Hi,
Could you tell me if win xp sp2 firewall is good enough to protect my
computer. I have use in the past Zone Alarm but it just slow dowm way to
much my computer.
Thanks for your advice
L
Laura25
> Could you tell me if win xp sp2 firewall is good enough to protect my
> computer.
Comapred to Zone Alarm, it is.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Laura25
> Could you tell me if win xp sp2 firewall is good enough to protect my
> computer.
Protect your computer against *what*? It will protect your computer just
fine against attempts to exploit vulnerable services. It won't protect
your computer at all against being dumped into a river.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Laura25 wrote:
> Hi,
>
> Could you tell me if win xp sp2 firewall is good enough to protect my
> computer. I have use in the past Zone Alarm but it just slow dowm way to
> much my computer.
>
> Thanks for your advice
>
> L
>
>
It's no worst than the other ones as long as you understand its
limitations. It doesn't have a lot of snake-oil in it trying to protect
you from you.
Ansgar -59cobalt- Wiechers wrote:
> Laura25
>> Could you tell me if win xp sp2 firewall is good enough to protect my
>> computer.
>
> Protect your computer against *what*? It will protect your computer just
> fine against attempts to exploit vulnerable services. It won't protect
> your computer at all against being dumped into a river.
That's why I make my laptop wear a life jacket at all times!
Rick Merrill
> Ansgar -59cobalt- Wiechers wrote:
> > Laura25
> >> Could you tell me if win xp sp2 firewall is good enough to protect my
> >> computer.
> > Protect your computer against *what*? It will protect your computer just
> > fine against attempts to exploit vulnerable services. It won't protect
> > your computer at all against being dumped into a river.
> That's why I make my laptop wear a life jacket at all times!
Is your life jacket protecting the river against your laptop, too? By
filtering outbound water? ;-)
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
On Sat, 17 Mar 2007 19:16:05 -0400, Laura25 wrote:
> Hi,
>
> Could you tell me if win xp sp2 firewall is good enough to protect my
> computer. I have use in the past Zone Alarm but it just slow dowm way to
> much my computer.
>
> Thanks for your advice
Windows XP SP2 fireall is the last resort - it has one serious flaw - if
you run as a local administrator, and most people do, it allows programs
and services to create holes (exceptions) in it. Also, if you normally
share files/printers, it will default to allowing File/Printer sharing,
which also greatly exposes you.
I consider XP Sp2 firewall to be about worthless in most settings unless
you run as a limited user, check for exceptions and remove all of them,
and check this daily.
I've seen machines where the users have been compromised many times using
XP SP2 firewall that switched to ZAP and were not compromised again.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Mar 18, 8:08 am, Leythos
> On Sat, 17 Mar 2007 19:16:05 -0400, Laura25 wrote:
> > Hi,
>
> > Could you tell me if win xp sp2 firewall is good enough to protect my
> > computer. I have use in the past Zone Alarm but it just slow dowm way to
> > much my computer.
>
> > Thanks for your advice
>
> Windows XP SP2 fireall is the last resort - it has one serious flaw - if
> you run as a local administrator, and most people do, it allows programs
> and services to create holes (exceptions) in it. Also, if you normally
> share files/printers, it will default to allowing File/Printer sharing,
> which also greatly exposes you.
>
> I consider XP Sp2 firewall to be about worthless in most settings unless
> you run as a limited user, check for exceptions and remove all of them,
> and check this daily.
>
> I've seen machines where the users have been compromised many times using
> XP SP2 firewall that switched to ZAP and were not compromised again.
>
> --
> Leythos
> spam999f...@rrohio.com (remove 999 for proper email address)
Microsoft would have a lot less security problems if people would stop
running as admins. I really doubt if that is going to happen anytime
soon. People tend to be resistant to change unless change is forced on
them.
Leythos
> On Sat, 17 Mar 2007 19:16:05 -0400, Laura25 wrote:
>> Could you tell me if win xp sp2 firewall is good enough to protect my
>> computer. I have use in the past Zone Alarm but it just slow dowm way
>> to much my computer.
>
> Windows XP SP2 fireall is the last resort - it has one serious flaw -
> if you run as a local administrator, and most people do, it allows
> programs and services to create holes (exceptions) in it.
This "flaw" is shared by each and every software in existence.
> Also, if you normally share files/printers, it will default to
> allowing File/Printer sharing, which also greatly exposes you.
Wow, if you expose services these services will be ... exposed. Thank
you for clearing that up.
> I consider XP Sp2 firewall to be about worthless in most settings
> unless you run as a limited user, check for exceptions and remove all
> of them, and check this daily.
Running with LUA is *the* single most important precondition to achieve
computer security.
> I've seen machines where the users have been compromised many times
> using XP SP2 firewall that switched to ZAP and were not compromised
> again.
Yeah, right.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Hexalon
> Microsoft would have a lot less security problems if people would stop
> running as admins. I really doubt if that is going to happen anytime
> soon. People tend to be resistant to change unless change is forced on
> them.
Beside that all "Leythos" said is nonsense (as usual from him), the best
way Microsoft could stop people to work as Administrator would be not to
have this as a default.
Well, they're doing something like this now with Vista: the user is
administrator, but administrator's don't have every right any more :-/
(try to open a SYSTEM shell on Vista)
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Ansgar -59cobalt- Wiechers
> > I've seen machines where the users have been compromised many times
> > using XP SP2 firewall that switched to ZAP and were not compromised
> > again.
> Yeah, right.
Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Volker Birk wrote:
> Hexalon
>
>>Microsoft would have a lot less security problems if people would stop
>>running as admins. I really doubt if that is going to happen anytime
>>soon. People tend to be resistant to change unless change is forced on
>>them.
>
>
> Beside that all "Leythos" said is nonsense (as usual from him), the best
> way Microsoft could stop people to work as Administrator would be not to
> have this as a default.
Well, it's not and there is no sense crying over it. The XP FW does have
some issues in it that it will allow FW rules to be set for an
application that the end-user has no clue about upon installation of the
application. I have seen this with some .NET Windows applications that
were using .NET remoting that I have developed and installed on XP with
the FW active.
There is no way that the XP O/S or the XP FW knew the intent of that
application good or bad as a client or server. And yet rules were set
for the applications to punch through the FW. You name another PFW that
allows this kind of rule setting, which is ridiculous.
>
> Well, they're doing something like this now with Vista: the user is
> administrator, but administrator's don't have every right any more :-/
> (try to open a SYSTEM shell on Vista)
I guess they listened to someone after many years of not listening.
On Sun, 18 Mar 2007 16:03:16 +0100, Volker Birk wrote:
> Hexalon
>> Microsoft would have a lot less security problems if people would stop
>> running as admins. I really doubt if that is going to happen anytime
>> soon. People tend to be resistant to change unless change is forced on
>> them.
>
> Beside that all "Leythos" said is nonsense (as usual from him), the best
> way Microsoft could stop people to work as Administrator would be not to
> have this as a default.
LOL - Nonsense, yea, that explains why AOL and Yahoo IM and many others
can punch holes while installing in the XP firewall, but, they have to get
permission to do it in ZAP.
So, VB, are you stating that NO APPLICATION or MALWARE can make
adjustments to the Windows XP SP2 firewall when the user is running as an
administrator without the admin knowing?
Nows your chance, show everyone just how wrong I am by making a clear
statement that "No application/malware can enter exceptions in the XP
firewall while running as an administrator".
> Well, they're doing something like this now with Vista: the user is
> administrator, but administrator's don't have every right any more :-/
> (try to open a SYSTEM shell on Vista)
And it can be turned off.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Sun, 18 Mar 2007 16:05:18 +0100, Volker Birk wrote:
> Ansgar -59cobalt- Wiechers
>> > I've seen machines where the users have been compromised many times
>> > using XP SP2 firewall that switched to ZAP and were not compromised
>> > again.
>> Yeah, right.
>
> Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
It's a shame you two pretend to have experience when almost everything you
say about firewalls and security is full of so many holes and
misinformation that it only impresses the noobs.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Leythos
> On Sun, 18 Mar 2007 16:05:18 +0100, Volker Birk wrote:
>> Ansgar -59cobalt- Wiechers
>>>> I've seen machines where the users have been compromised many times
>>>> using XP SP2 firewall that switched to ZAP and were not compromised
>>>> again.
>>>
>>> Yeah, right.
>>
>> Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
>
> It's a shame you two pretend to have experience when almost everything
> you say about firewalls and security is full of so many holes and
> misinformation
Like what?
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Leythos
> On Sun, 18 Mar 2007 16:03:16 +0100, Volker Birk wrote:
>> Beside that all "Leythos" said is nonsense (as usual from him), the
>> best way Microsoft could stop people to work as Administrator would
>> be not to have this as a default.
>
> LOL - Nonsense, yea, that explains why AOL and Yahoo IM and many
> others can punch holes while installing in the XP firewall, but, they
> have to get permission to do it in ZAP.
>
> So, VB, are you stating that NO APPLICATION or MALWARE can make
> adjustments to the Windows XP SP2 firewall when the user is running as
> an administrator without the admin knowing?
And once again Leythos spectacularly fails to understand that a) noone
ever claimed that, and b) an administrator cannot be prevented from
doing whatever he pleases without restricting his privileges (which
actually makes him a non-administrator).
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>Volker Birk wrote:
>>
>>>Hexalon
>>>
>>>
>>>>Microsoft would have a lot less security problems if people would stop
>>>>running as admins. I really doubt if that is going to happen anytime
>>>>soon. People tend to be resistant to change unless change is forced on
>>>>them.
>>>
>>>Beside that all "Leythos" said is nonsense (as usual from him), the best
>>>way Microsoft could stop people to work as Administrator would be not to
>>>have this as a default.
>>
>>Well, it's not and there is no sense crying over it. The XP FW does have
>>some issues in it that it will allow FW rules to be set for an
>>application that the end-user has no clue about upon installation of the
>>application.
>
>
> This requires Administrator rights. And then it applies to any Personal
> "Firewall".
>
>
>>I have seen this with some .NET Windows applications that
>>were using .NET remoting that I have developed and installed on XP with
>>the FW active.
>
>
> Yeah, actually one should be happy that Microsoft offers an explicit
> interface for adding appropriate rules.
I am suppose to have some kind if warm and fuzzy felling about that,
with MS track record? I don't think so.
> For typical PFWs you either have to
> use some dirty tricks (while risking that some idiots will scream "HACK
> ATTEMPT !!!11")
At most, the application would say that an unauthorized program was
trying to access the Internet, that you the user didn't approve. I am
not a proponent of Application Control in PFW(s) but at least ask me.
If I don't want to be asked, then I'll disable it. But don't *you* the
PFW start making rules, because I installed an application on the computer.
> or you'll have to ask the user to add the rules (which
> they're usually incapable of).
And MS and its PFW somehow knows the intent and knows the correct
decision to make? MS has no business making any rules that the user
doesn't know about, period. PFW, will you please prompt someone about
what you're about to do?
I don't want MS with some FW to be making any rules without user
permission about anything. I would say I don't want this and I would say
that most wouldn't want it either.
>
>
>>There is no way that the XP O/S or the XP FW knew the intent of that
>>application good or bad as a client or server. And yet rules were set
>>for the applications to punch through the FW. You name another PFW that
>>allows this kind of rule setting, which is ridiculous.
>
>
> Any does. By design.
We are not talking about any. We are talking about the XP FW that will
set rules dead in your face, if one knew to go check.
>
> Unfortunately, Windows Vista makes it worse on total.
That's what I read.
Post removed (X-No-Archive: yes)
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>>For typical PFWs you either have to
>>>use some dirty tricks (while risking that some idiots will scream "HACK
>>>ATTEMPT !!!11")
>>
>>At most, the application would say that an unauthorized program was
>>trying to access the Internet, that you the user didn't approve.
>
>
> I'm talking about the application on its own adding a rule to the PFW for
> allowing appropriate access. You won't get any queries then.
I don't want any application having the ability to add its own rules to
a PFW, period. I don't care what it is.
>
> Of course the application would have to implement this for every single
> PFW, and since most don't offer any interface they'd have to use their own
> dirty tricks (f.e. sending Windows messages, hijacking a kernel driver,
> ...), but it's generally no problem.
>
> Considering an explicit interface being offered by Windows Firewall
> therefore is no security problem, but rather a sign of sanity.
What are you talking about? Programmers are not stupid, particularly
hacker types. You think someone couldn't figure out a program interface
after hitting it numerous times to figure it out?
You think that information on how to access the interface is going to be
kept under some kind Fort Knox lock and key?
>
>
>>>or you'll have to ask the user to add the rules (which
>>>they're usually incapable of).
>>
>>And MS and its PFW somehow knows the intent and knows the correct
>>decision to make?
>
>
> At first, it's no PFW. And no, they don't have to know any intent, because
> they delegate this task to the respective software itself.
>
Me, Job Blow program writing hacker who has cracked the interface, got
some user with the happy fingers to click on something that did the
install of my hacker program and I have good intentions. You come on
let's do some delegation.
>
>>I don't want MS with some FW to be making any rules without user
>>permission about anything.
>
>
> Well, then why are you running with admin rights? With admin rights, this
> would hold for any PFW. And without admin rights, it won't hold for Windows
> Firewall.
Come on man, why is anyone running with admin rights? Maybe, it's
because it's the default.
>
>
>>>>There is no way that the XP O/S or the XP FW knew the intent of that
>>>>application good or bad as a client or server. And yet rules were set
>>>>for the applications to punch through the FW. You name another PFW that
>>>>allows this kind of rule setting, which is ridiculous.
