Has anybody tried to run Atguard under Windows Vista?
Atguard was the predecessor of the Norton firewall. If I could buy
the Norton firewall without all of the other junk (antivirus, etc) I
would. But they only sell it as a part of Norton Internet Security.
And there is no way to turn the antivirus off.
Other than that, does anybody know of a low cost or free firewall that
has the same fine-tuning ability as Norton firewall or Atguard?
haha@hoohoo.net wrote:
> Has anybody tried to run Atguard under Windows Vista?
>
> Atguard was the predecessor of the Norton firewall. If I could buy
> the Norton firewall without all of the other junk (antivirus, etc) I
> would. But they only sell it as a part of Norton Internet Security.
> And there is no way to turn the antivirus off.
>
> Other than that, does anybody know of a low cost or free firewall that
> has the same fine-tuning ability as Norton firewall or Atguard?
Atguard is no firewall, it's a host-based packet filter. And yes, there are
many others implementations with the same level of lousiness as Atguard and
Norton, however this is quite offtopic here.
news:65vpb3t3b0b4ldb31rirbnql4vsgq9a0h6@4ax.com...
> Has anybody tried to run Atguard under Windows Vista?
>
I haven't and I won't.
>
> Atguard was the predecessor of the Norton firewall. If I could buy
> the Norton firewall without all of the other junk (antivirus, etc) I
> would.
>
This would not be advisable; The retail version of Norton is next to
useless.
>
> Other than that, does anybody know of a low cost or free firewall that
> has the same fine-tuning ability as Norton firewall or Atguard?
>
Use the in-build application.
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01 /426921.aspx
http://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and- so-this-is-vista.aspx
You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.
http://www.microsoft.com/technet/community/columns/cableguy/ cg0905.mspx
http://www.microsoft.com/whdc/device/network/WFP.mspx
On Sat, 11 Aug 2007 17:05:14 +0700, "Kayman"
>
>news:65vpb3t3b0b4ldb31rirbnql4vsgq9a0h6@4ax.com...
>> Has anybody tried to run Atguard under Windows Vista?
>>
>I haven't and I won't.
>>
>> Atguard was the predecessor of the Norton firewall. If I could buy
>> the Norton firewall without all of the other junk (antivirus, etc) I
>> would.
>>
>This would not be advisable; The retail version of Norton is next to
>useless.
>>
>> Other than that, does anybody know of a low cost or free firewall that
>> has the same fine-tuning ability as Norton firewall or Atguard?
>>
>
>Use the in-build application.
>Windows Firewall: the best new security feature in Vista?
>http://blogs.technet.com/jesper_johansson/archive/2006/05/0 1/426921.aspx
Thanks for the links. Jesper's main argument seems to be that
outbound filtering is basically useless against trojans for various
reasons. That may be true. But I mainly use software firewalls to
block regular software from connecting out. IMHO there is no
legitimate reason for Windows Media Player to connect to Microsoft
everytime I play a song or video. Microsoft isn't the only offender.
So many third party programs do the same thing. So, for example, my
newsreader is alowed to connect to my newsserver on the correct port
ONLY, and it is not allowed to connect anywhere else. Same with my
email client. And the various media players are only allowed to make
outbound connections when I want them to.
So what I want is something that will allow me to easily create the
necessary rules with sufficient detail. Not a simple "block" or
"allow."
>
>http://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and -so-this-is-vista.aspx
>
>You are not going to find anything better than the Vista FW and Vista in
>itself due to the advanced features the FW and Vista are using.
>http://www.microsoft.com/technet/community/columns/cableguy /cg0905.mspx
>http://www.microsoft.com/whdc/device/network/WFP.mspx
haha@hoohoo.net wrote:
> But I mainly use software firewalls to
> block regular software from connecting out.
Well, but shouldn't you first find any such software? So far this remains a
myth.
> IMHO there is no legitimate reason for Windows Media Player to connect to
> Microsoft everytime I play a song or video.
There is: Your configured it to do so. Change the configuration according to
the documentation and such a thing won't occur. Ever.
> Microsoft isn't the only offender.
Microsoft is no offender. The software behaves as documented.
> So many third party programs do the same thing.
Now excluding your stupidity to configure them correctly, how many are left?
I give you an approximate figure: 0
Sebastian G. wrote:
> haha@hoohoo.net wrote:
>
>> But I mainly use software firewalls to
>> block regular software from connecting out.
>
>
> Well, but shouldn't you first find any such software? So far this
> remains a myth.
That doesn't make sense. What remains a myth - that software makes
connections?
>> IMHO there is no legitimate reason for Windows Media Player to
> connect to
>> Microsoft everytime I play a song or video.
>
> There is: Your configured it to do so. Change the configuration
> according to the documentation and such a thing won't occur. Ever.
>
>> Microsoft isn't the only offender.
>
> Microsoft is no offender. The software behaves as documented.
>
>> So many third party programs do the same thing.
>
> Now excluding your stupidity to configure them correctly, how many are
> left? I give you an approximate figure: 0
Once again Sebastian, you fail to recognise the difference between a
real-world scenario with an average user and the Utopian computing
experience you have invented for yourself.
There are many applications that one may want to use, but may not want
the network capabilities of. One example of a type of software would be
ad-ware. A host-based packet filter can be effective in blocking the
unwanted network connections. I appreciate that if you are going to use
ad-ware, you should accept the advertisement but I can envisage
scenarios where this is unwanted.
As we have discussed before, there are useful, security applications for
a host-based packet filter. As long as the user is aware of the
capabilities and limitations of the software, it is not up to you to say
whether the user uses the software or not.
Bogwitch.
Bogwitch wrote:
> Sebastian G. wrote:
>> haha@hoohoo.net wrote:
>>
>>> But I mainly use software firewalls to
>>> block regular software from connecting out.
>>
>> Well, but shouldn't you first find any such software? So far this
>> remains a myth.
>
> That doesn't make sense. What remains a myth - that software makes
> connections?
That there's legitimate software the makes connection even when being
properly configured. We've yet to see any such application.
