SW firewall speed drop :-(
in [Firewalls]
|
From: Ansgar -59cobalt- Wiechers on 1 Nov 2007 19:31 goarilla <"kevin DOT paulus AT skynet DOT be"> wrote: > Ansgar -59cobalt- Wiechers wrote: >> Lars-Erik �sterud <.@.> wrote: >>>> If you have Windows XP: the Windows-Firewall. >>> >>> But that can't check outgoing programs? >> >> Of course not. That would be pointless anyway. > > why ? Because firewalls can't do that reliably. Whatever Malware you're trying to stop from communicating: it's already running and can thus bypass your measures. The only way to reliably stop malware from communicating is to stop it from being run in the first place. Which is done by Software Restriction Policies or AV software, not personal firewalls. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Sebastian G. on 1 Nov 2007 20:36 Lars-Erik �sterud wrote: > Sebastian G. wrote: > >> It gets parsed only once. It's the lookup time that goes up when combining >> it with the caching. > > But why doesn't the lookup time go up with the DNS client disabled? > The "hosts" files is still searched (entries in it still does work). > > I find it strange that lookup is slower WITH the DNS client. Weird. That's not weird at all. Just think through what the DNS client does when it receives a request from a program: 1. look it up in the HOSTS lists. If found, return the entry. 2. look it up in the cache. If found, return the entry. 3. query the primary DNS resolver for the entry 4. return the entry 5. if the reply was recursive or redirected, check if the entry isn't already on the HOSTS list 6. store the entry it in the cache Without the caching: 1. look it up in the HOSTS lists. If found, return the entry. 2. query the primary DNS resolver for the entry 3. return the entry As you can see, for some code pathes the computitional effort for finding an entry is bigger with caching. Going through a large HOSTS file is essentially implemented as a linear list search. One could do better, but it's not optimized for the scenario BECAUSE ONLY IDIOTS ABUSE THE HOSTS FILE FOR SOMETHING THAT SHOULD BE DONE WITHIN THE APPLICATION OR AT LEAST AT A PROPER PACKET FILTER.
From: John Adams on 5 Nov 2007 14:13 Ansgar -59cobalt- Wiechers wrote: > Of course not. That would be pointless anyway. > > cu > 59cobalt If it's completely pointless then why did Mircosoft implement the ability to block outgoing progs in Vista?
From: Sebastian G. on 5 Nov 2007 14:17 John Adams wrote: > Ansgar -59cobalt- Wiechers wrote: > >> Of course not. That would be pointless anyway. >> >> cu >> 59cobalt > > If it's completely pointless then why did Mircosoft implement the > ability to block outgoing progs in Vista? For the sake of completeness, not for security. And, of course, because users demand it. Microsoft is a corporation, and thus their primary purpose is to make money. Even further, their official corporation motto is "Writing software for making money". Thus, it's their best interests to keep user happy by implementing their suggestions even though they're actually futile, particularly stupid and even pissing off some professional users (like f.e. crippling Raw Sockets on XP SP2, which forced the WinPCap team to use the legacy Win98 sockets support code path for XPSP2).
From: John Adams on 5 Nov 2007 14:19
Sebastian G. wrote: >It simply > doesn't work. Works for me. I get loads of ads blocked thanks to my hosts file. It's not just to help block malware. |