>>>
>>>Any does. By design.
>>
>>We are not talking about any. We are talking about the XP FW that will
>>set rules dead in your face, if one knew to go check.
>
>
> The same is true for all other PFWs any would be true for any
> implementation. Where's your argument? You're complaining about a trivial
> and unavoidable fact.
I like the way you try to take the focal point away from your beloved XP
FW. It won't hold.
On Mon, 19 Mar 2007 00:57:19 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Sun, 18 Mar 2007 16:03:16 +0100, Volker Birk wrote:
>>> Beside that all "Leythos" said is nonsense (as usual from him), the
>>> best way Microsoft could stop people to work as Administrator would
>>> be not to have this as a default.
>>
>> LOL - Nonsense, yea, that explains why AOL and Yahoo IM and many
>> others can punch holes while installing in the XP firewall, but, they
>> have to get permission to do it in ZAP.
>>
>> So, VB, are you stating that NO APPLICATION or MALWARE can make
>> adjustments to the Windows XP SP2 firewall when the user is running as
>> an administrator without the admin knowing?
>
> And once again Leythos spectacularly fails to understand that a) noone
> ever claimed that, and b) an administrator cannot be prevented from
> doing whatever he pleases without restricting his privileges (which
> actually makes him a non-administrator).
Actually, between VB and SG, anyone following them would be fed the crap
about XP SP2 firewall being all that they need and that nothing else is as
good.
Time and time again, and again, they've made that assertion.
Time and time again they are wrong - XP SP2 firewall, by default, on most
home users computers, has file/printer sharing exceptions, has AOL
exceptions, has IM exceptions, etc...
Those same holes are not there by default on a ZAP installation, and it's
a long more evident when they are created.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Sun, 18 Mar 2007 16:05:18 +0100, Volker Birk wrote:
>>> Ansgar -59cobalt- Wiechers
>>>>> I've seen machines where the users have been compromised many times
>>>>> using XP SP2 firewall that switched to ZAP and were not compromised
>>>>> again.
>>>>
>>>> Yeah, right.
>>>
>>> Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
>>
>> It's a shame you two pretend to have experience when almost everything
>> you say about firewalls and security is full of so many holes and
>> misinformation
>
> Like what?
Pick anything said about XP Sp2 firewall being good....
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Post removed (X-No-Archive: yes)
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>>I'm talking about the application on its own adding a rule to the PFW for
>>>allowing appropriate access. You won't get any queries then.
>>
>>I don't want any application having the ability to add its own rules to
>>a PFW, period. I don't care what it is.
>
>
> Then don't run as admin. Anyway else the application will be successful on
> ruining your wish.
It's been preached by me and others about admin rights and the none use
of them. I really doubt that you even follow your own preaching about it.
>
>
>>>Of course the application would have to implement this for every single
>>>PFW, and since most don't offer any interface they'd have to use their own
>>>dirty tricks (f.e. sending Windows messages, hijacking a kernel driver,
>>>...), but it's generally no problem.
>>>
>>>Considering an explicit interface being offered by Windows Firewall
>>>therefore is no security problem, but rather a sign of sanity.
>>
>>What are you talking about? Programmers are not stupid, particularly
>>hacker types. You think someone couldn't figure out a program interface
>>after hitting it numerous times to figure it out?
>
>
> You're referring to the interface the PFW itself is using internally? This
> is usually secured, for whatever it might be worth.
No program interface is secured if the the call can be made from one
program to another one exposing the interface.
The interface is only a contract between the client and server program
on how and what parameters are passed between the two to access a method
or property in the server program, which in this case the XP FW is the
server and the malware is the client program.
There are people better than you or me that can accomplish this. So,
don't kid yourself, me or this NG about it.
>
>
>>You think that information on how to access the interface is going to be
>>kept under some kind Fort Knox lock and key?
>
>
> Nah, I'd say it's a cryptographic key.
You're talking more nonsense, as I have made cryptic keys for programs.
Someone knows the keys. He or she must pass this information out or
provide the file that has the key to others that will use the key to
access a program that's using/or needs a cryptic key to be accessed.
A cryptic key is NOT iron clad security. A again, don't kid yourself, me
or this NG about this.
>
>
>>>At first, it's no PFW. And no, they don't have to know any intent, because
>>>they delegate this task to the respective software itself.
>>>
>>
>>Me, Job Blow program writing hacker who has cracked the interface, got
>>some user with the happy fingers to click on something that did the
>>install of my hacker program and I have good intentions. You come on
>>let's do some delegation.
>
>
> You're talking as if you could actually do anything against malicious
> software running with admin rights...
This is drivel from you and more nonsense, since the hacker program is
the program running with admin rights of the user that's logged on to
the machine and is the one that's being talked about above that wants to
set rules and control the BS XP FW.
Yeah, so come on down and lets do some delegations with the so called
malicious program, so that it's delegating to the XP FW program, its
interface, and is setting rules. Hell, it might not even be a malicious
program and does nothing malicious.
But the bad oh so very bad program is running and it's going to do what
it needs to do malicious or not malicious. And it's going around the XP FW.
It has come around the XP FW, because it delegated some rules to it,
because the cryptic key is known, the interface between the calling
program (the hacker program) and the server program the XP FW is known,
and the methods and properties are known for the XP FW (the server program).
And if you think that this cannot ever happen, then your bullshitting
yourself, me and this NG.
>
>
>>>>I don't want MS with some FW to be making any rules without user
>>>>permission about anything.
>>>
>>>Well, then why are you running with admin rights? With admin rights, this
>>>would hold for any PFW. And without admin rights, it won't hold for Windows
>>>Firewall.
>>
>>Come on man, why is anyone running with admin rights? Maybe, it's
>>because it's the default.
>
>
> And as long as you don't change this, you've already lost.
Man, you don't talk to me as if you know what I am doing, because you
don't.
You're talking more nonsense and you can't seem to face reality, when it
comes to the average job blow home user and security that 99% of them
are running are with admin rights.
The preach from you has been preached numerous times in this NG and
other's and yet the average job blow home user is going to run with
admin rights.
You preach to them. You stand on your soapbox and you preach to them,
not me.
>
>
>>>The same is true for all other PFWs any would be true for any
>>>implementation. Where's your argument? You're complaining about a trivial
>>>and unavoidable fact.
>>
>>I like the way you try to take the focal point away from your beloved XP
>>FW. It won't hold.
>
>
> If I pee on a hamburger, it tastes bad. That's why hamburgers are worse
> than cheeseburgers. And you claim it's the hamburger's fault.
WTF are you talking about? This is some absolute bullshit drivel from you.
You take the XP FW burger, you stick it right up your ass, smell it
after you pull it out, and then you eat it.
You go ahead and you post again you *clown*, because we all know you
will do that.
People in this NG are so tired of you and your fucking bullshit about
the XP FW or anything else for that matter.
and the XP FW are not a bed of roses.
Leythos
> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>
>> Leythos
>>> On Sun, 18 Mar 2007 16:05:18 +0100, Volker Birk wrote:
>>>> Ansgar -59cobalt- Wiechers
>>>>>> I've seen machines where the users have been compromised many
>>>>>> times using XP SP2 firewall that switched to ZAP and were not
>>>>>> compromised again.
>>>>>
>>>>> Yeah, right.
>>>>
>>>> Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
>>>
>>> It's a shame you two pretend to have experience when almost
>>> everything you say about firewalls and security is full of so many
>>> holes and misinformation
>>
>> Like what?
>
> Pick anything said about XP Sp2 firewall being good....
It's not my job to pick anything when it comes to supporting a claim you
made. So name something I said that was "full of so many holes and
misinformation".
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Leythos
> On Mon, 19 Mar 2007 00:57:19 +0000, Ansgar -59cobalt- Wiechers wrote:
>> Leythos
>>> On Sun, 18 Mar 2007 16:03:16 +0100, Volker Birk wrote:
>>>> Beside that all "Leythos" said is nonsense (as usual from him), the
>>>> best way Microsoft could stop people to work as Administrator would
>>>> be not to have this as a default.
>>>
>>> LOL - Nonsense, yea, that explains why AOL and Yahoo IM and many
>>> others can punch holes while installing in the XP firewall, but,
>>> they have to get permission to do it in ZAP.
>>>
>>> So, VB, are you stating that NO APPLICATION or MALWARE can make
>>> adjustments to the Windows XP SP2 firewall when the user is running
>>> as an administrator without the admin knowing?
>>
>> And once again Leythos spectacularly fails to understand that a)
>> noone ever claimed that, and b) an administrator cannot be prevented
>> from doing whatever he pleases without restricting his privileges
>> (which actually makes him a non-administrator).
>
> Actually, between VB and SG, anyone following them would be fed the
> crap about XP SP2 firewall being all that they need and that nothing
> else is as good.
So? That's a) no crap and b) something completely different from what
you wrote above.
> Time and time again, and again, they've made that assertion.
If you had taken a closer look at various personal firewalls, and seen
how crappy their design and/or implementation is, you'd understand why.
> Time and time again they are wrong - XP SP2 firewall, by default, on
> most home users computers, has file/printer sharing exceptions, has
> AOL exceptions, has IM exceptions, etc...
The only exception the Windows-Firewall has enabled by default is the
one for Remote Support. Why don't you get a clue before making
unsubstantiated claims that everyone can prove wrong by simply making a
default install of XP and taking a look at the firewall config?
And when someone installs an instant messenger he usually wants it
operational, so the installer SHOULD (be able to) open the ports
required for it to work properly. No surprise here.
> Those same holes are not there by default on a ZAP installation, and
> it's a long more evident when they are created.
You mean because ZA implements rootkit functionality (kernel hooks in
particular) as to prevent the system administrator from doing certain
things? You *do* realize that this is an attempt at effectively making
the administrator a non-administrator (as I said above), don't you?
However, up to now nobody has been able to explain to me why limiting
the administrator account with a rootkit is so much more intelligent
than just using a limited user account.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Mon, 19 Mar 2007 13:50:01 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>>
>>> Leythos
>>>> On Sun, 18 Mar 2007 16:05:18 +0100, Volker Birk wrote:
>>>>> Ansgar -59cobalt- Wiechers
>>>>>>> I've seen machines where the users have been compromised many
>>>>>>> times using XP SP2 firewall that switched to ZAP and were not
>>>>>>> compromised again.
>>>>>>
>>>>>> Yeah, right.
>>>>>
>>>>> Are you speculating about "Leythos'" fantasies here, Ansgar? ;-)
>>>>
>>>> It's a shame you two pretend to have experience when almost
>>>> everything you say about firewalls and security is full of so many
>>>> holes and misinformation
>>>
>>> Like what?
>>
>> Pick anything said about XP Sp2 firewall being good....
>
> It's not my job to pick anything when it comes to supporting a claim you
> made. So name something I said that was "full of so many holes and
> misinformation".
Windows XP Sp2 firewall.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Post removed (X-No-Archive: yes)
On Mon, 19 Mar 2007 14:37:15 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 00:57:19 +0000, Ansgar -59cobalt- Wiechers wrote:
>>> Leythos
>>>> On Sun, 18 Mar 2007 16:03:16 +0100, Volker Birk wrote:
>>>>> Beside that all "Leythos" said is nonsense (as usual from him), the
>>>>> best way Microsoft could stop people to work as Administrator would
>>>>> be not to have this as a default.
>>>>
>>>> LOL - Nonsense, yea, that explains why AOL and Yahoo IM and many
>>>> others can punch holes while installing in the XP firewall, but,
>>>> they have to get permission to do it in ZAP.
>>>>
>>>> So, VB, are you stating that NO APPLICATION or MALWARE can make
>>>> adjustments to the Windows XP SP2 firewall when the user is running
>>>> as an administrator without the admin knowing?
>>>
>>> And once again Leythos spectacularly fails to understand that a)
>>> noone ever claimed that, and b) an administrator cannot be prevented
>>> from doing whatever he pleases without restricting his privileges
>>> (which actually makes him a non-administrator).
>>
>> Actually, between VB and SG, anyone following them would be fed the
>> crap about XP SP2 firewall being all that they need and that nothing
>> else is as good.
>
> So? That's a) no crap and b) something completely different from what
> you wrote above.
>
>> Time and time again, and again, they've made that assertion.
>
> If you had taken a closer look at various personal firewalls, and seen
> how crappy their design and/or implementation is, you'd understand why.
>
>> Time and time again they are wrong - XP SP2 firewall, by default, on
>> most home users computers, has file/printer sharing exceptions, has
>> AOL exceptions, has IM exceptions, etc...
>
> The only exception the Windows-Firewall has enabled by default is the
> one for Remote Support. Why don't you get a clue before making
> unsubstantiated claims that everyone can prove wrong by simply making a
> default install of XP and taking a look at the firewall config?
>
> And when someone installs an instant messenger he usually wants it
> operational, so the installer SHOULD (be able to) open the ports
> required for it to work properly. No surprise here.
Then you've not installed XP ever or at least not looked - every XP
Professional SP2 system that I've installed has File/Printer sharing
Exception.
And it still goes back to the simple statement that apps can put
exceptions in the XP SP2 firewall without the user knowing - just look at
AOL Port Magic...
Take any big box machine and look at the exceptions (and I know, those are
there because of the vendor/software and were not installed by XP), but
that more than anything shows the point - there are HOLES in the XP SP2
firewall that users don't see/know about, put there by apps that didn't
alert the user, can be put there by malware without the user approving
them, and that makes it a worthless piece of crap.
>> Those same holes are not there by default on a ZAP installation, and
>> it's a long more evident when they are created.