> There are many applications that one may want to use, but may not want
> the network capabilities of.
Sure.
> One example of a type of software would be ad-ware.
Definitely not.
> A host-based packet filter can be effective in blocking the
> unwanted network connections.
Normally it isn't. And a much more appropriate way is to simply configure
the software accordingly. Why don't you use a software which does exactly that?
Sebastian G. wrote:
> Bogwitch wrote:
>
>> Sebastian G. wrote:
>>> haha@hoohoo.net wrote:
>>>
>>>> But I mainly use software firewalls to
>>>> block regular software from connecting out.
>>>
>>> Well, but shouldn't you first find any such software? So far this
>>> remains a myth.
>>
>> That doesn't make sense. What remains a myth - that software makes
>> connections?
>
>
> That there's legitimate software the makes connection even when being
> properly configured. We've yet to see any such application.
Then your definition of legitimate and my definition of legitimate are
different. And who are _we_? You most certainly are not speaking for the
whole group!
>> There are many applications that one may want to use, but may not want
>> the network capabilities of.
>
>
> Sure.
>
>> One example of a type of software would be ad-ware.
>
>
> Definitely not.
Why not? I have used several utilities in the past that the author
released as ad-ware. Rather than charge for the software using one of
the 'regular' licensing models, it was made clear at the time of
installation that occasional advertising banners would adorn the
software. It did not make the software any less legitimate.
>> A host-based packet filter can be effective in blocking the unwanted
>> network connections.
>
> Normally it isn't. And a much more appropriate way is to simply
> configure the software accordingly. Why don't you use a software which
> does exactly that?
Normally it is. It is only when software is *specifically* written to
bypass/ disable host-based packet filters that is isn't.
Because occasionally, the functionality required comes from software
that does to fit into your utopian view of computer use.
Bogwitch.
Bogwitch wrote:
> Sebastian G. wrote:
>> Bogwitch wrote:
>>
>>> Sebastian G. wrote:
>>>> haha@hoohoo.net wrote:
>>>>
>>>>> But I mainly use software firewalls to
>>>>> block regular software from connecting out.
>>>> Well, but shouldn't you first find any such software? So far this
>>>> remains a myth.
>>> That doesn't make sense. What remains a myth - that software makes
>>> connections?
>>
>> That there's legitimate software the makes connection even when being
>> properly configured. We've yet to see any such application.
>
> Then your definition of legitimate and my definition of legitimate are
> different. And who are _we_? You most certainly are not speaking for the
> whole group!
I'm sorry for trying to be reasonable. If you're too stupid to configure
your application correctly, then you shouldn't blame it on the software.
> Why not? I have used several utilities in the past that the author
> released as ad-ware. Rather than charge for the software using one of
> the 'regular' licensing models, it was made clear at the time of
> installation that occasional advertising banners would adorn the
> software. It did not make the software any less legitimate.
This just makes it legitimate in a juristic sense. From the application
perspective, the advertisement is superfluos stuff that doesn't benefit the
user at all, consumes bandwidth, wastes space on the GUI and annoys.
> Normally it is. It is only when software is *specifically* written to
> bypass/ disable host-based packet filters that is isn't.
Such as Real Player, who considers such blocking as a network error and
tries to bypass it? Like Adobe License Manager, who uses raw sockets because
it detects that something is broken in the NDIS LSP layer? Beside that, most
implementations are horribly broken. Not to mention stupid defaults like
allowing access to Internet Explorer, Outlook Express, MSN Messenger, ...
> Because occasionally, the functionality required comes from software
> that does to fit into your utopian view of computer use.
?
Sebastian G. wrote:
> Bogwitch wrote:
>
>> Sebastian G. wrote:
>>
>> Then your definition of legitimate and my definition of legitimate are
>> different. And who are _we_? You most certainly are not speaking for
>> the whole group!
>
> I'm sorry for trying to be reasonable. If you're too stupid to configure
> your application correctly, then you shouldn't blame it on the software.
Trying to be reasonable? Your posting style is aggresive and
condescending. I have yet to see you post reasonable comments. And then
you call me stupid. As I explained below, it is not always a case of
configuring the software correctly. I have no problems configuring my
systems correctly.
>> Why not? I have used several utilities in the past that the author
>> released as ad-ware. Rather than charge for the software using one of
>> the 'regular' licensing models, it was made clear at the time of
>> installation that occasional advertising banners would adorn the
>> software. It did not make the software any less legitimate.
>
> This just makes it legitimate in a juristic sense. From the application
> perspective, the advertisement is superfluos stuff that doesn't benefit
> the user at all, consumes bandwidth, wastes space on the GUI and annoys.
Is ligitimate in a juristic sence not legitimate then? Maybe you should
refer to applications YOU are happy to use as 'Sebastian legitimate'?
Benefit to the user: The user has an application that they may not have
otherwise had. The author gats paid, the user gets free-to-use software.
>> Normally it is. It is only when software is *specifically* written to
>> bypass/ disable host-based packet filters that is isn't.
>
> Such as Real Player, who considers such blocking as a network error and
> tries to bypass it? Like Adobe License Manager, who uses raw sockets
> because it detects that something is broken in the NDIS LSP layer?
> Beside that, most implementations are horribly broken. Not to mention
> stupid defaults like allowing access to Internet Explorer, Outlook
> Express, MSN Messenger, ...
Well done. You have named two applications that are written to attempt
to bypass host-based packet filters. Now, if you had any kind of idea of
how a properly configured installation of AtGuard works, you would know
that both bypasses would not work with AtGuard. Did I mention OE, IE etc.?
>> Because occasionally, the functionality required comes from software
>> that does to fit into your utopian view of computer use.
> ?
To explain myself better. In your utopian view of computer usage, no-one
would want to use ANY software that did not comply with the 'Sebastian'
view of software. That is, software that had configurabe options for
every concievabe function of the software. We are not all you, however
much you may want it.
