FIREWALL CHECK

July 27, 2008

I need some help please. I have Windows Vista Home Premium and Norton

Internet Security 2008.

When I try to log onto the Internet, I get a firewall check. I reply:

(1) disable the (Windows) firewall,

(2) don't perform this check again.

But this check reappears every time I try to log onto the Internet.

How do I stop this message reappearing?

July 27, 2008

Richard wrote:

> I need some help please. I have Windows Vista Home Premium and Norton

> Internet Security 2008.

> When I try to log onto the Internet, I get a firewall check. I reply:

> (1) disable the (Windows) firewall,

> (2) don't perform this check again.

> But this check reappears every time I try to log onto the Internet.

> How do I stop this message reappearing?

At some point in the future you will be forced to completely remove

Norton, it is the single worst piece of junk ever sold for the PC.

McAfee is no better really.

By default the Windows firewall causes little trouble, but to isolate

the problem you need to go into the Norton Settings and disable it all,

work back from there. Actually it would be better to uninstall Norton

completely but you MUST follow their instructions and use their removal

tool because otherwise trying to uninstall it will likely trash your

system. This is quite deliberate on their part to stop you from getting

rid of it.

July 27, 2008

"Charlie Tame" <charlie@tames.net> wrote in message

news:OwzqLu%237IHA.4928@TK2MSFTNGP05.phx.gbl...

> Richard wrote:

>> I need some help please. I have Windows Vista Home Premium and Norton

>> Internet Security 2008.

>> When I try to log onto the Internet, I get a firewall check. I reply:

>> (1) disable the (Windows) firewall,

>> (2) don't perform this check again.

>> But this check reappears every time I try to log onto the Internet.

>> How do I stop this message reappearing?

>

> At some point in the future you will be forced to completely remove

> Norton, it is the single worst piece of junk ever sold for the PC. McAfee

> is no better really.

>

> By default the Windows firewall causes little trouble, but to isolate the

> problem you need to go into the Norton Settings and disable it all, work

> back from there. Actually it would be better to uninstall Norton

> completely but you MUST follow their instructions and use their removal

> tool because otherwise trying to uninstall it will likely trash your

> system. This is quite deliberate on their part to stop you from getting

> rid of it.

They make a removal tool to stop you from getting rid of it?

Are you insane?

style_emoticons/)

July 27, 2008

Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Richard" <Richard@discussions.microsoft.com> wrote in message news:256FECFD-A818-44A7-A689-2882D94E1FE0@microsoft.com...

>I need some help please. I have Windows Vista Home Premium and Norton

> Internet Security 2008.

> When I try to log onto the Internet, I get a firewall check. I reply:

> (1) disable the (Windows) firewall,

> (2) don't perform this check again.

> But this check reappears every time I try to log onto the Internet.

> How do I stop this message reappearing?

July 28, 2008

On Sun, 27 Jul 2008 05:57:00 -0700, Richard wrote:

> I need some help please. I have Windows Vista Home Premium and Norton

> Internet Security 2008.

> When I try to log onto the Internet, I get a firewall check. I reply:

> (1) disable the (Windows) firewall,

> (2) don't perform this check again.

> But this check reappears every time I try to log onto the Internet.

> How do I stop this message reappearing?

A number of experts agree that the retail AV version of McAfee, Norton and

Trend Micro has become cumbersome and bloated for the average user.

The major Norton criticisms are related to stability and footprint, the

most common problem being slow-downs because of the massive system

resources Norton hogs. There are products on the market with equal or

better test results than Symantec's products, consuming less resources at a

lower price (even free ones).

The retail version of Norton can play havoc with your pc. Uninstall it

using Norton's own uninstall tool:

Download and run the Norton Removal Tool and try to get a refund:

http://service1.symantec.com/SUPPORT/tsgen...005033108162039

The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003

products and Norton 360 from your computer.

You are not going to find anything better than the Vista FW and Vista in

itself due to the advanced features the FW and Vista are using.

Jesper's Blogs-

At Least This Snake Oil Is Free.

http://msinfluentials.com/blogs/jesper/arc...il-is-free.aspx

Windows Firewall: the best new security feature in Vista?

http://blogs.technet.com/jesper_johansson/.../01/426921.aspx

Exploring The Windows Firewall.

http://www.microsoft.com/technet/technetma...ll/default.aspx

"If you try to block outbound connections from a computer thatÃ¢â‚¬â„¢s already

compromised, how can you be sure that the computer is really doing what you

ask? The answer: you canÃ¢â‚¬â„¢t. Outbound protection is security theaterÃ¢â‚¬â€itÃ¢â‚¬â„¢s a

gimmick that only gives the impression of improving your security without

doing anything that actually does improve your security. This is why

outbound protection didnÃ¢â‚¬â„¢t exist in the Windows XP firewall and why it

doesnÃ¢â‚¬â„¢t exist in the Windows VistaÃ¢â€žÂ¢ firewall."