>
> You mean because ZA implements rootkit functionality (kernel hooks in
> particular) as to prevent the system administrator from doing certain
> things? You *do* realize that this is an attempt at effectively making
> the administrator a non-administrator (as I said above), don't you?
You do realize that you just proved my point - that ZAP DOES provide more
protection than Windows XP SP2 firewall when it comes to opening holes.
> However, up to now nobody has been able to explain to me why limiting
> the administrator account with a rootkit is so much more intelligent
> than just using a limited user account.
This just goes to show your lack of real experience - by default, and you
know this also, the first account on a XP box is an administrator and most
users are running as administrators - if you can't see the need to protect
them from adding holes in the firewall, without possibly breaking the
other apps/hardware/etc... then your not playing in the real world.
So, you've confirmed that apps (any) could and do install holes
(exceptions) in the XP SP2 firewall. You've confirmed that ZAP tries to
protect users running as a local admin from their own apps/mistakes. That
confirms that XP SP2 firewall is all but useless in untrained hands.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Mon, 19 Mar 2007 16:47:35 +0100, Sebastian Gottschalk wrote:
> Ansgar -59cobalt- Wiechers wrote:
>
>>> Actually, between VB and SG, anyone following them would be fed the
>>> crap about XP SP2 firewall being all that they need and that nothing
>>> else is as good.
>
> Thanks for reminding me why I blocked this jerk. Indeed, I'd rather say not
> using any packet filter at all (but disabling unnnecessary services or at
> least patching them in time) is quite better Widows Firewall, and there are
> some good and better alternatives for the clueful users (like Wipfw, Injoy
> Firewall and CHX-I).
>
>> You mean because ZA implements rootkit functionality (kernel hooks in
>> particular) as to prevent the system administrator from doing certain
>> things? You *do* realize that this is an attempt at effectively making
>> the administrator a non-administrator (as I said above), don't you?
>
> Hm... doesn't "attempt" imply at least a little notion of seriousness?
> Better call it a "trial", at best with the attribution "useless". :-)
>
>> However, up to now nobody has been able to explain to me why limiting
>> the administrator account with a rootkit is so much more intelligent
>> than just using a limited user account.
>
> Simple: It seems to works (whereas Joe Average doesn't understand why it
> won't) and it doesn't break so much. Oh, and since you're already hooking
> the functions, you can implement dialogue boxes that ask the malware^W user
> for confirmation.
>
> (After all, security software usually is about economics. Since the user
> can't judge the quality, he will choose for the lowest price, and vendors
> are draining quality.)
And now you confirm what I've said about Win XP Sp2 firewall all along,
that it's useless in the hands of most and ZAP is a better product for
doing that same protection.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Mon, 19 Mar 2007 14:37:15 +0000, Ansgar -59cobalt- Wiechers wrote:
>
>> Leythos
>>> On Mon, 19 Mar 2007 00:57:19 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>> And once again Leythos spectacularly fails to understand that a)
>>>> noone ever claimed that, and b) an administrator cannot be prevented
>>>> from doing whatever he pleases without restricting his privileges
>>>> (which actually makes him a non-administrator).
>>>
>>> Actually, between VB and SG, anyone following them would be fed the
>>> crap about XP SP2 firewall being all that they need and that nothing
>>> else is as good.
>>
>> So? That's a) no crap and b) something completely different from what
>> you wrote above.
>>
>>> Time and time again, and again, they've made that assertion.
>>
>> If you had taken a closer look at various personal firewalls, and seen
>> how crappy their design and/or implementation is, you'd understand why.
>>
>>> Time and time again they are wrong - XP SP2 firewall, by default, on
>>> most home users computers, has file/printer sharing exceptions, has
>>> AOL exceptions, has IM exceptions, etc...
>>
>> The only exception the Windows-Firewall has enabled by default is the
>> one for Remote Support. Why don't you get a clue before making
>> unsubstantiated claims that everyone can prove wrong by simply making a
>> default install of XP and taking a look at the firewall config?
>>
>> And when someone installs an instant messenger he usually wants it
>> operational, so the installer SHOULD (be able to) open the ports
>> required for it to work properly. No surprise here.
>
> Then you've not installed XP ever or at least not looked - every XP
> Professional SP2 system that I've installed has File/Printer sharing
> Exception.
Every XP Pro SP2 I ever installed (for example the one I just had a look
at before posting) has only the Remote Support exception, and nothing
else. Now what?
> And it still goes back to the simple statement that apps can put
> exceptions in the XP SP2 firewall without the user knowing - just look
> at AOL Port Magic...
That was never put into question. And to re-iterate for the
ten-millionth time: you cannot protect a computer from its
administrator.
> Take any big box machine and look at the exceptions (and I know, those
> are there because of the vendor/software and were not installed by
> XP), but that more than anything shows the point - there are HOLES in
> the XP SP2 firewall that users don't see/know about, put there by apps
> that didn't alert the user, can be put there by malware without the
> user approving them, and that makes it a worthless piece of crap.
So basically you're trying to tell me that the Windows-Firewall is at
fault when some idiot vendor changed the default configuration? o_O
Please tell me you're joking.
>>> Those same holes are not there by default on a ZAP installation, and
>>> it's a long more evident when they are created.
>>
>> You mean because ZA implements rootkit functionality (kernel hooks in
>> particular) as to prevent the system administrator from doing certain
>> things? You *do* realize that this is an attempt at effectively
>> making the administrator a non-administrator (as I said above), don't
>> you?
>
> You do realize that you just proved my point - that ZAP DOES provide
> more protection than Windows XP SP2 firewall when it comes to opening
> holes.
Nope. I told you - though I didn't expect you to understand - that ZA is
basically incorporating a rootkit, which is something most people in
their right mind would prefer NOT to have installed on their computer.
It is an attempt to achieve something like LUA without actually using
LUA. Which is of course utterly braindead.
>> However, up to now nobody has been able to explain to me why limiting
>> the administrator account with a rootkit is so much more intelligent
>> than just using a limited user account.
>
> This just goes to show your lack of real experience - by default, and
> you know this also, the first account on a XP box is an administrator
> and most users are running as administrators - if you can't see the
> need to protect them from adding holes in the firewall, without
> possibly breaking the other apps/hardware/etc... then your not playing
> in the real world.
M-hm, I see. Could you now answer the question, please? Why would any
sane person want to install a rootkit rather than create and use a
limited user account?
> So, you've confirmed that apps (any) could and do install holes
> (exceptions) in the XP SP2 firewall.
No. I've confirmed that any user/software with administrative privileges
can add exceptions to the Windows-Firewall. You may show me a single
occurrence where I have claimed anything different.
LUA is the solution to this problem.
> You've confirmed that ZAP tries to protect users running as a local
> admin from their own apps/mistakes.
No. I've confirmed that ZA does an incredibly stupid thing by installing
a rootkit rather than pushing the users towards using LUA.
> That confirms that XP SP2 firewall is all but useless in untrained
> hands.
Not at all, because you conveniently ignore (not that I'm surprised) all
the popups that ZA generates with questions no untrained user could even
dream of answering sensibly.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Leythos
> On Mon, 19 Mar 2007 13:50:01 +0000, Ansgar -59cobalt- Wiechers wrote:
>> Leythos
>>> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>> Leythos
>>>>> It's a shame you two pretend to have experience when almost
>>>>> everything you say about firewalls and security is full of so many
>>>>> holes and misinformation
>>>>
>>>> Like what?
>>>
>>> Pick anything said about XP Sp2 firewall being good....
>>
>> It's not my job to pick anything when it comes to supporting a claim
>> you made. So name something I said that was "full of so many holes
>> and misinformation".
>
> Windows XP Sp2 firewall.
Right. I'll take that as an "I don't really have anything to support the
claim I made so loudmouthedly", then.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Mon, 19 Mar 2007 16:50:00 +0000, Ansgar -59cobalt- Wiechers wrote:
>>
>> You've confirmed that ZAP tries to protect users running as a local
>> admin from their own apps/mistakes.
>
> No. I've confirmed that ZA does an incredibly stupid thing by installing
> a rootkit rather than pushing the users towards using LUA.
No, you've complained that ZA does something you don't like, but you also
claim that the function you complain about DOES protect users. You can
keep complaining, but, by your own words, it works as intended.
People that know what a RK is are also smart enough to not need ZA.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Mon, 19 Mar 2007 16:52:43 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 13:50:01 +0000, Ansgar -59cobalt- Wiechers wrote:
>>> Leythos
>>>> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>> Leythos
>>>>>> It's a shame you two pretend to have experience when almost
>>>>>> everything you say about firewalls and security is full of so many
>>>>>> holes and misinformation
>>>>>
>>>>> Like what?
>>>>
>>>> Pick anything said about XP Sp2 firewall being good....
>>>
>>> It's not my job to pick anything when it comes to supporting a claim
>>> you made. So name something I said that was "full of so many holes
>>> and misinformation".
>>
>> Windows XP Sp2 firewall.
>
> Right. I'll take that as an "I don't really have anything to support the
> claim I made so loudmouthedly", then.
Yes, you don't have anything to support your claims that Windows XP SP2
firewall is a good firewall.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Mon, 19 Mar 2007 16:50:00 +0000, Ansgar -59cobalt- Wiechers wrote:
>>> You've confirmed that ZAP tries to protect users running as a local
>>> admin from their own apps/mistakes.
>>
>> No. I've confirmed that ZA does an incredibly stupid thing by
>> installing a rootkit rather than pushing the users towards using LUA.
>
> No, you've complained that ZA does something you don't like, but you
> also claim that the function you complain about DOES protect users.
Nope. I said it is a (plain stupid) ATTEMPT to protect admin users from
themselves. But even though it MIGHT protect users there may still be
ways for someone with administrative privileges to bypass even kernel
hooks, so it just as well MIGHT NOT protect users with admin accounts.
> You can keep complaining, but, by your own words, it works as
> intended.
Neither did I say, nor did I intend to say anything like that. And you
still haven't answered my question why any sane person would prefer a
rootkit over LUA.
> People that know what a RK is are also smart enough to not need ZA.
You seem to imply that rootkits are okay as long as people don't know
what they are. You're wrong.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Leythos
> On Mon, 19 Mar 2007 16:52:43 +0000, Ansgar -59cobalt- Wiechers wrote:
>> Leythos
>>> On Mon, 19 Mar 2007 13:50:01 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>> Leythos
>>>>> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>>> Leythos
>>>>>>> It's a shame you two pretend to have experience when almost
>>>>>>> everything you say about firewalls and security is full of so
>>>>>>> many holes and misinformation
>>>>>>
>>>>>> Like what?
>>>>>
>>>>> Pick anything said about XP Sp2 firewall being good....
>>>>
>>>> It's not my job to pick anything when it comes to supporting a
>>>> claim you made. So name something I said that was "full of so many
>>>> holes and misinformation".
>>>
>>> Windows XP Sp2 firewall.
>>
>> Right. I'll take that as an "I don't really have anything to support
>> the claim I made so loudmouthedly", then.
>
> Yes, you don't have anything to support your claims that Windows XP
> SP2 firewall is a good firewall.
*yawn*
Tell me when you're done proving yourself an idiot.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Mon, 19 Mar 2007 17:41:51 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 16:50:00 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>> You've confirmed that ZAP tries to protect users running as a local
>>>> admin from their own apps/mistakes.
>>>
>>> No. I've confirmed that ZA does an incredibly stupid thing by
>>> installing a rootkit rather than pushing the users towards using LUA.
>>
>> No, you've complained that ZA does something you don't like, but you
>> also claim that the function you complain about DOES protect users.
>
> Nope. I said it is a (plain stupid) ATTEMPT to protect admin users from
> themselves. But even though it MIGHT protect users there may still be
> ways for someone with administrative privileges to bypass even kernel
> hooks, so it just as well MIGHT NOT protect users with admin accounts.
So, it's an attempt, that does work in many cases, to protect the default
user from stupid mistakes - you've said it again. That makes it a LOT
better than the Windows XP SP2 firewall, which makes NO attempt to protect
the user from their or malwares actions.
>> You can keep complaining, but, by your own words, it works as
>> intended.
>
> Neither did I say, nor did I intend to say anything like that. And you
> still haven't answered my question why any sane person would prefer a
> rootkit over LUA.
But you've stated why this example is GOOD, not bad, and why it works
better than Windows XP SP2 firewall.
>> People that know what a RK is are also smart enough to not need ZA.
>
> You seem to imply that rootkits are okay as long as people don't know
> what they are. You're wrong.
If you are installing a Firewall application you are allowing that
application some control over your machine - if you know it has a RK then
you have no problems with it.
I would rather have a PFW solution that has some hope of protection over
one that has no hope of protection. What part of that doesn't make sense
to you?
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Mon, 19 Mar 2007 17:45:55 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 16:52:43 +0000, Ansgar -59cobalt- Wiechers wrote:
>>> Leythos
>>>> On Mon, 19 Mar 2007 13:50:01 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>> Leythos
>>>>>> On Mon, 19 Mar 2007 00:48:29 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>>>> Leythos
>>>>>>>> It's a shame you two pretend to have experience when almost
>>>>>>>> everything you say about firewalls and security is full of so
>>>>>>>> many holes and misinformation
>>>>>>>
>>>>>>> Like what?
>>>>>>
>>>>>> Pick anything said about XP Sp2 firewall being good....
>>>>>
>>>>> It's not my job to pick anything when it comes to supporting a
>>>>> claim you made. So name something I said that was "full of so many
>>>>> holes and misinformation".
>>>>
>>>> Windows XP Sp2 firewall.