As I mentioned before, there is a legitimate purpose for using a
host-based packet filter such as AtGuard. Your aggresive refusal to
accept this and deriding of anyone who uses such a tool is
counter-productive. Only your general knowledge of the subject matter
puts you (slightly) above the position of group troll.
Bogwitch.
Bogwitch wrote:
> As I explained below, it is not always a case of configuring the software
> correctly.
As long as you cannot present any case of a legitimate software that is not
supposed to communicate via network, can be configured to not do so, but
actually does (in violation of the configuration), it will always be.
> Is ligitimate in a juristic sence not legitimate then?
Is that even a question? Of course there's a huge difference between law and
moral. Do you think that the Iraq war is legitimate just because it is
juristically legitimate?
> Benefit to the user: The user has an application that they may not have
> otherwise had.
Nonsense. Free alternatives exists. Beside that, as long as there's no
explicit need for the software, this would be no benefit at all.
> The author gats paid, the user gets free-to-use software.
Who cares for the author?
> Well done. You have named two applications that are written to attempt
> to bypass host-based packet filters. Now, if you had any kind of idea of
> how a properly configured installation of AtGuard works, you would know
> that both bypasses would not work with AtGuard. Did I mention OE, IE etc.?
Why don't you rather try it yourself?
Anyway, you're contradicting yourself. Any software that does not try to
bypass your strange restrictions is legitimate, but then it doesn't require
any control at all. Any software that does shouldn't be considered
legitimate, and thus control isn't effective.
Not to mention known security vulnerabilities introduced by AtGuard. Where's
the problem with running Driver Path Exerciser with the full HCT tests until
you'll find the very fine blue screen?
> To explain myself better. In your utopian view of computer usage, no-one
> would want to use ANY software that did not comply with the 'Sebastian'
> view of software. That is, software that had configurabe options for
> every concievabe function of the software. We are not all you, however
> much you may want it.
Oh, that's it. Why don't your simply tag it as "bullshit"?
> As I mentioned before, there is a legitimate purpose for using a
> host-based packet filter such as AtGuard.
Sure. But not the one you claimed, and not for such a broken implementation
like AtGuard.
> Your aggresive refusal to accept this and deriding of anyone who uses
> such a tool is counter-productive.
Your aggresive refusal to understand that additional software introduces
complexity which reduces security and therefore the explicit need to justify
that by actually verifying the proclaimed increase of security, that's the
only thing going wrong here. And especially with AtGuard you're definitely
making the system more insecure.
Sebastian G. wrote:
> Bogwitch wrote:
>
>> As I explained below, it is not always a case of configuring the software
>
> > correctly.
>
> As long as you cannot present any case of a legitimate software that is
> not supposed to communicate via network, can be configured to not do so,
> but actually does (in violation of the configuration), it will always be.
I have presented an entire *class* of software. I'm not going to go into
specifics.
>> Is ligitimate in a juristic sence not legitimate then?
>
> Is that even a question? Of course there's a huge difference between law
> and moral. Do you think that the Iraq war is legitimate just because it
> is juristically legitimate?
Iraq war != software. Not possible to compare the two. You're clutching
at straws.
>> Benefit to the user: The user has an application that they may not
>> have otherwise had.
>
> Nonsense. Free alternatives exists. Beside that, as long as there's no
> explicit need for the software, this would be no benefit at all.
Not always, and if a user installs a specific piece of software, they
have a perceived explicit need for it. I'm sure you would call them
stupid for doing so.
>> The author gats paid, the user gets free-to-use software.
> Who cares for the author?
Anyone who wants the author to continue writing software? Or have you
written all your own OS and apps?
>> Well done. You have named two applications that are written to attempt
>> to bypass host-based packet filters. Now, if you had any kind of idea
>> of how a properly configured installation of AtGuard works, you would
>> know that both bypasses would not work with AtGuard. Did I mention OE,
>> IE etc.?
>
> Why don't you rather try it yourself?
Because I don't need to. I've seen AtGuard working for many years. I
know it's strengths and weaknesses.
> Anyway, you're contradicting yourself. Any software that does not try to
> bypass your strange restrictions is legitimate, but then it doesn't
> require any control at all. Any software that does shouldn't be
> considered legitimate, and thus control isn't effective.
No, I have cited an example of a *group* of software.
> Not to mention known security vulnerabilities introduced by AtGuard.
> Where's the problem with running Driver Path Exerciser with the full HCT
> tests until you'll find the very fine blue screen?
Do you mean the Device Path Exerciser? Wow, that's really obscure. Is
that the best you can do? Please explain the security vulnerability that
introduces, citing REAL WORLD examples.
>> To explain myself better. In your utopian view of computer usage,
>> no-one would want to use ANY software that did not comply with the
>> 'Sebastian' view of software. That is, software that had configurabe
>> options for every concievabe function of the software. We are not all
>> you, however much you may want it.
>
> Oh, that's it. Why don't your simply tag it as "bullshit"?
It is what it is.
>> As I mentioned before, there is a legitimate purpose for using a
>> host-based packet filter such as AtGuard.
>
> Sure. But not the one you claimed, and not for such a broken
> implementation like AtGuard.
I was not the OP. I do agree however that the use to which the OP puts
AtGuard is legitimate. AtGuard is not so broken. It was, at it's time, a
fantastic piece of software, it is sadly no longer supported. Hence the
OP asking if there was a modern alternative that is as configurable as
AtGuard was.
>> Your aggresive refusal to accept this and deriding of anyone who uses
>> such a tool is counter-productive.
>
> Your aggresive refusal to understand that additional software introduces
> complexity which reduces security and therefore the explicit need to
> justify that by actually verifying the proclaimed increase of security,
> that's the only thing going wrong here. And especially with AtGuard
> you're definitely making the system more insecure.
Just where did I refuse to understand that introducing new software
increases complexity and *potentially* reduces security?
I am advocating the use of AtGuard (or, if a better supported product of
a similar ilk is produced) for *specific* purposes as part of a layered
security approach. Where did you get the idea that I meant anything else?
Bogwitch.
