting a known vulnerability should fail.
However, there's always the possibility of a 0-day, or an undisclosed
bug, or a patch not working as supposed. Also some network services may
allow for additional attack vectors (e.g. administrative shares + weak
admin password, or messenger spam). Thus it's better to not expose
services you don't need to expose.
cu
59cobalt
--
"Personal Firewalls are crap. Throw away any personal firewall. Personal
Firewalls are bad[tm]."
--Malte von dem Hagen on security-basics
On 27 Oct 2006 18:04:58 GMT, Ansgar -59cobalt- Wiechers wrote:
> They are right, to a certain extent. Patches should eliminate all known
> bugs, so any worm/attacker targeting a known vulnerability should fail.
> However, there's always the possibility of a 0-day, or an undisclosed
> bug, or a patch not working as supposed. Also some network services may
> allow for additional attack vectors (e.g. administrative shares + weak
> admin password, or messenger spam). Thus it's better to not expose
> services you don't need to expose.
>
> cu
> 59cobalt
Yea, that makes sense, thanks.