>>>
>>> Right. I'll take that as an "I don't really have anything to support
>>> the claim I made so loudmouthedly", then.
>>
>> Yes, you don't have anything to support your claims that Windows XP
>> SP2 firewall is a good firewall.
>
> *yawn*
>
> Tell me when you're done proving yourself an idiot.
I'm done when you stop claiming that Windows XP Sp2 firewall is a good
product and nothing is better at protecting users. In fact, I'm done when
you stop contradicting yourself.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Mon, 19 Mar 2007 17:41:51 +0000, Ansgar -59cobalt- Wiechers wrote:
>
>> Leythos
>>> On Mon, 19 Mar 2007 16:50:00 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>> You've confirmed that ZAP tries to protect users running as a
>>>>> local admin from their own apps/mistakes.
>>>>
>>>> No. I've confirmed that ZA does an incredibly stupid thing by
>>>> installing a rootkit rather than pushing the users towards using
>>>> LUA.
>>>
>>> No, you've complained that ZA does something you don't like, but you
>>> also claim that the function you complain about DOES protect users.
>>
>> Nope. I said it is a (plain stupid) ATTEMPT to protect admin users
>> from themselves. But even though it MIGHT protect users there may
>> still be ways for someone with administrative privileges to bypass
>> even kernel hooks, so it just as well MIGHT NOT protect users with
>> admin accounts.
>
> So, it's an attempt, that does work in many cases, to protect the
> default user from stupid mistakes - you've said it again.
Yes. But unlike yourself I am also taking the (grave) downsides into
consideration:
a) Any rootkit weakens the administrator's control over the system,
which is a REALLY BAD THING(tm).
b) How is the user supposed to distignuish between a "good" and a "bad"
rootkit?
> That makes it a LOT better than the Windows XP SP2 firewall, which
> makes NO attempt to protect the user from their or malwares actions.
Not at all, because the correct and sensible way to protect the user is
to have him use a limited user account and leave the administrative
account for administrative tasks.
>>> You can keep complaining, but, by your own words, it works as
>>> intended.
>>
>> Neither did I say, nor did I intend to say anything like that. And
>> you still haven't answered my question why any sane person would
>> prefer a rootkit over LUA.
>
> But you've stated why this example is GOOD, not bad, and why it works
> better than Windows XP SP2 firewall.
No, despite your persistent attempts to twist my words I did not state
anything like that. And that's your third strike.
The (very simple) answer to my question is: there is no reason at all
why a sane person would prefer a rootkit over using a limited user
account.
>>> People that know what a RK is are also smart enough to not need ZA.
>>
>> You seem to imply that rootkits are okay as long as people don't know
>> what they are. You're wrong.
>
> If you are installing a Firewall application you are allowing that
> application some control over your machine -
Right.
> if you know it has a RK then you have no problems with it.
Wrong, because a rootkit is not aimed at exerting control over the
machine, but over administrative users. That is a no-go.
> I would rather have a PFW solution that has some hope of protection
> over one that has no hope of protection. What part of that doesn't
> make sense to you?
The part where you keep ignoring LUA.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Mon, 19 Mar 2007 19:45:07 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 17:41:51 +0000, Ansgar -59cobalt- Wiechers wrote:
>>
>>> Leythos
>>>> On Mon, 19 Mar 2007 16:50:00 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>>> You've confirmed that ZAP tries to protect users running as a
>>>>>> local admin from their own apps/mistakes.
>>>>>
>>>>> No. I've confirmed that ZA does an incredibly stupid thing by
>>>>> installing a rootkit rather than pushing the users towards using
>>>>> LUA.
>>>>
>>>> No, you've complained that ZA does something you don't like, but you
>>>> also claim that the function you complain about DOES protect users.
>>>
>>> Nope. I said it is a (plain stupid) ATTEMPT to protect admin users
>>> from themselves. But even though it MIGHT protect users there may
>>> still be ways for someone with administrative privileges to bypass
>>> even kernel hooks, so it just as well MIGHT NOT protect users with
>>> admin accounts.
>>
>> So, it's an attempt, that does work in many cases, to protect the
>> default user from stupid mistakes - you've said it again.
>
> Yes. But unlike yourself I am also taking the (grave) downsides into
> consideration:
>
> a) Any rootkit weakens the administrator's control over the system,
> which is a REALLY BAD THING(tm).
> b) How is the user supposed to distignuish between a "good" and a "bad"
> rootkit?
>
>> That makes it a LOT better than the Windows XP SP2 firewall, which
>> makes NO attempt to protect the user from their or malwares actions.
>
> Not at all, because the correct and sensible way to protect the user is
> to have him use a limited user account and leave the administrative
> account for administrative tasks.
>
>>>> You can keep complaining, but, by your own words, it works as
>>>> intended.
>>>
>>> Neither did I say, nor did I intend to say anything like that. And
>>> you still haven't answered my question why any sane person would
>>> prefer a rootkit over LUA.
>>
>> But you've stated why this example is GOOD, not bad, and why it works
>> better than Windows XP SP2 firewall.
>
> No, despite your persistent attempts to twist my words I did not state
> anything like that. And that's your third strike.
>
> The (very simple) answer to my question is: there is no reason at all
> why a sane person would prefer a rootkit over using a limited user
> account.
>
>>>> People that know what a RK is are also smart enough to not need ZA.
>>>
>>> You seem to imply that rootkits are okay as long as people don't know
>>> what they are. You're wrong.
>>
>> If you are installing a Firewall application you are allowing that
>> application some control over your machine -
>
> Right.
>
>> if you know it has a RK then you have no problems with it.
>
> Wrong, because a rootkit is not aimed at exerting control over the
> machine, but over administrative users. That is a no-go.
>
>> I would rather have a PFW solution that has some hope of protection
>> over one that has no hope of protection. What part of that doesn't
>> make sense to you?
>
> The part where you keep ignoring LUA.
I've not ignored anything, I've taken into account the REAL world of
people and ignorance, which accounts for the vast majority of computer
users.
A root-kit is not bad unless it's being used to do something bad - and
since it's part of the "protection" scheme, I can't see it being bad.
Calling a root-kit bad is like calling Halon bad - in one way it protects
you, in another it may be bad for you, it's all in how YOU use it.
It would be nice if we could say that all root-kit technology is bad, but,
as you've mentioned it in ZA/ZAP as protecting the user from themselves,
you've not show how that is bad.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> A root-kit is not bad unless it's being used to do something bad - and
> since it's part of the "protection" scheme, I can't see it being bad.
This may come as a shock to you, but yes, EVERY rootkit IS bad. As Mark
Russinovich has put it so nicely:
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
cu
59cobalt
--
"If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology."
--Bruce Schneier
Leythos wrote:
> Windows XP SP2 fireall is the last resort - it has one serious flaw - if
> you run as a local administrator, and most people do, it allows programs
> and services to create holes (exceptions) in it. Also, if you normally
> share files/printers, it will default to allowing File/Printer sharing,
> which also greatly exposes you.
No other firewall is different. If you are administrator you can change
the settings of any firewall running on your system. No firewall running
on the computer can prevent that. Thus, if a program wants to open a
port it can do so if it is running as administrator. Maybe the installer
of the program does not care about opening the port on a 3rd party
firewall but still it could do so. It is usually not necessary anyway
because people running personal firewalls tend to turn off the whole
firewall whenever there is a networking issue, anyway.
Moreover, the firewall does not "default" to allow file sharing. The
default is to block sharing. However, if you want to share files and run
the file sharing wizard the necessary ports are opened. This is very
reasonable as it helps people to achieve what they want to achieve:
share files in their network. With other personal firewalls people have
a much harder time to figure out how to get it working. Many file
sharing problems are due to 3rd party firewalls.
Gerald
On Mon, 19 Mar 2007 23:27:51 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> A root-kit is not bad unless it's being used to do something bad - and
>> since it's part of the "protection" scheme, I can't see it being bad.
>
> This may come as a shock to you, but yes, EVERY rootkit IS bad. As Mark
> Russinovich has put it so nicely:
>
> "If a software developer ever believes a rootkit is a necessary part of
> their architecture they should go back and re-architect their solution."
This may come as a shock to you, but, not everything is bad just because
you or others think it's bad.
You've already said that the RK used in ZA is designed to protect the user
from themselves, but you've not show how the RK in ZA is bad.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Tue, 20 Mar 2007 16:17:18 +0900, Gerald Vogt wrote:
> Leythos wrote:
>> Windows XP SP2 fireall is the last resort - it has one serious flaw - if
>> you run as a local administrator, and most people do, it allows programs
>> and services to create holes (exceptions) in it. Also, if you normally
>> share files/printers, it will default to allowing File/Printer sharing,
>> which also greatly exposes you.
>
> No other firewall is different. If you are administrator you can change
> the settings of any firewall running on your system. No firewall running
> on the computer can prevent that. Thus, if a program wants to open a
> port it can do so if it is running as administrator. Maybe the installer
> of the program does not care about opening the port on a 3rd party
> firewall but still it could do so. It is usually not necessary anyway
> because people running personal firewalls tend to turn off the whole
> firewall whenever there is a networking issue, anyway.
>
> Moreover, the firewall does not "default" to allow file sharing. The
> default is to block sharing. However, if you want to share files and run
> the file sharing wizard the necessary ports are opened. This is very
> reasonable as it helps people to achieve what they want to achieve:
> share files in their network. With other personal firewalls people have
> a much harder time to figure out how to get it working. Many file
> sharing problems are due to 3rd party firewalls.
But you seem to have little experience with other firewalls - as most
NON XP SP2 firewalls will alert/ask the user for permission to create the
rule. Win XP SP2 doesn't alert you, it just blindly lets it happen.
How is it that you guys miss the holes in XP Sp2 firewall while missing
that anything that makes it harder to put holes in a firewall is good?
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Mon, 19 Mar 2007 23:27:51 +0000, Ansgar -59cobalt- Wiechers wrote:
>> Leythos
>>> A root-kit is not bad unless it's being used to do something bad -
>>> and since it's part of the "protection" scheme, I can't see it being
>>> bad.
>>
>> This may come as a shock to you, but yes, EVERY rootkit IS bad. As
>> Mark Russinovich has put it so nicely:
>>
>> "If a software developer ever believes a rootkit is a necessary part
>> of their architecture they should go back and re-architect their
>> solution."
>
> This may come as a shock to you, but, not everything is bad just
> because you or others think it's bad.
Yeah, what does Mark Russinovich know about computers, Windows, or
security, after all... Right.
> You've already said that the RK used in ZA is designed to protect the
> user from themselves,
No. I said it's a misguided attempt at protecting the users from
themselves.
> but you've not show how the RK in ZA is bad.
I did explain it, but since you are either reluctant or incapable to
understand the reason I won't waste any more time on you.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Post removed (X-No-Archive: yes)
On Tue, 20 Mar 2007 13:41:10 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Mon, 19 Mar 2007 23:27:51 +0000, Ansgar -59cobalt- Wiechers wrote:
>>> Leythos
>>>> A root-kit is not bad unless it's being used to do something bad -
>>>> and since it's part of the "protection" scheme, I can't see it being
>>>> bad.
>>>
>>> This may come as a shock to you, but yes, EVERY rootkit IS bad. As
>>> Mark Russinovich has put it so nicely:
>>>
>>> "If a software developer ever believes a rootkit is a necessary part
>>> of their architecture they should go back and re-architect their
>>> solution."
>>
>> This may come as a shock to you, but, not everything is bad just
>> because you or others think it's bad.
>
> Yeah, what does Mark Russinovich know about computers, Windows, or
> security, after all... Right.
And so you blindly follow, without question, and you just assume that
everything is always right...
>
>> You've already said that the RK used in ZA is designed to protect the
>> user from themselves,
>
> No. I said it's a misguided attempt at protecting the users from
> themselves.
>
>> but you've not show how the RK in ZA is bad.
>
> I did explain it, but since you are either reluctant or incapable to
> understand the reason I won't waste any more time on you.
That's exactly how I thought you would end it - instead of showing why the
method is actually bad, since you can't, you just rattle off nonsense and
hope that people with just blindly follow.
You have only shown that the idea behind RK's is bad, not that all RK's
are bad, and you've not shown how the one used by ZA is bad at all.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos wrote:
> But you seem to have little experience with other firewalls - as most
> NON XP SP2 firewalls will alert/ask the user for permission to create the
> rule. Win XP SP2 doesn't alert you, it just blindly lets it happen.
This is incorrect. The Windows XP SP2 firewall gets automatically
configured while you run the sharing wizard to enable file sharing. The
firewall ports will be closed again if you shut down sharing completely.
Moreover, if you have a closer look that the wizard you will notice
that it mentions the configuration of the firewall as part of the
process. Thus, there is nothing blindly happening.
And again: 3rd party firewalls can also be configured in the process of
some software installation. When this is done the user is not asked
either. If it does not happen during installation the user will be asked
regardless if it is the XP firewall or a different one...
> How is it that you guys miss the holes in XP Sp2 firewall while missing
> that anything that makes it harder to put holes in a firewall is good?
You miss the holes in any firewall if a software running as
administrator reconfigures the firewall to open a port. But most 3rd
party firewalls allow the user to open ports and to grant access to
programs while with the XP firewall this is only possible to the
administrator.
Gerald
On Tue, 20 Mar 2007 14:33:51 +0000, B. Nice wrote:
> On Tue, 20 Mar 2007 07:06:05 -0500, Leythos
>
>>How is it that you guys miss the holes in XP Sp2 firewall while missing
>>that anything that makes it harder to put holes in a firewall is good?
>
> I see two fundamentally different viewpoints or ways of thinking here.
