(Msg. 25) Posted: Thu Jul 17, 2008 9:29 am
Post subject: Re: Firewall etc [Login to view extended thread Info.] Archived from groups: microsoft>public>windows>vista>security (more info?)
"Chappy" <Chappy.RemoveThis@discussions.microsoft.com> wrote in message
news:3D2BB516-1282-44C1-8963-D2DC6848CE55@microsoft.com...
>
> Actually, about as much as anybody has said around here, but Kerry had to
> throw that he's an MVP for 3 years so he's a security pro
No - re read his post. he said "I manage network security for three
companies as a living". the bit about being MVP was thrown in as an extra.
(Msg. 26) Posted: Thu Jul 17, 2008 11:49 am
Post subject: Re: Firewall etc [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
>What I don't understand tho is the absolutely maniacal and almost violent
>hatred of any 3rd party firewalls?
What I don't understand is the almost religious admiration for a
security concept which is broken already by design.
>If you don't remember, the firewall in Windows was purchased from a 3rd
>party and embedded into Windows, it was NOT designed by MS engineers!! Are
>you all saying that other engineers can't design and build a useful & secure
>firewall?
No. If you ask me, I'm saying the designers of the MS firewall,
whoever they might be, made a clever design choice to not waste code
on useless trials.
And don't come up with "ooh - but the Vista FW does outbound control,
so they changed their minds" because the outbound control of Vista is
different and builds on the overall security enhancements of the OS
compared to XP, W2K etc.
> I think they may have something to say about that, especially
>considering that they do very well in unsponsored testing facilities.
>Are you also saying that these testing facilities are full of it or don't
>know what they're doing?
No. But if you take matousec as an example (since you mentioned them
yourself), they do try to sell their knowledge (both in general and
also about specific FW vulnerabilities) to vendors. So calling them
"un sponsored" may be a bit over the top.
If by "other testing facilities" you refer to computer magazines etc.
making product tests, please have in mind that they seldom have the
needed deep skills to actually look under the hood of such products to
test if they actually do what they claim to do. They mostly test and
compare the "look and feel" user experience and come up with
"recommendations" based on that. They also probably aren't going to be
too harsh on potential advertisers, so...
To be honest, if I was selling firewall software, I would prioritize a
light weight user friendly experience over hard core security -
because what makes sense in a B2C market place does not necessarily go
hand in hand with what makes sense in terms of security.
Just for the record, I have no problem with matousec or the work they
do except that they unfortunately help promote the idea that host
based outbound control makes sense. That said, I consider them to be
skilled guys.
>In a way, I almost agree with you about all the other forms of protection
>that even Comodo firewall has. In fact, I have most of that turned off and
>use it basically as a packet filtering solution, I don't need all the HIPS
>and hook alerts because I know what I'm doing,
That's the whole point. If you understand what this stuff actually
means, you don't really need it.
>just as you others do too. But we all know the majority of users haven't
>the time or opportunity to learn what we have, so they can benefit from
>the higher forms of protections these products can offer besides simply
>being a filtering interface.
I disagree entirely. The majority of users don't have the slightest
idea how to correctly deal with such pop-ups.
> We can harden our systems without (as you put it) having someone protect
>Us from Us, we don't have poor habits and we know better.
>But 80% of todays users just don't have that knowledge
And believing that pop-ups containing technical nonsense and
misinformation is of any help to that segment is the only reason why
there is a market for these products in the first place.
(Msg. 27) Posted: Thu Jul 17, 2008 6:01 pm
Post subject: Re: Firewall etc [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Chappy" <Chappy.TakeThisOut@discussions.microsoft.com> wrote in message
news:3E4B6465-ADD7-4CE6-9573-019EC823D2EC@microsoft.com...
>
>
>>
>> If you think I was tuff on you, you post this nonsense to
>
>
> Tuff?
> That's a laugher
>
> What I don't understand tho is the absolutely maniacal and almost violent
> hatred of any 3rd party firewalls?
I don't hate them as long as they are kept in their proper prosective of
being a persone packet filter with no fluff.
> If you don't remember, the firewall in Windows was purchased from a 3rd
> party and embedded into Windows, it was NOT designed by MS engineers!!
Who cares about that? The solution has hooks into the O/S that no 3rd party
solution can match.
> Are
> you all saying that other engineers can't design and build a useful &
> secure
> firewall?
For the 1 millon times more, the solutions you talk about are NOT FIREWALLS.
> I think they may have something to say about that, especially
> considering that they do very well in unsponsored testing facilities.
> Are you also saying that these testing facilities are full of it or don't
> know what they're doing?
To strike the fear into people that think that they need some kind of
complicated solution with snake oil in it, when all is needed is a simple
packet? Yes I do think that they put too much snake oil in the solutions.
> I would ask where would we be without those unsponsored testing facilities
> doing the job of sorting out the good from the bad for us. I can't imagine
> having to run our own tests on AV and other security software and I don't
> think you'd relish that thought either, so we depend on those who've
> decided
> to make a living from it to do this for us.