Bogwitch wrote:
> I have presented an entire *class* of software. I'm not going to go into
> specifics.
Sure you won't, since you'd find that this class is empty.
>>> Is ligitimate in a juristic sence not legitimate then?
>> Is that even a question? Of course there's a huge difference between law
>> and moral. Do you think that the Iraq war is legitimate just because it
>> is juristically legitimate?
>
> Iraq war != software. Not possible to compare the two. You're clutching
> at straws.
Now, I'm just illustrating how broken your argument is, by analogy. There is
in fact no difference between how moral and law are different on any issue,
may it be Iraq war or software.
>> Nonsense. Free alternatives exists. Beside that, as long as there's no
>> explicit need for the software, this would be no benefit at all.
>
> Not always,
Yes, always. Would also be quite non-plausible how domain-specific software
with no alternatives could be ad-ware supported. Doesn't this sound stupid
even to you?
> and if a user installs a specific piece of software, they have a perceived
> explicit need for it.
Or they're just idiots. Best example so far: Skype.
>>> The author gats paid, the user gets free-to-use software.
>
>> Who cares for the author?
>
> Anyone who wants the author to continue writing software?
And what about other authors?
> Or have you written all your own OS and apps?
Hm? Missing the logic in there...
> Because I don't need to. I've seen AtGuard working for many years. I
> know it's strengths and weaknesses.
Obviously not, and obviously you didn't bother to audit it properly. Sure
you won't see any but the obvious defects until you're actually searching
for it.
>> Anyway, you're contradicting yourself. Any software that does not try to
>> bypass your strange restrictions is legitimate, but then it doesn't
>> require any control at all. Any software that does shouldn't be
>> considered legitimate, and thus control isn't effective.
>
> No, I have cited an example of a *group* of software.
Without any (meaningful) definition.
>> Not to mention known security vulnerabilities introduced by AtGuard.
>> Where's the problem with running Driver Path Exerciser with the full HCT
>> tests until you'll find the very fine blue screen?
>
> Do you mean the Device Path Exerciser? Wow, that's really obscure. Is
> that the best you can do? Please explain the security vulnerability that
> introduces, citing REAL WORLD examples.
Buffer overflow in handling the
FsSetVolumeInformation-FsSetDirectoryInformation IOCTL in the NDIS filter
driver.
Is the best you can do ignoring everything?
>> Oh, that's it. Why don't your simply tag it as "bullshit"?
>
> It is what it is.
Right. Bullshit spelled out by you, claiming things about what other people
are thinking, just some miles away from reality, for cascading your lack or
arguments.
> I do agree however that the use to which the OP puts AtGuard is legitimate.
Unless you actually think about it.
> AtGuard is not so broken.
Is that political correctness for "horribly broken"?
> It was, at it's time, a fantastic piece of software,
Unless you took a look a any not so broken implementation.
> Just where did I refuse to understand that introducing new software
> increases complexity and *potentially* reduces security?
> I am advocating the use of AtGuard
See: you do. Advocating the use of a superfluos piece of software without
considering the implications.
> as part of a layered security approach.
Ah, the "layered security" buzzword. Of c'mon, you can do better.
Sebastian G. wrote:
>> I have presented an entire *class* of software. I'm not going to go
>> into specifics.
>
> Sure you won't, since you'd find that this class is empty.
Really? You're a fool.
>>> Nonsense. Free alternatives exists. Beside that, as long as there's
>>> no explicit need for the software, this would be no benefit at all.
>>
>> Not always,
>
> Yes, always. Would also be quite non-plausible how domain-specific
> software with no alternatives could be ad-ware supported. Doesn't this
> sound stupid even to you?
You said *FREE* alternatives. Not always.
>> and if a user installs a specific piece of software, they have a
>> perceived
>
> > explicit need for it.
>
> Or they're just idiots. Best example so far: Skype.
Once again, anyone not agreeing with you is an idiot?
>> Or have you written all your own OS and apps?
> Hm? Missing the logic in there...
Without authors, no apps. *You* don't care for authors.
>> No, I have cited an example of a *group* of software.
>
> Without any (meaningful) definition.
It is clear to all must the most narrow-minded among us.
> Buffer overflow in handling the
> FsSetVolumeInformation-FsSetDirectoryInformation IOCTL in the NDIS
> filter driver.
>
> Is the best you can do ignoring everything?
Remotely exploitable? C'mon. Refer back to the original post. This is on
an individuals workstation.
>> I do agree however that the use to which the OP puts AtGuard is
>> legitimate.
>
> Unless you actually think about it.
It is you that needs to considerthe OPs situation, not just the generic
best practice as put forward by yourself.
>> AtGuard is not so broken.
>
> Is that political correctness for "horribly broken"?
No, it's not so broken as to make it insecure for relevant applications.
>> as part of a layered security approach.
>
> Ah, the "layered security" buzzword. Of c'mon, you can do better.
Again, we have had this discussion before. A layered securty approach is
not a broken approach.
Bogwitch.
Bogwitch wrote:
>> Sure you won't, since you'd find that this class is empty.
>
> Really? You're a fool.
Strange enough, no one, including you, could even state an example.
>> Yes, always. Would also be quite non-plausible how domain-specific
>> software with no alternatives could be ad-ware supported. Doesn't this
>> sound stupid even to you?
>
> You said *FREE* alternatives. Not always.
I proclaim that every software for which no free alternative exists is not
ad-ware supported.
>> Or they're just idiots. Best example so far: Skype.
>
> Once again, anyone not agreeing with you is an idiot?
No. It's simply a fact that ~90 % of all computer users are idiots wrt
computers. And those idiots typically install software without seeing any
need for it, without any reasonable evaluation of their problem and without
considering alternatives.
>>> Or have you written all your own OS and apps?
>
>> Hm? Missing the logic in there...
>
> Without authors, no apps. *You* don't care for authors.
Who said that I don't care for authors? I just don't care for specific
authors. The authors of ad-ware supported software particularly I don't care
for, for the authors of free alternatives I do.