Managing the Windows Vista Firewall

http://technet.microsoft.com/en-us/magazine/cc510323.aspx

Tap into the Vista firewall's advanced configuration features

http://articles.techrepublic.com.com/5100-10877-6098592.html

"...once you discover the secret of accessing its advanced configuration

settings via the MMC snap-in, you'll find it to be far more configurable

and functional. At last, Windows comes with a sophisticated personal

firewall that can be used to set up outbound rules as well as inbound, with

the ability to customize rules to fit your precise needs."

Or

Configure Vista Firewall to support outbound packet filtering

http://searchwindowssecurity.techtarget.co...1247138,00.html

Or

Vista Firewall Control (Free versions available).

Protects your applications from undesirable network incoming and outgoing

activity, controls applications internet access.

http://sphinx-soft.com/Vista/

The free version may be all you need, check the comparisons under

the "Download and Buy" link.

Real-time AV applications - for viral malware.

Do not utilize more than one (1) real-time anti-virus scanning engine!

Disable the e-mail scanning function during installation (Custom

Installation on some AV apps.) as it provides no additional protection.

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail

http://thundercloud.net/infoave/tutorials/...nning/index.htm

Viral Irony: The Most Common Cause of Corruption.

http://www.microsoft.com/windows/IE/commun...corruption.mspx

Avira AntiVirÃ‚Â® Personal - FREE Antivirus

http://www.free-av.com/

You may wish to consider removing the 'AntiVir Nagscreen'

http://www.elitekiller.com/files/disable_antivir_nag.htm

or

Free antivirus - avast! 4 Home Edition

It includes ANTI-SPYWARE protection, certified by the West Coast Labs

Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class

GMER technology.

http://www.avast.com/eng/avast_4_home.html

(Choose Custom Installation and under Resident

Protection, uncheck: Internet Mail and Outlook/Exchange.)

or

AVG Anti-Virus Free Edition

http://free.grisoft.com/

(Choose custom install and untick the email scanner plugin.)

or

ESET NOD32 Antivirus - Not Free

http://www.eset.com/

or

KasperskyÃ‚Â® Anti-Virus 7.0 - Not Free

http://www.kaspersky.com/homeuser

and (optional but highly recommendable)

On-demand AV applications.

(add them to your arsenal and use them as a "second opinion" av scanner).

David H. Lipman's MULTI_AV Tool

http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:

http://www.raymond.cc/blog/archives/2008/0...virus-for-free/

Additional Instructions:

http://pcdid.com/Multi_AV.htm

and/or

Kaspersky's AVPTool

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

There's no updating involved since the scanning engine is updated

several times a day and you simply download the updated scanner whenever

you want to do a scan.

Dr.Web CureIt!Ã‚Â® Utility - FREE

http://www.freedrweb.com/cureit/

MalwarebytesÃ‚Â© Corporation - Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Note: It is Free for private use. Just download (do NOT buy) and install.

A-S applications - for non-viral malware.

The effectiveness of an individual A-S scanners can be wide-ranging and

oftentimes a collection of scanners is best. There isn't one software that

cleans and immunizes you against everything. That's why you need multiple

products to do the job i.e. overlap their coverage - one may catch what

another may miss, (grab'em all).

SuperAntispyware - Free

http://www.superantispyware.com/superantis...efreevspro.html

and

Ad-Aware 2007 - Free

http://www.lavasoftusa.com/products/ad_aware_free.php

http://www.download.com/3000-2144-10045910.html

and

Spybot Search & Destroy - Free

http://www.safer-networking.org/en/download/index.html

and

Windows Defender - Free (build-in in Vista)

http://www.microsoft.com/athome/security/s...re/default.mspx

WD monitors the start-registry and hooks registers/files to prevent spyware

and worms to install to the OS.

Interesting reading:

http://www.pcworld.com/article/id,136195/article.html

"...Windows Defender did excel in behavior-based protection, which detects

changes to key areas of the system without having to know anything about

the actual threat."

After the software is updated, it is suggested scanning the system in Safe

Mode.

A clarification on the terminology: the word "malware" is short for

"malicious software." Most Anti-Virus applications detect many types of

malware such as viruses, worms, trojans, etc.

