From: Kayman on 24 Nov 2007 18:34 On Sat, 24 Nov 2007 09:19:53 -0700, Ken Blake, MVP wrote: > > However many knowledgeable people feel that monitoring outbound > traffic adds little or nothing to the effectiveness of the firewall. Including: Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I Security Program Manager Microsoft Corporation http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx Steve Riley, a senior security strategist in the Microsoft Trustworthy Computing Group and contributing editor for TechNet Magazine, jets around the world to speak at conferences and spend time with customers to help them get and stay secure. http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx Scroll down to: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe." Steve Gibson, Firewall LeakTesting. http://www.grc.com/sn/SN-105.htm Excerpts: Leo Laporte: "So the leaktest is kind of pointless." Steve Gibson: "Well,yes,... Leo: "So are you saying that there's no point in doing a leaktest anymore?" Steve: "Well, it's why I have not taken the trouble to update mine, because you..." Leo: "You can't test enough". Steve: "Well, yeah. Leo: "Right. Very interesting stuff. I guess that - my sense is, if you can't test for leaks, a software-based firewall is kind of essentially worthless." > I'm personally not convinced that either point of view is absolutely > right, but as a precaution, I use the free ZA in addition to what my > router does. My guess is that any extra protection I'm adding is > slight, but on the other hand, the hit on performance by having it > running appears to be slight too. > Maker of PFW, A realistic assessment with respect to 3rd party PFW from a respectable software manufacturer 2007-08-07. http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall Excerpts: [quote] ....we have some reservations about personal firewall "leak testing" in general. While we appreciate and support the unique value of independent security testing, we are admittedly skeptical as to just how meaningful these leak tests really are, especially as they reflect real-world environments. The key assumption of "leak testing" -- namely, that it is somehow useful to measure the outbound protection provided by personal firewalls in cases where malware has already executed on the test box -- strikes us as a questionable basis on which to build a security assessment. Today's malware is so malicious and cleverly designed that it is often safest to regard PCs as so thoroughly compromised that nothing on the box can be trusted once the malware executes. In short, "leak testing" starts after the game is already lost, as the malware has already gotten past the inbound firewall protection. Moreover, "leak testing" is predicated on the further assumption that personal firewalls should warn users about outbound connections even when the involved code components are not demonstrably malicious or suspicious (as is the case with the simulator programs used for "leak testing"). In fact, this kind of program design risks pop-up fatigue in users, effectively lowering the overall security of the system -- the reason developers are increasingly shunning this design for security applications. [unquote] 'nuff said :) -- Security is a process not a product. (Bruce Schneier)
From: Kayman on 24 Nov 2007 19:41 On Sat, 24 Nov 2007 14:57:44 -0800 (PST), Gerald Vogt wrote: > > Honestly, I would recommend to reinstall Windows from scratch and > learn a little about computer security and how to keep your computer > secure by what you DO instead of what you INSTALL. Hear, hear!!!! > It is not so complicated and still human beings are more intelligent than some > piece of software. Precisely, education is the key! > It is possible to run a computer without any firewall running and without > getting infected with malware. Hear, hear!!! > But obviously, this last statement does not sell good that's why you find a lot > of opposite (well sponsored) statements. Also referred to: 'Blinded by advertisement' :) > At the current stage I doubt you will be able to get any of those > firewalls removed from your system without damage to the system... Agree, he won't! -- Security is a process not a product. (Bruce Schneier)
From: Kayman on 24 Nov 2007 19:57 On Sat, 24 Nov 2007 11:31:59 GMT, Luis Ortega wrote: > My Zone Alarm Pro firewall subscription expires in a few days and I recently > bought a Norton Internet Security 2008 package that contains a firewall. > I currently have the Norton firewall turned off and just use the Zone Alarm > Pro firewall. 1.) http://zonealarm.donhoover.net/uninstall.html 2.) A number of experts agree that the retail AV version of McAfee, Norton and Trend Micro has become cumbersome and bloated for the average user. The retail version of Norton can play havoc with your pc. Uninstall it using Norton's own uninstall tool http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 and get a refund :) As suggested on the site, you may wish to print out the directions before proceeding. Or http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html While Norton's removal tool usually gets the job done, you may also want to go to: http://www.snapfiles.com/get/winsockxpfix.html and download a copy of winsockxpfix just in case. Rarely, the removal of NIS breakes the networking components in XP to the point where internet access is impossible. This little utility will fix it back up. If the Norton removal tool doesn't work satisfactory use this: Revo Uninstaller Freeware - Remove unwanted programs and traces easily http://www.revouninstaller.com/ and/or RegSeeker http://www.hoverdesk.net/freeware.htm RegSeeker will remove all associated detritus (registry keys,files and folders) from any application. I found this application user friendly and very effective but suggest *not* to use the 'Clean the Registry' option. Click onto 'Find in registry' and in the 'Search for' box type *Norton*; The pertinent registry keys can then be safely deleted (just in case, ensure that the 'Backup before deletion' is checked). Repeat the task by typing in the Search for' box *Symantec*. You can then go on search and remove associated files as well. Then use NTREGOPT to compact the registry; Follow instructions. http://www.larshederer.homepage.t-online.de/erunt > I don't use the Win XP firewall because I heard that it's not a good idea to > have several firewall on at the same time. That's correct, steer way from any PFW aka Phoney-Baloney ware and/or Illussion ware. In conjunction with WinXP SP2 Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) OR Configuring NT-services much more secure. http://www.ntsvcfg.de/ntsvcfg_eng.html > We get internet through a Belkin pre-N wireless router that is supposed to > have some sort of firewall built in and that one is turned on. > My computer connects to the router with an ethernet cable and my son's > computer uses a Belkin N usb wireless adapter. They both have the same > current setup I describe regarding firewalls. > Can anyone please advise on whether the Zone Alarm Pro firewall is any > better than the Norton firewall in my situation? I'd recomment neither. > Should I renew the Zone Alarm Pro subscription or uninstall it when it > expires and turn on the Norton firewall? No! Consider this: 1. Do not work as administrator, use limtited user account (LUA) for day-to-day work. 2. Keep your system (and all software on it) patched/updated. 3. Review use of IE and OE. 4. Don't expose services to public networks. 5. For inspirational reading go to: http://home20.inet.tele.dk/b_nice/index.htm Good luck :) -- Security is a process not a product. (Bruce Schneier)
From: Poprivet on 24 Nov 2007 20:35 Whaaat? Sober up! Gerald Vogt wrote: > On Nov 25, 12:49 am, "Luis Ortega" <lort...(a)ntlworld.com> wrote: >> Thanks. My understanding of router firewalls is that they only block >> incoming traffic and if there is some malware on the system then >> outgoing stuff is not blocked. Is that correct? > > Correct. But software firewalls only detect outgoing traffic if the > malware is so nice/dumb to be detected. And even if it is detected and > something is blocked it does not mean it does not send anything out > because there are various ways to send something out even with a > firewall installed (through your browser, through DNS, etc. all things > you use and need to browse the internet for instance.) > > It would be more effective for your overall security if you have > learned how to prevent malware on your computer in the first place. > And this mostly depends on what you do and not with some security > software you install. > > Gerald
From: Gerald Vogt on 24 Nov 2007 22:26
On Nov 25, 10:35 am, "Poprivet" <popri...(a)devnull.spamcop.net> wrote: > Whaaat? Sober up! Good argument. Very convincing... Gerald |