>>> No, I have cited an example of a *group* of software.
>> Without any (meaningful) definition.
>
> It is clear to all must the most narrow-minded among us.
No. You're yourself confusing the subject. How do you define legitimacy of
software? Even though 90% of users think that software is illegitimate if it
sends data due to the user being too stupid to configure it correctly, this
definition wouldn't be reasonable at all (since the software behaves as
documented).
> Remotely exploitable?
I didn't claim that this is remotely exploitable. As if locally exploitable
wasn't worse enough, there are many other remotely exploitable security
vulnerabilities including DoS with SYN, UDP and ICMP flooding or bypassing
the filtering with overlapping IP fragments.
>>> I do agree however that the use to which the OP puts AtGuard is
>>> legitimate.
>> Unless you actually think about it.
>
> It is you that needs to considerthe OPs situation, not just the generic
> best practice as put forward by yourself.
Could it be that your argument makes no sense? The OPs situation is that his
software doesn't work as he wants due to misconfiguration. Reasonable
solution would be configuring the software correctly or simply replacing the
software with alternatives.
Trying to filter at the network stack is a rather stupid approach.
>>> AtGuard is not so broken.
>> Is that political correctness for "horribly broken"?
>
> No, it's not so broken as to make it insecure for relevant applications.
Hm? Local privilege escalation and trivial bypassing is not exactly irrelevant.
>>> as part of a layered security approach.
>> Ah, the "layered security" buzzword. Of c'mon, you can do better.
>
> Again, we have had this discussion before. A layered securty approach is
> not a broken approach.
It is. Introducing superfluos layers to address misunderstood problems
doesn't increase security, but just increases complexity. You're twisting it
with "defense in depth", which works quite differently.
Sebastian G. wrote:
>> You said *FREE* alternatives. Not always.
>
> I proclaim that every software for which no free alternative exists is
> not ad-ware supported.
Have you investigated the functionality of *EVERY* package available? If
not, you are speaking out of the top of your head.
>> Once again, anyone not agreeing with you is an idiot?
>
> No. It's simply a fact that ~90 % of all computer users are idiots wrt
> computers. And those idiots typically install software without seeing
> any need for it, without any reasonable evaluation of their problem and
> without considering alternatives.
Which leaves a sizeable 10%. (Your statistics - I would put it closer 10
99% vs. 1%)
>> Without authors, no apps. *You* don't care for authors.
>
> Who said that I don't care for authors? I just don't care for specific
> authors. The authors of ad-ware supported software particularly I don't
> care for, for the authors of free alternatives I do.
"Who cares for the author? "
>> It is clear to all must the most narrow-minded among us.
> No. You're yourself confusing the subject. How do you define legitimacy
> of software? Even though 90% of users think that software is
> illegitimate if it sends data due to the user being too stupid to
> configure it correctly, this definition wouldn't be reasonable at all
> (since the software behaves as documented).
Leaving a sizeable 10% again.
>> Remotely exploitable?
>
> I didn't claim that this is remotely exploitable. As if locally
> exploitable wasn't worse enough, there are many other remotely
> exploitable security vulnerabilities including DoS with SYN, UDP and
> ICMP flooding or bypassing the filtering with overlapping IP fragments.
And the OP was referring to his own installaiton, local escalation is
not an issue.
>> It is you that needs to considerthe OPs situation, not just the
>> generic best practice as put forward by yourself.
>
> Could it be that your argument makes no sense? The OPs situation is that
> his software doesn't work as he wants due to misconfiguration.
> Reasonable solution would be configuring the software correctly or
> simply replacing the software with alternatives.
The OP did not state what software he was using. It was your assumption
that he could not either configure his software properly or was not
using an application from the 'Sebastian' list of approved applications.
> Trying to filter at the network stack is a rather stupid approach.
But effective in certain circumstances.
>> No, it's not so broken as to make it insecure for relevant applications.
>
> Hm? Local privilege escalation and trivial bypassing is not exactly
> irrelevant.
Local escalation *IS* irrelevant on a single-usetr workstation that is
under the control of the user. This is a home installation. I would not
support the use of a host-based packet filter in a corporate environment.
>> Again, we have had this discussion before. A layered securty approach
>> is not a broken approach.
>
> It is. Introducing superfluos layers to address misunderstood problems
> doesn't increase security, but just increases complexity. You're
> twisting it with "defense in depth", which works quite differently.
The understanding of a layered approach and defence in depth is regarded
by all but the most pig-headed to be the same. It's all semantics and
not relevant to this discussion. Introducing additional layers does not
imply a misunderstanding of the problem.
Bogwitch.
"Sebastian G."
news:5i8bs5F3ncbivU1@mid.dfncis.de...
> Is that even a question? Of course there's a huge difference between law
> and moral.
Only because trial lawyers like John Edwards have sold their souls to the
devil in order to rape and pillage the citizens of a country by the so
called laws that these lawyers like to dream up.
Do you think that the Iraq war is legitimate
Yep, unless you want to fight the terrorists in your home town, vice over in
Iraq.
>
>> Benefit to the user: The user has an application that they may not have
>> otherwise had.
>
>
> Nonsense. Free alternatives exists. Beside that, as long as there's no
> explicit need for the software, this would be no benefit at all.
>
>> The author gats paid, the user gets free-to-use software.
>
>
> Who cares for the author?
>
>> Well done. You have named two applications that are written to attempt to
>> bypass host-based packet filters. Now, if you had any kind of idea of how
>> a properly configured installation of AtGuard works, you would know that
>> both bypasses would not work with AtGuard. Did I mention OE, IE etc.?
>
>
> Why don't you rather try it yourself?
>
> Anyway, you're contradicting yourself. Any software that does not try to
> bypass your strange restrictions is legitimate, but then it doesn't
> require any control at all. Any software that does shouldn't be considered
> legitimate, and thus control isn't effective.
>
> Not to mention known security vulnerabilities introduced by AtGuard.
> Where's the problem with running Driver Path Exerciser with the full HCT
> tests until you'll find the very fine blue screen?