What AV applications usually don't detect is "non-viral" malware, and the

term "non-viral malware" is normally used to refer to things like spyware

and adware.

Good luck style_emoticons/

July 28, 2008

Peter Foldes wrote:

> Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

>

????????? I can accept that there is an argument as to whether it is

adequate or not (I'm clearly on the "It's not!" camp), but I've NEVER

heard it rated as better than any other firewall!!!

What do you base this statement on??

--

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

July 28, 2008

On Mon, 28 Jul 2008 05:05:19 -0400, "Hank Arnold (MVP)"

<rasilon@aol.com> wrote:

>Peter Foldes wrote:

>> Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

>>

>

>????????? I can accept that there is an argument as to whether it is

>adequate or not (I'm clearly on the "It's not!" camp), but I've NEVER

>heard it rated as better than any other firewall!!!

>

>What do you base this statement on??

This is the same guy who last week told someone that a failing CMOS

battery was the probably cause of a system clock losing time during

the day while it was powered-up with Windows running.

July 28, 2008

On Mon, 28 Jul 2008 05:05:19 -0400, Hank Arnold (MVP) wrote:

> Peter Foldes wrote:

>> Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

>>

>

> ????????? I can accept that there is an argument as to whether it is

> adequate or not (I'm clearly on the "It's not!" camp), but I've NEVER

> heard it rated as better than any other firewall!!!

Peter said: "any 3rd party Firewall" and most probably referred

specifically to 3rd party software personal firewalls (PFW).

> What do you base this statement on??

I can't speak for Peter but there are credible reports in circulation

confirming his assertion. The reports are not commercially sponsored.

BTW, test reports conducted by some firewall testing organizations used to

test the Windows Firewall for outbound traffic control (a function which

never ever was incorporated) and compared it with 3rd party f/w apps.

July 28, 2008

On Mon, 28 Jul 2008 18:05:58 +0700, Kayman

<kaymanDeleteThis@operamail.com> wrote:

>

>Peter said: "any 3rd party Firewall" and most probably referred

>specifically to 3rd party software personal firewalls (PFW).

>> What do you base this statement on??

>

>I can't speak for Peter but there are credible reports in circulation

>confirming his assertion. The reports are not commercially sponsored.

I think you need to be a little more definitive on what reports to

make the claim you did. Lots of reports (in many industries) make

claims but when you examine their testing criteria and methods you

come to other conclusions.

>BTW, test reports conducted by some firewall testing organizations used to

>test the Windows Firewall for outbound traffic control (a function which

>never ever was incorporated) and compared it with 3rd party f/w apps.

Which is why you want a real personal FireWall like Zone Alarm. If you

have a router in place with NAT and WPA with a good password, inbound

is of relatively limited concern. Outbound, OTOH, not only prevents MS

programs and others from calling home for no apparent reason, but

helps identify when an evil program has infected your system and is

attempting net access. These issues are much more of a concern than

inbound access.

July 29, 2008

"+Bob+" <uctraing@ultranet.com> wrote in message

news:ogls845buie0u0gltl06bevu8sn6g1kjv5@4ax.com...

> On Mon, 28 Jul 2008 18:05:58 +0700, Kayman

> <kaymanDeleteThis@operamail.com> wrote:

>

>>

>>Peter said: "any 3rd party Firewall" and most probably referred

>>specifically to 3rd party software personal firewalls (PFW).

>

>>> What do you base this statement on??

>>

>>I can't speak for Peter but there are credible reports in circulation

>>confirming his assertion. The reports are not commercially sponsored.

>

> I think you need to be a little more definitive on what reports to

> make the claim you did. Lots of reports (in many industries) make

> claims but when you examine their testing criteria and methods you

> come to other conclusions.

>

>>BTW, test reports conducted by some firewall testing organizations used to

>>test the Windows Firewall for outbound traffic control (a function which

>>never ever was incorporated) and compared it with 3rd party f/w apps.

>

> Which is why you want a real personal FireWall like Zone Alarm. If you

> have a router in place with NAT and WPA with a good password, inbound

> is of relatively limited concern. Outbound, OTOH, not only prevents MS

> programs and others from calling home for no apparent reason, but

> helps identify when an evil program has infected your system and is

> attempting net access. These issues are much more of a concern than

> inbound access.

>

And they can cut through the snake-oil crap in ZA or any other solution like

ZA like a hot knife through butter. The job of a personal FW (it's not a

FW)/packet filter is stop unsolicited inbound packets, by default, from

reaching services and the O/S running on the machine and to prevent outbound

packets from leaving the machine, by setting packet filtering by port

TCP/UDP, protocol -- HTTP, FTP, ICMP, etc, etc, IP, subnet mask or domain

for inbound and outbound traffic.