>
> The XP SP2 firewall approach builds on the idea that an admin is
> supposed to know what he is doing.
>
> The ZA firewall approach builds on the idea that since in real life
> most windows users are in fact running as admins it makes sense to put
> some kind of further control in place in order to protect the admin
> from himself.
I agree so far.
> So
>
> Is it fair to assume that an admin is supposed to know what he is
> doing? - I think so.
No, as most users of Windows computers don't know there is an Admin or
Limited account.
> Is it true that most windows users are running as admins? - Sure.
Yes, and those are the people that need protection in most all cases.
> Is it fair to assume that most users running as admins don't know what
> they are doing? - I think so.
Yep, we agree.
> So the root cause seems to be the fact that users are running as
> admins. Therefore also this is what needs to change.
And the problem is that many applications under Windows won't run as a
limited user, websites can't install their active-x as a limited user,
etc... Even QuickBooks won't run as a limited user without additional
setup beyond the scope of the type of users we talking about.
So, while we all agree that the root cause is ignorance and running as
Admins, what we need to change is way more than just people running as
admins.
1) ZA and others protect the ignorant and Admins far better than Windows
XP SP2 firewall.
2) Program developers need to write code that runs well, without
changes/hacks for limited user level accounts.
3) Websites need to be coded to NOT use active-x.
Until the time we can force the above 3 items, and until people stop using
Admin level by default, applications like ZA and others will provide more
protection than XP SP2 firewall does.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> There is no way that the XP O/S or the XP FW knew the intent of that
> application good or bad as a client or server.
Yes, because this is not possible.
> And yet rules were set
> for the applications to punch through the FW. You name another PFW that
> allows this kind of rule setting, which is ridiculous.
All "Personal Firewalls" I know are completely ridiculous.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> At most, the application would say that an unauthorized program was
> trying to access the Internet, that you the user didn't approve. I am
> not a proponent of Application Control in PFW(s) but at least ask me.
This is ridiculous.
I personally know which programs I have on my computer. So I don't need
to be asked by one of those programs about others. I'm just configuring
them all.
With a typical home user, this may be different. But she/he will not be
able to answer such questions correctly.
So already the basic idea of "application control" is completely
nonsense.
> If I don't want to be asked, then I'll disable it. But don't *you* the
> PFW start making rules, because I installed an application on the computer.
If you don't know what you're doing, try to see yourself as home user.
Maybe it's better for you to buy a Macintosh and let Apple do the job,
if Windows is too complicated for you.
> And MS and its PFW somehow knows the intent and knows the correct
> decision to make?
No. And because of this, Windows-Firewall is behaving like designed and
documented.
> PFW, will you please prompt someone about
> what you're about to do?
Why?
You just don't understand, that when you're configuring a program as
network listener, it's a good idea not to filter that away again. Or
just don't configure this.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Sebastian Gottschalk
> > (try to open a SYSTEM shell on Vista)
> That's easy. The 'AT' command still does the job
I only had some few minutes with Vista yet, so I just tried this one.
You're not right.
> implicit trick was made explicit in Windows Server 2003 and continued as
> such.
What do you talking about?
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Post removed (X-No-Archive: yes)
Sebastian Gottschalk
> In Windows 2000 SP3 and Windows XP SP1 it was common to use the
> 'AT' utility to spawn a SYSTEM shell.
Yes. It's common since Windows NT 3.1.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>At most, the application would say that an unauthorized program was
>>trying to access the Internet, that you the user didn't approve. I am
>>not a proponent of Application Control in PFW(s) but at least ask me.
>
>
> This is ridiculous.
>
> I personally know which programs I have on my computer. So I don't need
> to be asked by one of those programs about others. I'm just configuring
> them all.
So do I. I know what's running on my machines both MS and Linux, which
are setting behind a Watchguard running no PFW/personal packet filters
on the MS platforms or host based FW on Linux platform. I do have one
running on the laptop when it's not on my network, otherwise, it's disabled.
>
> With a typical home user, this may be different. But she/he will not be
> able to answer such questions correctly.
Yeah, I agree.
>
> So already the basic idea of "application control" is completely
> nonsense.
You tell it to someone that doesn't know. But the fact is that at least
some kind or warning flag is raised to them. While in the meantime, the
XP FW is doing nothing.
>
>
>>If I don't want to be asked, then I'll disable it. But don't *you* the
>>PFW start making rules, because I installed an application on the computer.
>
>
> If you don't know what you're doing, try to see yourself as home user.
> Maybe it's better for you to buy a Macintosh and let Apple do the job,
> if Windows is too complicated for you.
Well it's not a problem for me, period. I have been in the IT field
since 1971 and coming to this NG since 2000. I absolutely know what's
happening, believe it.
>
>
>>And MS and its PFW somehow knows the intent and knows the correct
>>decision to make?
>
>
> No. And because of this, Windows-Firewall is behaving like designed and
> documented.
A designed and documented program doesn't mean a thing, when the over
all design concepts of the XP FW as a program/PFW doesn't fit the bill
in some areas.
>
>
>>PFW, will you please prompt someone about
>>what you're about to do?
>
>
> Why?
That's because the buck stops with me and not the PFW or XP's FW.
I make the decisions as to what is going to happen on my machines,
period. For those that do know what they are doing, that's not a
problem. You prompt me PFW and if I don't want it to happen, then PFW
don't you do it. If I want it to happen, then I'll let you do it PFW, if
I have that feature enabled.
If someone doesn't know what's happening, then they don't know prompt or
no prompt, period. But again, don't you PFW start doing something in
setting rules that I don't know about. I want to be informed about what
you're doing or have a chance of being informed, if that's enabled.
The XP FW has none of it, period. And again, the buck stops with me not
the XP FW, if I happen to be using it.
>
> You just don't understand, that when you're configuring a program as
> network listener, it's a good idea not to filter that away again. Or
> just don't configure this.
>
Oh, I more than understand and you can count on it.
BTW, the one PFW/personal packet filter I do use, which is on my laptop
and is enabled when it's not on my network, has Application Control
disabled, because I absolutely know how to go and look for myself as to
what's running on them and happening with my machines, with the proper
tools.
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>There is no way that the XP O/S or the XP FW knew the intent of that
>>application good or bad as a client or server.
>
>
> Yes, because this is not possible.
You think I don't know this, since I was the one who mentioned it.
>
>
>>And yet rules were set
>>for the applications to punch through the FW. You name another PFW that
>>allows this kind of rule setting, which is ridiculous.
>
>
> All "Personal Firewalls" I know are completely ridiculous.
>
That also includes the XP FW.
Post removed (X-No-Archive: yes)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> > So already the basic idea of "application control" is completely
> > nonsense.
> You tell it to someone that doesn't know. But the fact is that at least
> some kind or warning flag is raised to them. While in the meantime, the
> XP FW is doing nothing.
It's worse, unfortunately: the home user is being asked, if he want's to
lose protection, and in a way, that he doesn't understand: when the
"Personal Firewall" is asking for online software updates, "No" means
losing protection, when the "Personal Firewall" is asking for a network
service, "Yes" means losing protection.
The home user cannot decide this, but she/he is forced to decide => wrong
decision => losing protection.
Fortunately, the Windows-Firewall is not harming the home user that way.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> > All "Personal Firewalls" I know are completely ridiculous.
> That also includes the XP FW.
I'd not call the Windows-Firewall a "Personal Firewall". It's just a
host based packet filter, unfortenately necessary, because of the design
flaw in Windows to offer network services as a default.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>>So already the basic idea of "application control" is completely
>>>nonsense.
>>
>>You tell it to someone that doesn't know. But the fact is that at least
>>some kind or warning flag is raised to them.
>
>
> If the malware adds itself to the list of trusted applications in a PFW,
> where exactly is the warning flag?
So what? That's a know issue, but it's better than nothing at all, which
the XP FW has none of it.
>
>
>>While in the meantime, the XP FW is doing nothing.
>
>
> Since you can't do anything meaningful, it's rather reasonable to not waste
> code (and therefore complexity) on useless trials.
That's just your opinion and it's a dime a dozen.
>
>
>>>>And MS and its PFW somehow knows the intent and knows the correct
>>>>decision to make?
>>>
>>>No. And because of this, Windows-Firewall is behaving like designed and
>>>documented.
>>
>>A designed and documented program doesn't mean a thing, when the over
>>all design concepts of the XP FW as a program/PFW doesn't fit the bill
>>in some areas.
>
>
> Since the contrary can't find any such bill at all, where exactly is the
> problem?
That the XP FW has missed the boat is the problem. It's my view point of
it and not yours. And I have considered what you have said above to be
nonsense.
>
>
>>If someone doesn't know what's happening, then they don't know prompt or
>>no prompt, period. But again, don't you PFW start doing something in
>>setting rules that I don't know about. I want to be informed about what
>>you're doing or have a chance of being informed, if that's enabled.
>>
>>The XP FW has none of it, period.
>
>
> Wrong again. It writes everything to a log file and sends notification to
> the policy manager as well as the IpHelper-API.
But it's not in the user's face. Hell most users that are using the XP
FW don't know about it and don't have a clue about it. Hell, they don't
even know how to harden the XP O/S to attack, go look at the event logs
or anything else for that matter.
>
>
>>BTW, the one PFW/personal packet filter I do use, which is on my laptop
>>and is enabled when it's not on my network, has Application Control
>>disabled, because I absolutely know how to go and look for myself as to
>>what's running on them and happening with my machines, with the proper
>>tools.
>
>
> We already had the discussion of disabled vs. deactivated. You're sure that
> all the hooks are removed and the associated code is not loaded?
What has this have to do with anything? What does this have to do with
unknown applications/programs running on my machines, which the point is
I don't need application control?
I'll tell you it's more nonsense talk from you that doesn't apply to
anything.
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>>So already the basic idea of "application control" is completely
>>>nonsense.
>>
>>You tell it to someone that doesn't know. But the fact is that at least
>>some kind or warning flag is raised to them. While in the meantime, the
>>XP FW is doing nothing.
>
>
> It's worse, unfortunately: the home user is being asked, if he want's to
> lose protection, and in a way, that he doesn't understand: when the
> "Personal Firewall" is asking for online software updates, "No" means
> losing protection, when the "Personal Firewall" is asking for a network
> service, "Yes" means losing protection.
I am going to have to say this. That's your opinion and you are entitled
to it, and you're just one man.
>
> The home user cannot decide this, but she/he is forced to decide => wrong
> decision => losing protection.
If they know what they are doing then they know, if they don't they
don't and there are no in-betweens.
>
> Fortunately, the Windows-Firewall is not harming the home user that way.
And XP FW is not providing the protection either, like the rest of them.
It's no better than the rest of them, but that's just my opinion.
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>>All "Personal Firewalls" I know are completely ridiculous.
>>
>>That also includes the XP FW.
>
>
> I'd not call the Windows-Firewall a "Personal Firewall". It's just a
> host based packet filter, unfortenately necessary, because of the design
> flaw in Windows to offer network services as a default.
>
I don't think I said that. All I referenced was the XP FW is just as
ridiculous as the rest of them, but again, that's just my opinion.
Mr. Arnold wrote:
>> If the malware adds itself to the list of trusted applications in a PFW,
>> where exactly is the warning flag?
>
> So what? That's a know issue, but it's better than nothing at all, which
> the XP FW has none of it.
If the malware configures the port in the XP FW then there won't be a
warning. If it does not, there will be a warning and if the user is
running as limited user at that time he is not even able to open the port.
If the malware configures the port in the PFW then there won't be a
warning. If it does not, there will be a warning and very often even a
limited user has the opportunity to let the malware open the port.
> But it's not in the user's face. Hell most users that are using the XP
> FW don't know about it and don't have a clue about it. Hell, they don't
> even know how to harden the XP O/S to attack, go look at the event logs
> or anything else for that matter.
And they still don't know when they are running a PFW. On the contrary:
once they have the PFW running they think they don't have to worry about
security anymore because the PFW is doing everything possible to protect
the computer... Leaving the user clueless...
Gerald
Gerald Vogt wrote:
> Mr. Arnold wrote:
>
>>> If the malware adds itself to the list of trusted applications in a PFW,
>>> where exactly is the warning flag?
>>
>>
>> So what? That's a know issue, but it's better than nothing at all,
>> which the XP FW has none of it.
>
>
> If the malware configures the port in the XP FW then there won't be a
> warning. If it does not, there will be a warning and if the user is
> running as limited user at that time he is not even able to open the port.
Well, 99% of them are not running as limited user and those are the facts.
>
> If the malware configures the port in the PFW then there won't be a
> warning. If it does not, there will be a warning and very often even a
> limited user has the opportunity to let the malware open the port.
That's with any host based software FW/packet filter that malware can
configure a port period.
What is your point?
>
>> But it's not in the user's face. Hell most users that are using the XP
>> FW don't know about it and don't have a clue about it. Hell, they
>> don't even know how to harden the XP O/S to attack, go look at the
>> event logs or anything else for that matter.
>
>
> And they still don't know when they are running a PFW. On the contrary:
> once they have the PFW running they think they don't have to worry about
> security anymore because the PFW is doing everything possible to protect
> the computer... Leaving the user clueless...
It's not my problem. If one knows what he or she is doing then they know
if they don't they then they don't, there are no in-betweens. You
preach to them about it, not me.
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>>If the malware adds itself to the list of trusted applications in a PFW,
>>>where exactly is the warning flag?
>>
>>So what? That's a know issue, but it's better than nothing at all,
>
>
> If it doesn't work as intended, it's not any different from nothing at all.