>
>
>> To explain myself better. In your utopian view of computer usage, no-one
>> would want to use ANY software that did not comply with the 'Sebastian'
>> view of software. That is, software that had configurabe options for
>> every concievabe function of the software. We are not all you, however
>> much you may want it.
>
>
> Oh, that's it. Why don't your simply tag it as "bullshit"?
>
>> As I mentioned before, there is a legitimate purpose for using a
>> host-based packet filter such as AtGuard.
>
>
> Sure. But not the one you claimed, and not for such a broken
> implementation like AtGuard.
>
>> Your aggresive refusal to accept this and deriding of anyone who uses
>
> > such a tool is counter-productive.
>
> Your aggresive refusal to understand that additional software introduces
> complexity which reduces security and therefore the explicit need to
> justify that by actually verifying the proclaimed increase of security,
> that's the only thing going wrong here. And especially with AtGuard you're
> definitely making the system more insecure.
"Sebastian G."
news:5i8l3nF3ojdvtU1@mid.dfncis.de...
>>>> Or have you written all your own OS and apps?
>>
>>> Hm? Missing the logic in there...
>>
>> Without authors, no apps. *You* don't care for authors.
>
>
> Who said that I don't care for authors?
You did eariler in the thread.
Now from your posting history, you will deny this. You act just like a
sleezy lawyer with a leftist socialist bent, hitler would have loved you.
>>>> No, I have cited an example of a *group* of software.
>>> Without any (meaningful) definition.
>>
>> It is clear to all must the most narrow-minded among us.
>
>
> No.
Actually his group is quite clear.
Bogwitch wrote:
> Sebastian G. wrote:
>
>>> You said *FREE* alternatives. Not always.
>> I proclaim that every software for which no free alternative exists is
>> not ad-ware supported.
>
> Have you investigated the functionality of *EVERY* package available? If
> not, you are speaking out of the top of your head.
"Every" as in "generally every, there may be some exceptions, but they're rare."
> "Who cares for the author?"
So you have a problem understanding text...
> Leaving a sizeable 10% again.
For those 10% the problem doesn't exist.
> And the OP was referring to his own installaiton, local escalation is
> not an issue.
Now you're definitely making a fool out of yourself. The problem is malware,
and privilege separation is supposed to limit the impact upon infection.
Privilege escalation vulnerabilities directly impact this design.
> The OP did not state what software he was using. It was your assumption
> that he could not either configure his software properly
A very reasonable assumption, since there is no legitimate software that
misbehaves as described. Unless you can actually name any example.
>> Trying to filter at the network stack is a rather stupid approach.
>
> But effective in certain circumstances.
Except the one we're discussing. Or mostly any other.
>>> No, it's not so broken as to make it insecure for relevant applications.
>> Hm? Local privilege escalation and trivial bypassing is not exactly
>> irrelevant.
>
> Local escalation *IS* irrelevant on a single-usetr workstation that is
> under the control of the user.
Utter bullshit. See above.
> The understanding of a layered approach and defence in depth is regarded
> by all but the most pig-headed to be the same.
What a nonsense.
> Introducing additional layers does not imply a misunderstanding of the
> problem.
Defence in depth has nothing to do with layering, and if you had a clue
you'd understand where the difference is.
Dana wrote:
> Now from your posting history, you will deny this.
I'll just put you where you belong.
Sebastian G. wrote:
>> Have you investigated the functionality of *EVERY* package
available? >> If not, you are speaking out of the top of your head.
> "Every" as in "generally every, there may be some exceptions, but
> they're rare."
Out of interest, how many packages have you examined and how long did
each one take to examine? What was your methodology?
>> "Who cares for the author?"
>
> So you have a problem understanding text...
No, the problem is with your use of the English language.
>> Leaving a sizeable 10% again.
>
> For those 10% the problem doesn't exist.
You know them all, personally?
>> And the OP was referring to his own installaiton, local escalation is
>> not an issue.
>
> Now you're definitely making a fool out of yourself. The problem is
> malware, and privilege separation is supposed to limit the impact upon
> infection. Privilege escalation vulnerabilities directly impact this
> design.
Cite one piexce of malware that uses a priv. escalation in Atguard.
>> The OP did not state what software he was using. It was your
>> assumption that he could not either configure his software properly
>
> A very reasonable assumption, since there is no legitimate software that
> misbehaves as described. Unless you can actually name any example.
Apart from the entire class of ad-ware. I do not need to cite examples.
The fact there is a clas, that you are aware of indicates there is
software in this class.
>>> Trying to filter at the network stack is a rather stupid approach.
>>
>> But effective in certain circumstances.
>
> Except the one we're discussing. Or mostly any other.
Particularly the one we're discussing. Your solution of 'not using that
software' is not a solution. It is risk avoidance vs risk reduction.
>> The understanding of a layered approach and defence in depth is
>> regarded by all but the most pig-headed to be the same.
>
> What a nonsense.
Why?
>> Introducing additional layers does not imply a misunderstanding of the
>> problem.
>
> Defence in depth has nothing to do with layering, and if you had a clue
> you'd understand where the difference is.
I have a clue. I work in the REAL WORLD. Your posting history suggests
you do not. At least you have an unrealistic expectation as to how users
will use their systems.
Bogwitch.
Bogwitch wrote:
> Out of interest, how many packages have you examined
Didn't count, but it were many. Ranging from XML Editors over resource
management software, network sniffers, scripting language implementation (do
you know how many Python implementations are out there?) to computer algebra
systems.
> and how long did each one take to examine?
Depending on the functionality and the results ranged from seconds till
weeks (long term testing).
> What was your methodology?
Well, what do you think? Collecting information, testing on a test machine,
careful analysis, and potentially long term testing.
F.e. Wehntrust, and ASLR implementation for Windows, breaks about once in
10000 processes. Now if your shell script is spawning one process for each
500 files, iterating over 2 mio. files...
>>> "Who cares for the author?"
>> So you have a problem understanding text...
>
> No, the problem is with your use of the English language.