That's you not me. I look at the log on a FW or personal packet filter to
view unsolicited inbound packets that have been blocked and outbound packets
being send out due to a solicitation or no solicitation.
>
> I'm certainly NOT against MS, in fact I stand up for their efforts against
> allot of MS bashers, I know how difficult it is to make something this
> complex perfect...it aint gonna happen. Just because I think another
> company's firewall offers me better protection and an opportunity to
> configure advanced rules to suit my needs, doesn't mean I hate the Windows
> firewall or any other part of it. I'm sure there's things in Windows you
> don't like either.
I can do the same thing with the Vista packet filter, that is , to create
filtering rules for inbound or outbound packets, based on port, protocol, IP
or subnet.
I can do the same thing with IPsec as well.
That's the only thing that counts is one can set advanced packet filtering
rules. I don't need the solution to be doing anything else.
> But I am entitled to my opinion just as you to yours, and I never hold
> yours
> against you or call your decisions foolish. You have your reasons for your
> decision and I mine. You can attempt to get others to listen to your
> advice,
> and I can attempt to do the same, but we allow them to make the final
> decision based on whatever information we can provide for our respective
> points of view
..
About this, pfft!
>
> You can find a dozen sites that say Win Firewall Rox...and I can list a
> dozen that says differently...so what. It's up to the end user to decide
> which suits their needs best.
I say pfft to this too.
> If Windows starts embedding an AV app, is
> everyone all of a sudden idiots if they stay with another proven product?
I say pfft too this too.
> certainly hope not, so why the big deal over their firewall, which again
> was
> written by others outside of the MS family...proving that there are in
> fact
> some intelligent and competent engineers out there writing software
> solutions
> that can do the job.
No one said they were not competent, as long as the keep the basic rules of
a paket filter filtering packets.
>
> We could go forever replying to little snippets of each others posts and
> still make no headway, it's simply a waste of all of our time and
> energies.
> Despite your arguments to the contrary, there are perfectly good, secure
> and
> well designed firewall solutions out there ans MANY other people use these
> products with excellent results. If you get excellent results from your
> product, well that's excellent and more power to you, but don't go nutzoid
> on
> others for their choice of solution.
I am going to tell you once again that what you're taking about are NOT FW
solutions. What you're talking about DO NOT fit nor do they fall into the
category of being FW SOLUTIONS.
>
> In a way, I almost agree with you about all the other forms of protection
> that even Comodo firewall has. In fact, I have most of that turned off and
> use it basically as a packet filtering solution, I don't need all the HIPS
> and hook alerts because I know what I'm doing, just as you others do too.
And I know what I doing also, and whatever little features beyond packet
filtering rules in the solution, I don't need.
> But
> we all know the majority of users haven't the time or opportunity to learn
> what we have, so they can benefit from the higher forms of protections
> these
> products can offer besides simply being a filtering interface.
And what they don't need is some solution telling them what they need to do
forcing them to make decisions.
>We can harden
> our systems without (as you put it) having someone protect Us from Us, we
> don't have poor habits and we know better.
What they need to learn is safe hex computing habits. The link is not for
you, but it is for others that may be reading this post.
> But 80% of todays users just don't
> have that knowledge and that's where those of us that do, come in to help
> them as best we can. And in my opinion, and a few others too, most casual
> users can benefit from the enhanced forms of protections that some of
> these
> other solutions can offer them.
I disagree because all they are doing is leaning on the security blanket
like a crutch, when they should be learning what to do. This is what
separates Linux users from MS users in some cases.
> They need something that in it's default
> configuration can keep them protected from themselves since they have no
> idea
> how to take advantage of advanced configuration.
Once malware hits the machine and is executed, it' over to begin with, and
no packet filtering solutions are going to stop it in their default state.
What they need to learn is how to take it out of its default state.
<snipped>
What users need to do is understand what an exploit is about, take the
proper tools and go look at what's happening, and not lean on the solutions
you talk about like a crutch, which I don't even do with what's' running on
Vista such its packet filter or IPsec. I look around for myself from time to
time, and I let nothing tell me it's okay dokey.
The link is not for you, but for others that may be reading this posts.
CurrPort instead Active Port and put a short-cut in the start-up so you can
look at connections being made at the boot and login. This is one of the
places that malware can beat your 3rd party solutions, because malware can
beat the solutions and get to the network connection before your solutions
are up and running to protect the connection. This is not so with Vista's
packet filter.
(Msg. 28) Posted: Thu Jul 17, 2008 10:09 pm
Post subject: Re: Firewall etc [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
While we're on the subject of these so-called firewalls, I'm reminded of
the old saw about increasing security by adding software.
We have already seen what can happen when security software tries
to do too much - AV's have actually reduced security in the form of
supporting worms. They grab incoming email and extract attachment
data - decompress the zipfile it represents - only to find it has been
crafted to exploit the decompression routine by overflowing a buffer.
So, maybe nobody wrote a worm for any of these exploits, but that
is not the point.