> Actually it's quite worse, since it adds unnecessary complexity.
Who are you talking to about this? It's just your opinion.
>
>
>>>>While in the meantime, the XP FW is doing nothing.
>>>
>>>Since you can't do anything meaningful, it's rather reasonable to not waste
>>>code (and therefore complexity) on useless trials.
>>
>>That's just your opinion and it's a dime a dozen.
>
>
> It's a trivial thing to about anyone who has a reasonable understanding of
> security. Actually it's simple logic.
Again who are you talking to? I consider this nonsense.
>
>
>>>>A designed and documented program doesn't mean a thing, when the over
>>>>all design concepts of the XP FW as a program/PFW doesn't fit the bill
>>>>in some areas.
>>>
>>>Since the contrary can't find any such bill at all, where exactly is the
>>>problem?
>>
>>That the XP FW has missed the boat is the problem.
>
>
> Since it didn't even intend to do so, where exactly is your problem? Apples
> also totally fail on being bananas.
It's drivel from you. Again, you haven't proved anything here is the
bottom line, and it's just more nonsense talking out of you.
>
>
>>>Wrong again. It writes everything to a log file and sends notification to
>>>the policy manager as well as the IpHelper-API.
>>
>>But it's not in the user's face.
>
>
> But the apple is not a banana!
It's more nonsense out of you again
>
>
>>Hell most users that are using the XP
>>FW don't know about it and don't have a clue about it.
>
>
> Seems like it works as intended.
Working as intended and being effective are two different things.
>
>
>>Hell, they don't
>>even know how to harden the XP O/S to attack, go look at the event logs
>>or anything else for that matter.
>
>
> Seems like it works as intended.
Again, this is more drivel and nonsense from you.
>
>
>>>>BTW, the one PFW/personal packet filter I do use, which is on my laptop
>>>>and is enabled when it's not on my network, has Application Control
>>>>disabled, because I absolutely know how to go and look for myself as to
>>>>what's running on them and happening with my machines, with the proper
>>>>tools.
>>>
>>>We already had the discussion of disabled vs. deactivated. You're sure that
>>>all the hooks are removed and the associated code is not loaded?
>>
>>What has this have to do with anything?
>
>
> Simple: If it's actually still running, it's still vulnerable to attacks
> and random errors - thus, makes things worse.
It's more nonsense from you
I don't have a problem with it.
Now what?
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>I don't think I said that. All I referenced was the XP FW is just as
>>ridiculous as the rest of them, but again, that's just my opinion.
>
>
> Your opinion as itself is rather worthless in any discussion. You should be
> able to back it up with facts and conclusions.
I think you should be able to do the same. And I do consider you to be
of no help to anyone and totally worthless 99% of the time, providing
nothing but lip service.
Post removed (X-No-Archive: yes)
On Thu, 22 Mar 2007 13:16:05 +0000, B. Nice wrote:
> On Wed, 21 Mar 2007 13:47:21 -0500, Leythos
>
>>I agree so far.
>>
>>> So
>>>
>>> Is it fair to assume that an admin is supposed to know what he is
>>> doing? - I think so.
>>
>>No, as most users of Windows computers don't know there is an Admin or
>>Limited account.
>
> And therefore IMHO this is what should be taught. Every time they are
> taught to protect themselves with a PFW instead of being told about
> user accounts and about how computer administration is supposed to
> work, the process is delayed.
>
>>> Is it true that most windows users are running as admins? - Sure.
>>
>>Yes, and those are the people that need protection in most all cases.
>
> Sure. But I believe a restricted user account is the preferred
> solution to that problem.
>
>>> Is it fair to assume that most users running as admins don't know what
>>> they are doing? - I think so.
>>
>>Yep, we agree.
>>
>>> So the root cause seems to be the fact that users are running as
>>> admins. Therefore also this is what needs to change.
>>
>>And the problem is that many applications under Windows won't run as a
>>limited user, websites can't install their active-x as a limited user,
>>etc... Even QuickBooks won't run as a limited user without additional
>>setup beyond the scope of the type of users we talking about.
>
> And as long as no pressure is put on the software vendors to fix their
> products it is'nt gonna change, is it?
>
>>So, while we all agree that the root cause is ignorance and running as
>>Admins, what we need to change is way more than just people running as
>>admins.
>>
>>1) ZA and others protect the ignorant and Admins far better than Windows
>>XP SP2 firewall.
>
> An ignorant can't be protected by software running as admin.
>
>>2) Program developers need to write code that runs well, without
>>changes/hacks for limited user level accounts.
>
> Yup.
>
>>3) Websites need to be coded to NOT use active-x.
>
> Who needs activeX on websites anyway.
>
>>Until the time we can force the above 3 items, and until people stop using
>>Admin level by default, applications like ZA and others will provide more
>>protection than XP SP2 firewall does.
>
> And as long as people continue to just go with the flow that won't
> happen.
>
> May I add:
>
> 4) Users need proper education and guidance.
I'm glad it seems we agree on all of those points, it's actually nice to
chat with someone that's not off-kilter.
The problem that we have is that none of those things are happening, and
few of us can reach the masses that are impacted daily by ignorance and by
malware.
So, as a general rule, while we can't educate the masses in time to
protect them or us from them.
My experience has been that if I suggest ZA/ZAP, that the users tend to
fall into two groups - those that don't have a clue and never will and
those that start learning and actually question every little pop-up. Those
running XP SP2 firewall never question anything as they are almost never
asked about anything, never see what is happening, never know about the
holes already in their firewall.
So, it boils down to the user continuing to use XP SP2 firewall and being
compromised due to the OS defaults and ignorance, or their being asked to
install some third party PFW that provides at least a little more
protection, provides a chance for them to become motivated, a chance to
keep them protected.
In every case where I've visited a person using just the XP firewall, they
were compromised unless they also had a NAT/Firewall appliance.
In all but one case where I've visited people using ZA/ZAP or other PFW
(not Windows XP SP2 FW), they've all been uncompromised and that includes
the people with several computers and no NAT router.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> > It's worse, unfortunately: the home user is being asked, if he want's to
> > lose protection, and in a way, that he doesn't understand: when the
> > "Personal Firewall" is asking for online software updates, "No" means
> > losing protection, when the "Personal Firewall" is asking for a network
> > service, "Yes" means losing protection.
> I am going to have to say this. That's your opinion and you are entitled
> to it, and you're just one man.
So what is your argument that I'm wrong here?
If the "Personal Firewall" alerts: "Application XXX.Exe is trying to
connect to the Internet on port YYY", how could the home user determine,
wether this is necessary for an online software update or wether this is
a network connection, she/he don't want to have?
How could she/he decide, wether "Yes" means "I want to be protected",
because this is a needed online software update, or wether "No" means "I
want to be protected", because this is network traffic, which endangers
her/him?
Please bring an argument. It's much too easy to say "that's your opinion
and you're just one man". Maybe you could do better (I hope for you).
> > The home user cannot decide this, but she/he is forced to decide => wrong
> > decision => losing protection.
> If they know what they are doing then they know, if they don't they
> don't and there are no in-betweens.
Yes. And this is the reason, why "application control" is a flawed concept,
and one should never implement flawed concepts in any way. They're counter-
productive.
People who know don't need "application control" or "controlling
outbound traffic" at all. People who don't, may not use it, because it's
counter-productive.
> > Fortunately, the Windows-Firewall is not harming the home user that way.
> And XP FW is not providing the protection either, like the rest of them.
Which "protection" are you talking about after all?
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
On Thu, 22 Mar 2007 16:39:57 +0000, B. Nice wrote:
> On Thu, 22 Mar 2007 08:39:00 -0500, Leythos
>
>>I'm glad it seems we agree on all of those points, it's actually nice to
>>chat with someone that's not off-kilter.
>
> We don't agree that much, I'm afraid. We heavily disagree on what is
> the proper approach.
>
> I advocate encouraging people to run as restricted users and mail-bomb
> the vendors of products that fail to work like that for no good
> reason. And if that does'nt help - switch to something that works.
Well, I agree that we should teach, but MB is a violation of most TOS for
people.
>>The problem that we have is that none of those things are happening, and
>>few of us can reach the masses that are impacted daily by ignorance and by
>>malware.
>
> Well, since you seem to prefer to deal with the symptom instead of the
> problem, I don't see how you are actually interrested in changing it.
I am, but I'm not willing to wait for the world to change, I want to
protect people right now.
>>So, as a general rule, while we can't educate the masses in time to
>>protect them or us from them.
>
> No excuse.
Not an excuse, but it is a reality - do you just let them keep consuming
bandwidth, getting private info exposed, probing others systems,
complaining about their systems running slow, while doing nothing
productive. You can educate and also prevent at the same time.
>>My experience has been that if I suggest ZA/ZAP, that the users tend to
>>fall into two groups - those that don't have a clue and never will and
>>those that start learning and actually question every little pop-up.
>
> The problem being that you suggest ZA/ZAP in the first place.
But I've not been show how it's a problem, sure there have been people
claiming it has a root kit, that it's not teaching anyone anything, that
it can be subverted, but it works better than XP SP2 firewall and
certainly better than nothing at all, in most cases.
>>Those running XP SP2 firewall never question anything as they are almost never
>>asked about anything, never see what is happening, never know about the
>>holes already in their firewall.
>
> It seems you did'nt teach them much about what running a program as an
> administrator means and also not about how networking works, how to
> monitor it and why that is important.
No, they never contacted me before the problem. That's where you are
missing it - from the start they don't have much of a chance, unless they
get something better then SP2 firewall.
I never leave a compromised user or a friend without telling them about
security at all levels. You can't reach people you've not been too or that
don't know to see out information.
>>So, it boils down to the user continuing to use XP SP2 firewall and being
>>compromised due to the OS defaults and ignorance, or their being asked to
>>install some third party PFW that provides at least a little more
>>protection, provides a chance for them to become motivated, a chance to
>>keep them protected.
>>
>>In every case where I've visited a person using just the XP firewall, they
>>were compromised unless they also had a NAT/Firewall appliance.
>
> That's definately not my experience.
>
>>In all but one case where I've visited people using ZA/ZAP or other PFW
>>(not Windows XP SP2 FW), they've all been uncompromised and that includes
>>the people with several computers and no NAT router.
>
> I question that. Simply because I have seen many users with lots of
> crap on their machines despite of running a PFW, anti-virus and other
> anti-stuff.
>
> And one final question: Why even encourage people to allow malware to
> run making them believe that it's controllable. I think it's a more
> honest approach to tell them that if they allow malware to run, all
> bets are off.
I don't encourage people to allow malware to run, not at all.
Since running a PFW has already been proven to "HELP" protect people from
all sorts of malware and other attacks, why are you and VB/SG so against
something that's already proven to work better than XP SP2 Firewall.
That's the real question in this thread - since ZA/ZAP works better than
XP SP2 firewall, why are you against using it?
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>It's more nonsense from you
>>I don't have a problem with it.
>>
>>Now what?
>
>
> Putting you back into the killfile. I really don't need to listen to your
> argument lacking flamebaits.
Really? It's as expected when someone won't listen to you about your
beloved, I guess you have it in the bed with you, the XP FW. You want to
jump into peoples faces on a routine basis about anything.
You really are a pathetic Human Being and a so called man. People are
tired of you. I am sure it's not the first time that has been said to
you not only on the Internet, but I suspect, in your personal life as well.
You need to put yourself in your own killfile and basically keep your
liver lip and lip service mouth shut, as you will foam at the mouth
about the Sun coming up at the drop of a hat.
You are no help to anyone and you are a paluge in this NG.
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>>It's worse, unfortunately: the home user is being asked, if he want's to
>>>lose protection, and in a way, that he doesn't understand: when the
>>>"Personal Firewall" is asking for online software updates, "No" means
>>>losing protection, when the "Personal Firewall" is asking for a network
>>>service, "Yes" means losing protection.
>>
>>I am going to have to say this. That's your opinion and you are entitled
>>to it, and you're just one man.
>
>
> So what is your argument that I'm wrong here?
What about that above statement didn't you understand?
>
> If the "Personal Firewall" alerts: "Application XXX.Exe is trying to
> connect to the Internet on port YYY", how could the home user determine,
> wether this is necessary for an online software update or wether this is
> a network connection, she/he don't want to have?
>
> How could she/he decide, wether "Yes" means "I want to be protected",
> because this is a needed online software update, or wether "No" means "I
> want to be protected", because this is network traffic, which endangers
> her/him?
>
> Please bring an argument. It's much too easy to say "that's your opinion
> and you're just one man". Maybe you could do better (I hope for you).
I am going to tell you once again. I don't believe in App Control myself
and I was stating my reasons about it long before you came to this NG.
I don't have to explain anything to you about anything. Who do you think
you are here?
You continuously go off about this, that and the other about the XP FW,
when anyone one goes against the XP FW.
Why do you keep harping on things when it comes to the XP FW? You're not
much better than SG and he's a lunatic that can't stop posting about
anything.
>
>
>>>The home user cannot decide this, but she/he is forced to decide => wrong
>>>decision => losing protection.
>>
>>If they know what they are doing then they know, if they don't they
>>don't and there are no in-betweens.
>
>
> Yes. And this is the reason, why "application control" is a flawed concept,
> and one should never implement flawed concepts in any way. They're counter-
> productive.
Once again, you continuously go off about your position on app control.
>
> People who know don't need "application control" or "controlling
> outbound traffic" at all. People who don't, may not use it, because it's
> counter-productive.
>
>
>>>Fortunately, the Windows-Firewall is not harming the home user that way.
>>
>>And XP FW is not providing the protection either, like the rest of them.