Doubtful. "the author" is singular, not plural. So why the hell should I
care for the author of an ad-ware supported software if other authors write
free and better alternatives?
>>> Leaving a sizeable 10% again.
>> For those 10% the problem doesn't exist.
>
> You know them all, personally?
Why should I? It's a matter of definition.
> Cite one piexce of malware that uses a priv. escalation in Atguard.
Agobot/Gaobot
Anyway, even without any example it would be generally true.
>>> The OP did not state what software he was using. It was your
>>> assumption that he could not either configure his software properly
>> A very reasonable assumption, since there is no legitimate software that
>> misbehaves as described. Unless you can actually name any example.
>
> Apart from the entire class of ad-ware.
Ad-ware is not legitimate software. Unless you want to stick with your
unreasonable definitions.
>>>> Trying to filter at the network stack is a rather stupid approach.
>>> But effective in certain circumstances.
>> Except the one we're discussing. Or mostly any other.
>
> Particularly the one we're discussing.
Since ad-ware is not legitimate, you can't reasonably expect it to not
bypass your filter. In fact, even if you're coming up with your strange
redefinition this expectation doesn't change at all (thereby debunking your
definition).
Even further, any sane implementation of ad-ware will disable the associated
software if it can't download the advertisement.
> Your solution of 'not using that software' is not a solution.
It is. Trivially.
>>> The understanding of a layered approach and defence in depth is
>>> regarded by all but the most pig-headed to be the same.
>> What a nonsense.
>
> Why?
Because it's entirely different. And, as I told you, "layered security" is a
common buzzword for selling an entirely different concept than "defence in
depth", but trying to inherit the good fame of the latter by simple confusion.
>>> Introducing additional layers does not imply a misunderstanding of the
>>> problem.
>> Defence in depth has nothing to do with layering, and if you had a clue
>> you'd understand where the difference is.
>
> I have a clue. I work in the REAL WORLD. Your posting history suggests
> you do not.
That's what I should tell to you. But then again, you're a dickhead. A
dickhead who doesn't even consider to inform himself what defense in depth
actually means and how it's different from the buzzword "layered security",
even though he has been pointed on his misconception.
> At least you have an unrealistic expectation as to how users
> will use their systems.
Huh? Obviously quite the contrary. I do expect very much that the stupid has
done something stupid, does something stupid and will do something stupid.
You're suggesting that adding software that actually supports his stupidity
would help him. Unless we made a damn huge improvement in AI recently, this
is obviously nonsense.
At any rate, there's no chance that whatever the stupid user is thinking
would be suitable for a reasonable definition, or that redefining his stupid
behaviour into reasonable usage criteria would be productive in any way.
Sorry, but if you're running with admin rights and then install malware
you're hosed and it's simply your fault.
Sebastian G. wrote:
>> and how long did each one take to examine?
>
> Depending on the functionality and the results ranged from seconds till
> weeks (long term testing).
For you to have tested 'Generally every' package available to any
reliable depth would take an inordinate amount of time. You are a liar.
>>>> Leaving a sizeable 10% again.
>>> For those 10% the problem doesn't exist.
>> You know them all, personally?
> Why should I? It's a matter of definition.
Your definition is wrong.
>> Cite one piexce of malware that uses a priv. escalation in Atguard.
> Agobot/Gaobot
Bollocks. You know full well that it is not priv. escalation that agobot
performs. It simply attempts to disable the software.
> Ad-ware is not legitimate software. Unless you want to stick with your
> unreasonable definitions.
My definition os not unreasonable.
> Since ad-ware is not legitimate, you can't reasonably expect it to not
> bypass your filter. In fact, even if you're coming up with your strange
> redefinition this expectation doesn't change at all (thereby debunking
> your definition).
Ad-ware is not per-se illegitimate, only in your world.
>> Your solution of 'not using that software' is not a solution.
> It is. Trivially.
Not if it provides a function not provided by other software.
> Because it's entirely different. And, as I told you, "layered security"
> is a common buzzword for selling an entirely different concept than
> "defence in depth", but trying to inherit the good fame of the latter by
> simple confusion.
It is not entirely different. Layered security is a subset of
defence-in-depth.
>> I have a clue. I work in the REAL WORLD. Your posting history suggests
>> you do not.
> That's what I should tell to you. But then again, you're a dickhead. A
> dickhead who doesn't even consider to inform himself what defense in
> depth actually means and how it's different from the buzzword "layered
> security", even though he has been pointed on his misconception.
Resorting to personal insults? Quite sad really.
> Sorry, but if you're running with admin rights and then install malware
> you're hosed and it's simply your fault.
Yes, but where in the thread was that suggested?
Bogwitch.
Bogwitch wrote:
> For you to have tested 'Generally every' package available to any
> reliable depth would take an inordinate amount of time. You are a liar.
No, you're just stupid. Just like no-one has ever tested every toast with
jam on the world, you can still reasonably assume that they all fall down
with the jam side on the bottom.
>>>>> Leaving a sizeable 10% again.
>>>> For those 10% the problem doesn't exist.
>>> You know them all, personally?
>
>> Why should I? It's a matter of definition.
>
> Your definition is wrong.
What a nonsense. You want to define a problem that doesn't exist from
nowhere, blaming it exactly on those who don't consider it as a problem.
>>> Cite one piexce of malware that uses a priv. escalation in Atguard.
>
>> Agobot/Gaobot
>
> Bollocks. You know full well that it is not priv. escalation that agobot
> performs. It simply attempts to disable the software.
If you don't know what you're talking about, please just shut up.
Agobot/Gaobot is an open-source malware with literally thousand of available
plugins and the trivial possibility to implement your own plugins. I can
assure you that there are multiple plugins available for generic privilege
escalation for all kinds of driver bugs, including the one mentioned.
>>> Your solution of 'not using that software' is not a solution.
>
>> It is. Trivially.
>
> Not if it provides a function not provided by other software.
We're talking about common ad-ware supported software. This doesn't even
nearby fall into alternative-less software. Your claim is very unplausible.