What happens when so-called firewalls (actually just applications)
Start looking for everything that could possibly be part of a data
leak attack. My bet is that they will prove to be more trouble than
they are worth. The more software you have, the greater your risk
of software flaws being exploited. Even more so if said software is
running. Even more so if it faces the web.
"Kerry Brown" <kerry.RemoveThis@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:OVATmRB6IHA.1280@TK2MSFTNGP02.phx.gbl...
> "Chappy" <Chappy.RemoveThis@discussions.microsoft.com> wrote in message
> news:3D2BB516-1282-44C1-8963-D2DC6848CE55@microsoft.com...
>>
>> Actually, about as much as anybody has said around here, but Kerry had to
>> throw that he's an MVP for 3 years so he's a security pro.
>> Well, like I said I don't usually bring this up but I do have a few
>> letters
>> that lend credibility to my computer skills too, it's call a "Doctorate
>> Degree", Professor of Computer Science and "Assistant Dean of Sciences,
>> Computer Science", University of ******.
>> I dunno...does that qualify me as a "Pro" also??
>>
>
>
> You intimated that security pros endorse 3rd party firewalls and Commodo
> in particular. I was pointing out that I am a security pro who thinks
> otherwise.
>
> Since you pointed out you have some technical skills can you tell me the
> answer to this question. How would a firewall running in an OS detect a
> rootkit that has it's own TCP/IP stack completely independent of the OS?
> For that matter can a software firewall detect that it's running on a
> virtual machine with several other OS's running in virtual machines all
> using the same NIC? Don't you think that malware may use similar methods?
> If someone pwns your computer there is no way you can stop them from
> communicating outbound with software running on that same computer. You
> can make it hard but you can't stop them.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/ > http://vistahelpca.blogspot.com/ >
>
>
>
"FromTheRafters" <Erratic RemoveThis @ne.rr.com> wrote in message
news:egEfStH6IHA.4352@TK2MSFTNGP03.phx.gbl...
> While we're on the subject of these so-called firewalls, I'm reminded of
> the old saw about increasing security by adding software.
>
> We have already seen what can happen when security software tries
> to do too much - AV's have actually reduced security in the form of
> supporting worms. They grab incoming email and extract attachment
> data - decompress the zipfile it represents - only to find it has been
> crafted to exploit the decompression routine by overflowing a buffer.
> So, maybe nobody wrote a worm for any of these exploits, but that
> is not the point.
>
> What happens when so-called firewalls (actually just applications)
> Start looking for everything that could possibly be part of a data
> leak attack. My bet is that they will prove to be more trouble than
> they are worth. The more software you have, the greater your risk
> of software flaws being exploited. Even more so if said software is
> running. Even more so if it faces the web.
>
> "Kerry Brown" <kerry RemoveThis @kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:OVATmRB6IHA.1280@TK2MSFTNGP02.phx.gbl...
>> "Chappy" <Chappy RemoveThis @discussions.microsoft.com> wrote in message
>> news:3D2BB516-1282-44C1-8963-D2DC6848CE55@microsoft.com...
>>>
>>> Actually, about as much as anybody has said around here, but Kerry had
>>> to
>>> throw that he's an MVP for 3 years so he's a security pro.
>>> Well, like I said I don't usually bring this up but I do have a few
>>> letters
>>> that lend credibility to my computer skills too, it's call a "Doctorate
>>> Degree", Professor of Computer Science and "Assistant Dean of Sciences,
>>> Computer Science", University of ******.
>>> I dunno...does that qualify me as a "Pro" also??
>>>
>>
>>
>> You intimated that security pros endorse 3rd party firewalls and Commodo
>> in particular. I was pointing out that I am a security pro who thinks
>> otherwise.
>>
>> Since you pointed out you have some technical skills can you tell me the
>> answer to this question. How would a firewall running in an OS detect a
>> rootkit that has it's own TCP/IP stack completely independent of the OS?
>> For that matter can a software firewall detect that it's running on a
>> virtual machine with several other OS's running in virtual machines all
>> using the same NIC? Don't you think that malware may use similar methods?
>> If someone pwns your computer there is no way you can stop them from
>> communicating outbound with software running on that same computer. You
>> can make it hard but you can't stop them.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/ >> http://vistahelpca.blogspot.com/ >>
>>
>>
>>
>
(Msg. 31) Posted: Fri Jul 18, 2008 4:51 pm
Post subject: Re: Firewall etc [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Root Kit" <b__nice DeleteThis @hotmail.com> wrote in message
news:lcb1849a408g3n6tarb49rf0nl1r8a1mba@4ax.com...
> On Thu, 17 Jul 2008 19:25:06 -0700, "Kerry Brown"
> <kerry DeleteThis @kdbNOSPAMsys-tems.c*a*m> wrote:
>
>>That's a very good point. At least one popular personal firewall has been
>>found to have buffer overflow problems in the past.
>
> You make it sound like such issues are rare. They aren't
All times are: Eastern Time (US & Canada) (change) Goto page Previous1, 2, 3, 4
Page 4 of 4
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows Vista