>
>
> Which "protection" are you talking about after all?
What difference does it make?
You think the XP FW is the best thing since hot and cold running water
anytime someone takes a differnt view of it.
I use to have some kind of respect for you, but have blown that to Hell,
because of your obsession with the XP FW.
Mr. Arnold wrote:
>> If the malware configures the port in the XP FW then there won't be a
>> warning. If it does not, there will be a warning and if the user is
>> running as limited user at that time he is not even able to open the
>> port.
>
> Well, 99% of them are not running as limited user and those are the facts.
Well check again. I have just done it. Remove my sip phone from the XP
SP2 firewall. Started the program as limited user. It pops up a warning
that traffic is blocked and that an administrator is able to unblock it.
No way to change that without being administrator.
>> If the malware configures the port in the PFW then there won't be a
>> warning. If it does not, there will be a warning and very often even a
>> limited user has the opportunity to let the malware open the port.
>
> That's with any host based software FW/packet filter that malware can
> configure a port period.
>
> What is your point?
If the malware configures a port there won't be a warning. Neither with
the XP FW nor with any other PFW. It is also not true that the XP FW
never shows a warning while the PFW does.
Gerald
Gerald Volt wrote:
> Mr. Arnold wrote:
>
>>> If the malware configures the port in the XP FW then there won't be a
>>> warning. If it does not, there will be a warning and if the user is
>>> running as limited user at that time he is not even able to open the
>>> port.
>>
>>
>> Well, 99% of them are not running as limited user and those are the
>> facts.
>
>
> Well check again. I have just done it. Remove my sip phone from the XP
> SP2 firewall. Started the program as limited user. It pops up a warning
> that traffic is blocked and that an administrator is able to unblock it.
> No way to change that without being administrator.
What does this have to do with the fact that 99% of Windows home users
on the NT based O/S are NOT running with admen rights?
>
>>> If the malware configures the port in the PFW then there won't be a
>>> warning. If it does not, there will be a warning and very often even
>>> a limited user has the opportunity to let the malware open the port.
>>
>>
>> That's with any host based software FW/packet filter that malware can
>> configure a port period.
>>
>> What is your point?
>
>
> If the malware configures a port there won't be a warning. Neither with
> the XP FW nor with any other PFW. It is also not true that the XP FW
> never shows a warning while the PFW does.
What, you think you're the only one that has ever investigated and
tested the XP FW on the XP O/S? Well lordly be. Tell me something I
don't know.
Leythos wrote:
> My experience has been that if I suggest ZA/ZAP, that the users tend to
> fall into two groups - those that don't have a clue and never will and
> those that start learning and actually question every little pop-up. Those
The problem with all the PFWs I have seen: they don't really want the
user to learn. The messages are far too short with far too little
explanation that you cannot really understand them. Usually you will not
find a applicable tutorial with the message... This makes even many of
those you are willing to learn think they will never be able to
comprehend what is going on nor be able to protect the computer or
themselves. Therefore they will soon believe that PFWs are mandatory on
a computer...
> running XP SP2 firewall never question anything as they are almost never
> asked about anything, never see what is happening, never know about the
> holes already in their firewall.
The Microsoft wizards as well as the software I have installed always
mentioned during the setup that ports will be opened in the firewall. I
would say if people "never know" about this they either did not read the
texts on the screen or they installed questionable software which does
not warn them about this. If they install questionable software all
security is relative anyway...
> In every case where I've visited a person using just the XP firewall, they
> were compromised unless they also had a NAT/Firewall appliance.
You should visit me. Strange enough, all the people I have visited using
the XP firewall never got compromised. But that's maybe because they
were brainless before using the PFW and never got a clue what was going
on. After I have removed the garbage from their computer (formatting...)
which got through despite all PFWs I explained them how PFW works and
how effective they are and about the XP firewall. Now they use the XP
firewall only and they are fine and careful. But, O.K., I suppose it
helped to loose all data for once and to have someone explain it to them
(which only took 30 minutes or so...)
> In all but one case where I've visited people using ZA/ZAP or other PFW
> (not Windows XP SP2 FW), they've all been uncompromised and that includes
> the people with several computers and no NAT router.
You and I know very different people...
Gerald
Leythos wrote:
> In all but one case where I've visited people using ZA/ZAP or other PFW
> (not Windows XP SP2 FW), they've all been uncompromised and that includes
> the people with several computers and no NAT router.
What I have just forgotten: How do you actually know that the computers
where uncompromised? The PFW stops the dumb malware which is easy to
detect. The good malware is much harder to find and sits there with or
without the PFW...
Gerald
Gerald Vogt wrote:
Well check again. I have just done it. Remove my sip phone from the XP
SP2 firewall. Started the program as limited user. It pops up a
warning that traffic is blocked and that an administrator is able to
unblock it. No way to change that without being administrator.
What does this have to do with the fact that 99% of Windows home users
on the NT based O/S ARE running with admen rights?
As far as I am concerned, your point is moot about the Limited user as
opposed the Admin user rights and some kind of example that you're
trying to show here, that I don't care about.
Gerald Vogt wrote:
> Leythos wrote:
>
>> In all but one case where I've visited people using ZA/ZAP or other PFW
>> (not Windows XP SP2 FW), they've all been uncompromised and that includes
>> the people with several computers and no NAT router.
>
>
> What I have just forgotten: How do you actually know that the computers
> where uncompromised? The PFW stops the dumb malware which is easy to
> detect. The good malware is much harder to find and sits there with or
> without the PFW...
>
This is to ridiculous. It's as if this person is under the assumption
that he is the only one that knows anything.
How does anyone know anything about possible malware running on the
machine that's undetected? Well, they use other tools and don't lean on
a PFW and Application Control in them like a crutch and he or she looks
from time to time.
Post removed (X-No-Archive: yes)
Gerald Vogt wrote:
> Leythos wrote:
>
>> My experience has been that if I suggest ZA/ZAP, that the users tend to
>> fall into two groups - those that don't have a clue and never will and
>> those that start learning and actually question every little pop-up.
>> Those
>
>
> The problem with all the PFWs I have seen: they don't really want the
> user to learn. The messages are far too short with far too little
> explanation that you cannot really understand them.
Any messages from an application/program to a end-user are not meant to
hold the user's hand.
> Usually you will not
> find a applicable tutorial with the message... This makes even many of
> those you are willing to learn think they will never be able to
> comprehend what is going on nor be able to protect the computer or
> themselves. Therefore they will soon believe that PFWs are mandatory on
> a computer..
You do know that there is more to a PFW or a personal packet filter
other than application control. Yeah know, it's most important job is to
stop unsolicited inbound traffic/packets from reaching the machine. It's
a machine level packet filter.
A computer with a direct connection to the Internet (no router between
the computer and the modem) for the average job blow home user running a
NT based O/S is imperative.
>
>> running XP SP2 firewall never question anything as they are almost never
>> asked about anything, never see what is happening, never know about the
>> holes already in their firewall.
>
>
> The Microsoft wizards as well as the software I have installed always
> mentioned during the setup that ports will be opened in the firewall. I
> would say if people "never know" about this they either did not read the
> texts on the screen or they installed questionable software which does
> not warn them about this. If they install questionable software all
> security is relative anyway...
If they installed questionable software and not know what it's doing,
then it's their fault. The buck stops with them.
>
>> In every case where I've visited a person using just the XP firewall,
>> they
>> were compromised unless they also had a NAT/Firewall appliance.
>
>
> You should visit me. Strange enough, all the people I have visited using
> the XP firewall never got compromised.
They were lucky.
> But that's maybe because they
> were brainless before using the PFW and never got a clue what was going
> on. After I have removed the garbage from their computer (formatting...)
> which got through despite all PFWs I explained them how PFW works and
> how effective they are and about the XP firewall.
What did you explain that a firewall or packet filter's main job is to
stop unsolicited inbound traffic from reaching the machine? That's its
job. Its job is not to be stopping malware. A FW is not a malware
solution, although its in the solution for PFW(s).
> Now they use the XP
> firewall only and they are fine and careful. But, O.K., I suppose it
> helped to loose all data for once and to have someone explain it to them
> (which only took 30 minutes or so...)
Being fine and careful applies to anything. It doesn't make a difference
as to what solution is being used.
>
>> In all but one case where I've visited people using ZA/ZAP or other PFW
>> (not Windows XP SP2 FW), they've all been uncompromised and that includes
>> the people with several computers and no NAT router.
>
>
> You and I know very different people...
>
There just *clueless* home users that will mess-up, if given the chance
and at the drop of a hat. Nothing is going to save them no matter what
they got running.
Post removed (X-No-Archive: yes)
B. Nice wrote:
> On Thu, 22 Mar 2007 23:22:13 GMT, "Mr. Arnold" <"Mr.
> Arnold"@Arnold.COM> wrote:
>
>
>>If they installed questionable software and not know what it's doing,
>>then it's their fault. The buck stops with them.
>
>
> That's one argument I don't understand. Don't people install security
> software for the exact purpose of being protected when doing something
> stupid?
For the average job blow user, they should install non-questionable
software as much as possible, stop going to dubious sites and
downloading and installing software, stop clicking on unknown
attachments in emails that can install dubious software etc, etc, as
measures they can use to protect themselves.
Software can't stop anyone from doing something stupid, when it comes to
some kind of detection and prevention. In all cases when a computer has
been compromised, the user has had involvement. On the other hand,
detection solutions are better than nothing for some users
There is only one piece of software I will look at that's doing some
kind of detection that's worth while and that's an AV application. I
don't even trust that and will look around on the machine with other
tools from time to time.
However, it's a hard line in the sand with various users on detection
and prevention solutions. Some believe in them and some don't. And no
amount of jibber and jabber arguments are going to do solve or do
anything, but what you see here about this.
It was that way 7 years ago when I joined this NG and it's going to be
the same with I no longer come to the NG, particularly on the MS platform.
Post removed (X-No-Archive: yes)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> You think the XP FW is the best thing since hot and cold running water
> anytime someone takes a differnt view of it.
Recitating from my own posting in _this_ thread:
<460264a2@news.uni-ulm.de>
| Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
| > > All "Personal Firewalls" I know are completely ridiculous.
| > That also includes the XP FW.
| I'd not call the Windows-Firewall a "Personal Firewall". It's just a
| host based packet filter, unfortenately necessary, because of the design
| flaw in Windows to offer network services as a default.
You could use other implementations of such an host based packet filter,
too, like this one, if you want to:
http://wipfw.sourceforge.net/
A home user cannot control this, unfortunately. So the Windows-Firewall
is the simplest choice for her/him.
What I find much better, is this:
http://www.ntsvcfg.de/ntsvcfg_eng.html
That is the reason, why I hacked this one for Windows 2000 and Windows
XP before SP2:
http://www.dingens.org
I wanted to offer the work of Torsten (and others) in a way, that users
can benefit of it. That's all, what www.dingens.org is about. Before
Windows XP SP2, this was badly necessary. Since then, maybe it is the
second best choice to have a packet filter like the Windows-Firewall,
which is filtering out traffic. Because this is default since then, I
didn't update www.dingens.org anymore.
I really don't understand, why Microsoft refuses to fix this b0rken
default configuration, so we all don't need any filtering at all as a
default, just like it is with a Macintosh.
The Windows-Firewall is not "the best thing since hot and cold running
water". Quite the contrary, it's just the least catastrophic compromise of
simple usage and a minimum of stopping endangering the home user by
Windows' own network services.
All "Personal Firewalls" I saw were completely ridiculous crap.
Clear now?
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> You do know that there is more to a PFW or a personal packet filter
> other than application control. Yeah know, it's most important job is to
> stop unsolicited inbound traffic/packets from reaching the machine. It's
> a machine level packet filter.
If this would be all what "Personal Firewalls" would implement, then I
would not argue against them. Unfortunately, all of them I saw are
implementing futile crap and counter-productive nonsense, too. This is
the reason, why I'm usually recommending not to use such software.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Post removed (X-No-Archive: yes)
Sebastian Gottschalk
> Volker Birk wrote:
> > I really don't understand, why Microsoft refuses to fix this b0rken
> > default configuration,
> I told you once before, and I'm telling you again: Microsoft writes
> software for making money. That's they official company motto. And they're
> a corporation, thus by law their primary objective must be making money.
I don't see anything wrong with this.
> Compare the costs of implementing such a lame treatment of symptoms and bad
> publicity from security incidents against the costs of testing such big
> changes and support calls for the secure configuration blocking wanted
> features.
I cannot see such exorbitant costs compared to what they're investing in
Windows XP SP2 and even Vista.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>You do know that there is more to a PFW or a personal packet filter
>>other than application control. Yeah know, it's most important job is to
>>stop unsolicited inbound traffic/packets from reaching the machine. It's
>>a machine level packet filter.
>
>
> If this would be all what "Personal Firewalls" would implement, then I
> would not argue against them. Unfortunately, all of them I saw are
> implementing futile crap and counter-productive nonsense, too. This is
> the reason, why I'm usually recommending not to use such software.
>
Well, the one I do you use when my laptop is not connected to my FW
appliance does just that. It does have app control that can be disabled,
but it has none of the other snake-oil in it. I have used it for 7 years.
It does what I need it to do, which is stop unsolicited inbound traffic
from reaching the machine. Not unlike the XP FW, which is not a FW
either in my opinion but is a machine level packet filter as well, it
cannot stop outbound packets either.
That's why I supplement the personal packet filter with IPsec that's on
the XP O/S, which I would use to supplement XP's PFW/personal packet
filter if I was ever in that situation, to stop outbound packets if need be.
