Guest AndyHancock Posted April 20, 2008 Posted April 20, 2008 After much web searching, it seems that anyone who has used older firewalls (e.g Kerio, Sygate) will have been annoyed by messages like "Generic Host Process for Win32 Services from your computer wants to connect to some.changing.ip.address", or some outgoing ping (icmp). The remote destination ip address often resolves to Microsoft or some large content provider. The application that is doing this is always nondescriptly described as svchost or tcpip kernel driver. Possible causes are Windows update checker, Symantec, or possibly McAfee. I know that Kerio will specify the full path of the executable trying to connect out in some cases, so I'm not sure this information is so elusive for these messages. Avast and Diskeeper connections to outside are certainly reported more specifically than the above. From the aforementioned web searching, such details are not elusive to Kerio users. This makes it impossible to maintain a decent set of firewall rules. I've already disabled automatic windows updates, got rid of symantec, and such messages continue to occur, though less often. How do the more experienced maintainers of home firewalls deal with this lack of detail in tightening up their firewall rules? I have, and use, Spybot S&D. I'm hoping that there is a general appraoch that doesn't entail that a user spend much less than 50% of his or her computer time dealing with the security aspects. Currently, the figure is well in excess of 50%, which really raises the question of whether it is reasonable to convert to Luddite-ism. Thanks! Quote
Guest Steve Riley [MSFT] Posted April 21, 2008 Posted April 21, 2008 > How do the more experienced maintainers of home firewalls deal with<span style="color:blue"> > this lack of detail in tightening up their firewall rules?</span> Easy-- don't use personal firewalls that nag you all the time. If you're following basic safe computing practices (keep your software updated, anti-malware programs updated, and don't run as admin), then the firewall built in to Windows is all that you need. A firewall's job is to watch your network port and block inbound traffic that you didn't ask for. It's not the job of a firewall to try to watch every single outbound connection. Indeed, smart malware knows how to avoid these kinds of firewalls anyway. I've written extensively about this in the past; see http://technet.microsoft.com/en-us/magazine/cc138010.aspx. -- Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "AndyHancock" <AndyMHancock@gmail.com> wrote in message news:b83e5223-a6e4-4de1-8e9f-51a4547094ca@8g2000hse.googlegroups.com...<span style="color:blue"> > After much web searching, it seems that anyone who has used older > firewalls (e.g Kerio, Sygate) will have been annoyed by messages like > "Generic Host Process for Win32 Services from your computer wants to > connect to some.changing.ip.address", or some outgoing ping (icmp). > The remote destination ip address often resolves to Microsoft or some > large content provider. The application that is doing this is always > nondescriptly described as svchost or tcpip kernel driver. Possible > causes are Windows update checker, Symantec, or possibly McAfee. I > know that Kerio will specify the full path of the executable trying to > connect out in some cases, so I'm not sure this information is so > elusive for these messages. Avast and Diskeeper connections to > outside are certainly reported more specifically than the above. From > the aforementioned web searching, such details are not elusive to > Kerio users. This makes it impossible to maintain a decent set of > firewall rules. I've already disabled automatic windows updates, got > rid of symantec, and such messages continue to occur, though less > often. > > How do the more experienced maintainers of home firewalls deal with > this lack of detail in tightening up their firewall rules? I have, > and use, Spybot S&D. I'm hoping that there is a general appraoch that > doesn't entail that a user spend much less than 50% of his or her > computer time dealing with the security aspects. Currently, the > figure is well in excess of 50%, which really raises the question of > whether it is reasonable to convert to Luddite-ism. > > Thanks! </span> Quote
Guest AndyHancock Posted April 22, 2008 Posted April 22, 2008 Yes, I was thinking that a builtin firewall would be handy because it would recognize all the things that are legit. And won't bug the user. However, I'm using Windows 2000. As far as I know, I need a third party firewall. On Apr 20, 10:41 pm, "Steve Riley [MSFT]" <steve.ri...@microsoft.com> wrote:<span style="color:blue"><span style="color:green"> > > How do the more experienced maintainers of home firewalls deal with > > this lack of detail in tightening up their firewall rules?</span> > > Easy-- don't use personal firewalls that nag you all the time. If you're > following basic safe computing practices (keep your software updated, > anti-malware programs updated, and don't run as admin), then the firewall > built in to Windows is all that you need. A firewall's job is to watch your > network port and block inbound traffic that you didn't ask for. It's not the > job of a firewall to try to watch every single outbound connection. Indeed, > smart malware knows how to avoid these kinds of firewalls anyway. I've > written extensively about this in the past; seehttp://technet.microsoft.com/en-us/magazine/cc138010.aspx. > steve.ri...@microsoft.comhttp://blogs.technet.com/sterileyhttp://www.protectyourwindowsnetwork.com > > "AndyHancock" <AndyMHanc...