>> Because it's entirely different. And, as I told you, "layered security"
>> is a common buzzword for selling an entirely different concept than
>> "defence in depth", but trying to inherit the good fame of the latter by
>> simple confusion.
>
> It is not entirely different. Layered security is a subset of
> defence-in-depth.
Bullshit. Layered security doesn't provide defence-in-depth, since breaking
one layer is sufficient to break the entire system (and that's why you have
to avoid adding unnecessary "layers").
>> Sorry, but if you're running with admin rights and then install malware
>> you're hosed and it's simply your fault.
>
> Yes, but where in the thread was that suggested?
By you. You claimed that common stupidities (like not configuring software
correctly, consider bullshit/ad-ware as legitimate) should be regarded as
basic parts of reasonable definition. According to that, milk is produced
like cola and the world was created about 6000 years ago.
Sebastian G. wrote:
> No, you're just stupid. Just like no-one has ever tested every toast
> with jam on the world, you can still reasonably assume that they all
> fall down with the jam side on the bottom.
Total shite, irrelevant and wrong.
> We're talking about common ad-ware supported software. This doesn't even
> nearby fall into alternative-less software. Your claim is very unplausible.
Please, alternatives != free alternatives. You're changing the goalposts
to fit your flawed arguement.
>>> Because it's entirely different. And, as I told you, "layered
>>> security" is a common buzzword for selling an entirely different
>>> concept than "defence in depth", but trying to inherit the good fame
>>> of the latter by simple confusion.
>>
>> It is not entirely different. Layered security is a subset of
>> defence-in-depth.
Each layer addresses a particular issue that other layers do not. In
this case, it will block communication from software that is otherwise
not configurable. Why is that such a difficult concept for you to grasp?
>>> Sorry, but if you're running with admin rights and then install
>>> malware you're hosed and it's simply your fault.
>>
>> Yes, but where in the thread was that suggested?
>
> By you. You claimed that common stupidities (like not configuring
> software correctly, consider bullshit/ad-ware as legitimate) should be
> regarded as basic parts of reasonable definition.
On the one hand your babbling on about unlikely priv. escalation and on
the other your talking about running with admin rights. You continue to
twist the realities of the situation to provide fuel for your own arguments.
> According to that,
> milk is produced like cola and the world was created about 6000 years ago.
? Oh, I see. Your mental.
Bogwitch.
Bogwitch wrote:
> Sebastian G. wrote:
>
>> No, you're just stupid. Just like no-one has ever tested every toast
>> with jam on the world, you can still reasonably assume that they all
>> fall down with the jam side on the bottom.
>
> Total shite, irrelevant and wrong.
Expect that it's a scientific fact, can be well explained with simply
newtonian physic and is just another way I'm trying to tell you that you're
talking nonsense, and that reasonable assumptions take place instead of your
"test every possible implementation" crap shouting.
>> We're talking about common ad-ware supported software. This doesn't even
>> nearby fall into alternative-less software. Your claim is very unplausible.
>
> Please, alternatives != free alternatives. You're changing the goalposts
> to fit your flawed arguement.
No, you're just riding on miniscolous details based on simply shortage.
> Each layer addresses a particular issue that other layers do not.
And defense-in-depth is something completely different. Beside that, even
your description is flawed: Layered security typically doesn't involve
separation of tasks.
> In this case, it will block communication from software that is otherwise
> not configurable.
Or it won't, because it can't, since it addresses a non-problem at the wrong
place.
> Why is that such a difficult concept for you to grasp?
Because it's utter nonsense. Just like Web 2.0.
>> By you. You claimed that common stupidities (like not configuring
>> software correctly, consider bullshit/ad-ware as legitimate) should be
>> regarded as basic parts of reasonable definition.
>
> On the one hand your babbling on about unlikely priv. escalation and on
> the other your talking about running with admin rights. You continue to
> twist the realities of the situation to provide fuel for your own arguments.
Hm? Isn't it exactly you who has now started mixing these things?
>> According to that,
>> milk is produced like cola and the world was created about 6000 years ago.
>
> ? Oh, I see. Your mental.
I'm mental because I'm exposing how stupid the things are that *you*'re
claiming?
>
> Bogwitch.
Sebastian G. wrote:
>> Total shite, irrelevant and wrong.
>
> Expect that it's a scientific fact, can be well explained with simply
> newtonian physic and is just another way I'm trying to tell you that
> you're talking nonsense, and that reasonable assumptions take place
> instead of your "test every possible implementation" crap shouting.
It was you that said you had tested '"Every" as in "generally every,
there may be some exceptions, but they're rare."' And the vast majority
of toast does not fall jam side down. It depends on so many factors as
to make your assertation completely flawed. Where are you getting your
science? Mythbusters?
>> Please, alternatives != free alternatives. You're changing the
>> goalposts to fit your flawed arguement.
>
> No, you're just riding on miniscolous details based on simply shortage.
A shortage that is addressed by some ad-ware. Yuo may choose not to run
such software but you do not control what software other people run as
much as you might like to.
> And defense-in-depth is something completely different. Beside that,
> even your description is flawed: Layered security typically doesn't
> involve separation of tasks.
Typically doesn't. But does in this case.
>> In this case, it will block communication from software that is
>> otherwise not configurable.
>
> Or it won't, because it can't, since it addresses a non-problem at the
> wrong place.
But it does. Witnessed by myself and many others.
>> Why is that such a difficult concept for you to grasp?
>
> Because it's utter nonsense. Just like Web 2.0.
Apples and oranges. You keep throwing in irrelevancies to support your
flailing argument.
> Hm? Isn't it exactly you who has now started mixing these things?
No.
>>> According to that, milk is produced like cola and the world was
>>> created about 6000 years ago.
>>
>> ? Oh, I see. Your mental.
>
> I'm mental because I'm exposing how stupid the things are that *you*'re
> claiming?
No, you're mental for introducing such unrelated concepts in an attempt
to obscure your pathetic argument.
Bogwitch.