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
I don't need your recommendations about anything.
>
> All "Personal Firewalls" I saw were completely ridiculous crap.
And you are wrong, because the one I use gives me the protection that I
need on this laptop to protect the Windows services, when it's not
behind my FW appliance.
And without the app control in it that can be disabled and I do disable
app control in it, which makes it not unlike the XP FW/personal packet
filter, it cannot stop outbound packets either. It's doing the one thing
and its most important job that I need it to do, which is to STOP
UNSOLICITED INBOUND TRAFFIC FROM REACHING THE MACHINE.
>
> Clear now?
Using that PFW/personal packet filter along with IPsec that's on the XP
O/S that can act in a FW like manner to stop outbound packets in a
supplemental role to the PFW/personal packet filter do their job.
The combination of the two give the protection that is needed on the
laptop running XP to protect IIS, SQL server etc, etc, because of my
..Net development needs, that's running on this laptop.
And I don't have a problem in using either one of them to provide the
solution of protecting this machine.
There is nothing else that needs to be said here.
But observing someone like you and SG and your previous posts on this
matter, you'll post again, because it's not good enough in your
opinions, because you two try to preach the *security gospel* to each
other, according to you two.
Not only are you tiresome with this, you're boring as well with it.
Are we clear now?
Post removed (X-No-Archive: yes)
Sebastian Gottschalk some kind of devil's hell hound wrote:
Do me a favor and shut the Hell-up, if that's possible for you.
You're no one in this NG in the first place, but a lip driveling specialist.
How you have crowed yourself to be some authority on something, when
you're not an authority on anything is fabulous.
Maximum Dog8
[indignities]
> Are we clear now?
Yes. *plonk*
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
> Well, the one I do you use when my laptop is not connected to my FW
> appliance does just that. It does have app control that can be disabled,
> but it has none of the other snake-oil in it. I have used it for 7 years.
Sounds good. What is it?
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Volker Birk wrote:
> Maximum Dog8
>
> [indignities]
>
You know where you can stick your *indignities*.
>>Are we clear now?
>
>
> Yes. *plonk*
>
That's an equal opportunity ditto on the
Volker Birk wrote:
> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>
>>Well, the one I do you use when my laptop is not connected to my FW
>>appliance does just that. It does have app control that can be disabled,
>>but it has none of the other snake-oil in it. I have used it for 7 years.
>
>
> Sounds good. What is it?
>
BlackIce and I have not renewed it in about 2 years. I just need it to
be a packet filter on the laptop when needed. Other than that, it's
disabled when the laptop is on my network.
Post removed (X-No-Archive: yes)
Sebastian Gottschalk wrote:
> Maximum Dog9 wrote:
>
>
>>Volker Birk wrote:
>>
>>>Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>>>
>>>
>>>>Well, the one I do you use when my laptop is not connected to my FW
>>>>appliance does just that. It does have app control that can be disabled,
>>>>but it has none of the other snake-oil in it. I have used it for 7 years.
>>>
>>>Sounds good. What is it?
>>>
>>
>>BlackIce and I have not renewed it in about 2 years.
>
>
> Now it doesn't sound good anymore. Well, when we're discussing security
> issue, you should stop avoiding to tell about the negative aspects.
What, like your negative lip service. Who is us? Are you tossing
someone's salad in the NG to be saying the word *US*. I wouldn't put it
pass you.
Mr. Arnold wrote:
> Sebastian Gottschalk wrote:
>
>> Maximum Dog9 wrote:
>>
>>
>>> Volker Birk wrote:
>>>
>>>> Mr. Arnold <"Mr. Arnold"@arnold.com> wrote:
>>>>
>>>>
>>>>> Well, the one I do you use when my laptop is not connected to my FW
>>>>> appliance does just that. It does have app control that can be
>>>>> disabled, but it has none of the other snake-oil in it. I have used
>>>>> it for 7 years.
>>>>
>>>>
>>>> Sounds good. What is it?
>>>>
>>>
>>> BlackIce and I have not renewed it in about 2 years.
>>
>>
>>
>> Now it doesn't sound good anymore. Well, when we're discussing security
>> issue, you should stop avoiding to tell about the negative aspects.
>
>
> What, like your negative lip service. Who is us? Are you tossing
> someone's salad in the NG to be saying the word *US*. I wouldn't put it
> pass you.
In case you missed it.
Sebastian Gottschalk somewhere under the rock wrote:
Like I told you before, if the Sun was out, it was beautiful clear blue
sunny day and about 75 degree, you would crawl out form under your rock
and spit at it and crawl back under the rock.
On Fri, 23 Mar 2007 06:45:26 +0000, B. Nice wrote:
>
> Yes, I fully understand what your standpoint is. You prefer stop-gap
> solutions to concept based solutions.
Then you really don't understand my position at all. I "prefer" that all
users become educated, that the OS is secured, that the apps work without
needing Admin level status, that there is world peace..... Until that
happens I see the need for PFW solutions that are better than the windows
firewall.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
On Fri, 23 Mar 2007 07:19:03 +0900, Gerald Vogt wrote:
> Leythos wrote:
>> In all but one case where I've visited people using ZA/ZAP or other PFW
>> (not Windows XP SP2 FW), they've all been uncompromised and that includes
>> the people with several computers and no NAT router.
>
> What I have just forgotten: How do you actually know that the computers
> where uncompromised? The PFW stops the dumb malware which is easy to
> detect. The good malware is much harder to find and sits there with or
> without the PFW...
Looking for it is easy, all you have to do is look.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Fri, 23 Mar 2007 06:45:26 +0000, B. Nice wrote:
>> Yes, I fully understand what your standpoint is. You prefer stop-gap
>> solutions to concept based solutions.
>
> Then you really don't understand my position at all. I "prefer" that
> all users become educated, that the OS is secured, that the apps work
> without needing Admin level status, that there is world peace.....
> Until that happens I see the need for PFW solutions that are better
> than the windows firewall.
The PFW "solutions" you propose will not only *not* help with changing
the status quo, instead they will further establish it. Which makes them
counter-productive.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Leythos
> On Fri, 23 Mar 2007 07:19:03 +0900, Gerald Vogt wrote:
>> Leythos wrote:
>>> In all but one case where I've visited people using ZA/ZAP or other
>>> PFW (not Windows XP SP2 FW), they've all been uncompromised and that
>>> includes the people with several computers and no NAT router.
>>
>> What I have just forgotten: How do you actually know that the
>> computers where uncompromised? The PFW stops the dumb malware which
>> is easy to detect. The good malware is much harder to find and sits
>> there with or without the PFW...
>
> Looking for it is easy, all you have to do is look.
You do realize that looking for something and actually finding it are
two different things, don't you?
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Fri, 23 Mar 2007 20:19:57 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Fri, 23 Mar 2007 06:45:26 +0000, B. Nice wrote:
>>> Yes, I fully understand what your standpoint is. You prefer stop-gap
>>> solutions to concept based solutions.
>>
>> Then you really don't understand my position at all. I "prefer" that
>> all users become educated, that the OS is secured, that the apps work
>> without needing Admin level status, that there is world peace.....
>> Until that happens I see the need for PFW solutions that are better
>> than the windows firewall.
>
> The PFW "solutions" you propose will not only *not* help with changing
> the status quo, instead they will further establish it. Which makes them
> counter-productive.
Not in my experience with ignorant users, not in my experience with
typical non-ignorant users, not im my experience with anyone.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Post removed (X-No-Archive: yes)
On Sat, 24 Mar 2007 06:51:33 +0000, B. Nice wrote:
> On Fri, 23 Mar 2007 15:51:21 -0500, Leythos
>
>>On Fri, 23 Mar 2007 20:19:57 +0000, Ansgar -59cobalt- Wiechers wrote:
>>
>>> Leythos
>>>> On Fri, 23 Mar 2007 06:45:26 +0000, B. Nice wrote:
>>>>> Yes, I fully understand what your standpoint is. You prefer stop-gap
>>>>> solutions to concept based solutions.
>>>>
>>>> Then you really don't understand my position at all. I "prefer" that
>>>> all users become educated, that the OS is secured, that the apps work
>>>> without needing Admin level status, that there is world peace.....
>>>> Until that happens I see the need for PFW solutions that are better
>>>> than the windows firewall.
>>>
>>> The PFW "solutions" you propose will not only *not* help with changing
>>> the status quo, instead they will further establish it. Which makes them
>>> counter-productive.
>>
>>Not in my experience with ignorant users, not in my experience with
>>typical non-ignorant users, not im my experience with anyone.
>
> So after your installation of a PFW, what encourages them to switch to
> a limited user account? What encourages them to put pressure on
> vendors?
When they get to the point of a PFW after having their machine cleaned or
wiped/restored, they use the Better PFW to stay clean and they have two
accounts "FULL" and "LIMITED" and are instructed to only use the "FULL" to
install software or to run apps that won't run under limited....
As for contacting the software vendors - we'll, once they start using a
limited account and see how much doesn't work as a non-admin, I can't tell
if anyone complains to the vendors.
What I can say is that they don't appear to be compromised again and that
they don't appear to have the same types of problems, so, a little
education combinded with a better firewall solution seems to work well.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
> On Sat, 24 Mar 2007 06:51:33 +0000, B. Nice wrote:
>> On Fri, 23 Mar 2007 15:51:21 -0500, Leythos
>>> On Fri, 23 Mar 2007 20:19:57 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>> The PFW "solutions" you propose will not only *not* help with
>>>> changing the status quo, instead they will further establish it.
>>>> Which makes them counter-productive.
>>>
>>> Not in my experience with ignorant users, not in my experience with
>>> typical non-ignorant users, not im my experience with anyone.
>>
>> So after your installation of a PFW, what encourages them to switch
>> to a limited user account? What encourages them to put pressure on
>> vendors?
>
> When they get to the point of a PFW after having their machine cleaned
> or wiped/restored, they use the Better PFW to stay clean and they have
> two accounts "FULL" and "LIMITED" and are instructed to only use the
> "FULL" to install software or to run apps that won't run under
> limited....
In that scenario the Windows-Firewall will work just fine. No need at
all to install rootkits on the computer.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On Sat, 24 Mar 2007 12:53:04 +0000, Ansgar -59cobalt- Wiechers wrote:
> Leythos
>> On Sat, 24 Mar 2007 06:51:33 +0000, B. Nice wrote:
>>> On Fri, 23 Mar 2007 15:51:21 -0500, Leythos
>>>> On Fri, 23 Mar 2007 20:19:57 +0000, Ansgar -59cobalt- Wiechers wrote:
>>>>> The PFW "solutions" you propose will not only *not* help with
>>>>> changing the status quo, instead they will further establish it.
>>>>> Which makes them counter-productive.
>>>>
>>>> Not in my experience with ignorant users, not in my experience with
>>>> typical non-ignorant users, not im my experience with anyone.
>>>
>>> So after your installation of a PFW, what encourages them to switch
>>> to a limited user account? What encourages them to put pressure on
>>> vendors?
>>
>> When they get to the point of a PFW after having their machine cleaned
>> or wiped/restored, they use the Better PFW to stay clean and they have
>> two accounts "FULL" and "LIMITED" and are instructed to only use the
>> "FULL" to install software or to run apps that won't run under
>> limited....
>
> In that scenario the Windows-Firewall will work just fine. No need at
> all to install rootkits on the computer.
In your limited exposure to people that are ignorant you must not see how
people still using the Windows XP firewall are still compromised because
they don't actually follow the above all the time.
You must have some serious delusion that people always do the right thing,
that they always obey the rules and security norms, that they just do what
you tell them all the time - it's just not true.
--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)
Leythos wrote:
> In your limited exposure to people that are ignorant you must not see how
> people still using the Windows XP firewall are still compromised because
> they don't actually follow the above all the time.
Then noone explained it to them properly. And: they are compromised
regardless whether they use the XP firewall or a PFW. The "outbound
protection" of the PFW does not protect the computer from infection. The
"outbound protection" is only the sign that the computer is infected (by
stupid malware). But in my experience it is due to this "outbound
protection" (and because it is called "protection") people think the
problem is under control. They think their PFW has prevented something
really bad and the PFW has the problem under control. For that reason
they think they can just continue. They don't accept the necessary
consequences (reformat). They look for some tools in the internet how to
remove this malware and eventually believe one of the five tools
installed did actually remove it. Well, at least the PFW does not report
anything anymore. Until the next time. And again, and again, and again.
Usually in the process of removing the malware they install even worse
malware which pretends to remove the other malware... After a while the
PFW does not report anything anymore but the computer is slooow.
The important thing here is in my experience: all of those people
thought there is nothing more they could do. It is just happens.
Computers get infected by viruses just like human beings catch a cold.
They accept it as a "law of nature". Noone ever simply accepted the fact
that in the beginning it was them who installed some creepy software and
started it all. Because they "successfully" removed the malware and the
PFW did not report anything anymore after the removal they think their
computer is clean. The one problem reported does not occur anymore. The
PFW does not report anything anymore (for some time). Their conclusion
is: the computer is clean.
> You must have some serious delusion that people always do the right thing,
> that they always obey the rules and security norms, that they just do what
> you tell them all the time - it's just not true.
After the second time, you reformat their harddisc, reinstall an image,
loosing all e-mails and documents on the computer, they are learning.
Once the computer becomes important in any way to them they are open to
learn...
The only people I know that don't obey the "rules" are those you know
that they don't obey them and they don't care. They want to install any
junk advertised in any spam mail they have received. They don't really
care how many viruses they have on their computer. They need a zoo of
security software to keep the problems low until they themselves
reinstall an image.
Gerald