@gmail.com> wrote in message > > news:b83e5223-a6e4-4de1-8e9f-51a4547094ca@8g2000hse.googlegroups.com... ><span style="color:green"> > > After much web searching, it seems that anyone who has used older > > firewalls (e.g Kerio, Sygate) will have been annoyed by messages like > > "Generic Host Process for Win32 Services from your computer wants to > > connect to some.changing.ip.address", or some outgoing ping (icmp). > > The remote destination ip address often resolves to Microsoft or some > > large content provider. The application that is doing this is always > > nondescriptly described as svchost or tcpip kernel driver. Possible > > causes are Windows update checker, Symantec, or possibly McAfee. I > > know that Kerio will specify the full path of the executable trying to > > connect out in some cases, so I'm not sure this information is so > > elusive for these messages. Avast and Diskeeper connections to > > outside are certainly reported more specifically than the above. From > > the aforementioned web searching, such details are not elusive to > > Kerio users. This makes it impossible to maintain a decent set of > > firewall rules. I've already disabled automatic windows updates, got > > rid of symantec, and such messages continue to occur, though less > > often.</span> ><span style="color:green"> > > How do the more experienced maintainers of home firewalls deal with > > this lack of detail in tightening up their firewall rules? I have, > > and use, Spybot S&D. I'm hoping that there is a general appraoch that > > doesn't entail that a user spend much less than 50% of his or her > > computer time dealing with the security aspects. Currently, the > > figure is well in excess of 50%, which really raises the question of > > whether it is reasonable to convert to Luddite-ism.</span> ><span style="color:green"> > > Thanks!</span></span> Quote
Guest Steve Riley [MSFT] Posted April 22, 2008 Posted April 22, 2008 Correct, Windows 2000 doesn't have a built-in firewall. But, you know, you really should switch to at least Windows XP and be sure to install service pack 3 on it when it becomes available on 29 April. If your hardware supports it, go to Vista. Windows 2000 is really too old to be safe these days. -- Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "AndyHancock" <AndyMHancock@gmail.com> wrote in message news:b82fb398-63d1-412f-b26d-ad03eb9dd3f0@f63g2000hsf.googlegroups.com...<span style="color:blue"> > Yes, I was thinking that a builtin firewall would be handy because it > would recognize all the things that are legit. And won't bug the > user. However, I'm using Windows 2000. As far as I know, I need a > third party firewall. > > > On Apr 20, 10:41 pm, "Steve Riley [MSFT]" <steve.ri...@microsoft.com> > wrote:<span style="color:green"><span style="color:darkred"> >> > How do the more experienced maintainers of home firewalls deal with >> > this lack of detail in tightening up their firewall rules?</span> >> >> Easy-- don't use personal firewalls that nag you all the time. If you're >> following basic safe computing practices (keep your software updated, >> anti-malware programs updated, and don't run as admin), then the firewall >> built in to Windows is all that you need. A firewall's job is to watch >> your >> network port and block inbound traffic that you didn't ask for. It's not >> the >> job of a firewall to try to watch every single outbound connection. >> Indeed, >> smart malware knows how to avoid these kinds of firewalls anyway. I've >> written extensively about this in the past; >> seehttp://technet.microsoft.com/en-us/magazine/cc138010.aspx. >> steve.ri...@microsoft.comhttp://blogs.technet.com/sterileyhttp://www.protectyourwindowsnetwork.com</span></span> Quote
Guest AndyHancock Posted April 23, 2008 Posted April 23, 2008 It takes alot of resources. This machine runs at several hundred MHz, has several hundred MB RAM, and the hard disk runs at some forty-something hundred RPM. It's also missing some of the standard peripheral interface taken for granted these days. Of course, if I ever get another machine, XP it shall be, but with luck, it won't happen soon. On Apr 21, 11:39 pm, "Steve Riley [MSFT]" <steve.ri...@microsoft.com> wrote:<span style="color:blue"> > Correct, Windows 2000 doesn't have a built-in firewall. But, you > know, you really should switch to at least Windows XP and be sure to > install service pack 3 on it when it becomes available on 29 April. > If your hardware supports it, go to Vista. Windows 2000 is really > too old to be safe these days. > > "AndyHancock" <AndyMHanc...@gmail.com> wrote in message > news:b82fb398-63d1-412f-b26d-ad03eb9dd3f0@f63g2000hsf.googlegroups.com...<span style="color:green"> >> >> Yes, I was thinking that a builtin firewall would be handy because >> it would recognize all the things that are legit. And won't bug >> the user. However, I'm using Windows 2000. As far as I know, I >> need a third party firewall. >> >> On Apr 20, 10:41 pm, "Steve Riley [MSFT]" >> <steve.ri...@microsoft.com> wrote:<span style="color:darkred"> >>> > How do the more experienced maintainers of home firewalls deal >>> > with this lack of detail in tightening up their firewall rules? >>> >>> Easy-- don't use personal firewalls that nag you all the time. If >>> you're following basic safe computing practices (keep your >>> software updated, anti-malware programs updated, and don't run as >>> admin), then the firewall built in to Windows is all that you >>> need. A firewall's job is to watch your network port and block >>> inbound traffic that you didn't ask for. It's not the job of a >>> firewall to try to watch every single outbound connection. >>> Indeed, smart malware knows how to avoid these kinds of firewalls >>> anyway. I've written extensively about this in the past; >>> seehttp://technet.microsoft.com/en-us/magazine/cc138010.aspx. >>> steve.ri...@microsoft.comhttp://blogs.technet.com/sterileyhttp://www.protectyourwindowsnetwork...</span></span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.