The job of the personal FW/packet filter has been blown up out of

proportion, and it's not a malware solution, trying to protect you from you

that it cannot do. That's snake-oil and candy technology in them as a home

user security blanket giving a false sense of security.

http://www.securityfocus.com/infocus/1840

There are other ways, that one can cut through the crap snake-oil like

Application Control in PFW(S). Another way is to beat the PFW(S) to the

network connection during the boot process before the PFW service is even up

and running. It has done its thing and is done before the PFW could even

know that it has happened.

July 29, 2008

Hello Hank

From personal testing (usage). I have tried a few 3rd party ones and aside from bloating and the obvious cost they are no better than the Firewall supplied by Windows.

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Hank Arnold (MVP)" <rasilon@aol.com> wrote in message news:uE46SEJ8IHA.4988@TK2MSFTNGP04.phx.gbl...

> Peter Foldes wrote:

>> Get rid of Norton. The Windows Firewall is far better than any 3rd party Firewall

>>

>

> ????????? I can accept that there is an argument as to whether it is

> adequate or not (I'm clearly on the "It's not!" camp), but I've NEVER

> heard it rated as better than any other firewall!!!

>

> What do you base this statement on??

>

> --

>

> Regards,

> Hank Arnold

> Microsoft MVP

> Windows Server - Directory Services

July 29, 2008

"+Bob+" <uctraing@ultranet.com> wrote in message

news:ogls845buie0u0gltl06bevu8sn6g1kjv5@4ax.com...

> On Mon, 28 Jul 2008 18:05:58 +0700, Kayman

> <kaymanDeleteThis@operamail.com> wrote:

>

>>

>>Peter said: "any 3rd party Firewall" and most probably referred

>>specifically to 3rd party software personal firewalls (PFW).

>

>>> What do you base this statement on??

>>

>>I can't speak for Peter but there are credible reports in circulation

>>confirming his assertion. The reports are not commercially sponsored.

>

> I think you need to be a little more definitive on what reports to

> make the claim you did. Lots of reports (in many industries) make

> claims but when you examine their testing criteria and methods you

> come to other conclusions.

>

>>BTW, test reports conducted by some firewall testing organizations used to

>>test the Windows Firewall for outbound traffic control (a function which

>>never ever was incorporated) and compared it with 3rd party f/w apps.

>

> Which is why you want a real personal FireWall like Zone Alarm. If you

> have a router in place with NAT and WPA with a good password, inbound

> is of relatively limited concern. Outbound, OTOH, not only prevents MS

> programs and others from calling home for no apparent reason, but

> helps identify when an evil program has infected your system and is

> attempting net access. These issues are much more of a concern than

> inbound access.

Once you have an "evil program" executing on your machine, the

game is over. That is unless it is a very lame "evil program". The

firewall application would now be running on a system that can't

be trusted - and so itself can't be trusted even if it tells you it can

be trusted.

IOW a false sense of security exists whether or not the machine

is compromised.

July 29, 2008

On Mon, 28 Jul 2008 21:16:31 -0400, "FromTheRafters"

<erratic@ne.rr.com> wrote:

>Once you have an "evil program" executing on your machine, the

>game is over. That is unless it is a very lame "evil program". The

>firewall application would now be running on a system that can't

>be trusted - and so itself can't be trusted even if it tells you it can

>be trusted.

I agree that some programs can work towards beating your outbound

firewall - but on a practical basis, it catches quite a few. Some is

better than none.

>IOW a false sense of security exists whether or not the machine

>is compromised.

99.99% of users have a false sense of security. THat's why so many of

their machines get infected. An outbound firewall is one more layer

that can help identify problems.

July 29, 2008

"+Bob+" <uctraing@ultranet.com> wrote in message

news:r67t84dc3fpef5drvti8kvl06l9gvmujav@4ax.com...

> On Mon, 28 Jul 2008 21:16:31 -0400, "FromTheRafters"

> <erratic@ne.rr.com> wrote:

>

> 99.99% of users have a false sense of security. THat's why so many of

> their machines get infected. An outbound firewall is one more layer

> that can help identify problems.

>

Application control in PFW(s) is not outbound control. It's application

control, which should be under the control of the O/S. The buck stops with

the O/S not the PFW/packet filter. If the O/S can be fooled, then anything

that runs with the O/S can be easily fooled too.

Any of today's PFW(s)/personal packet filter even Vista's FW/packet filter

has the ability to stop outbound packets from leaving the machine by setting

outbound packet filtering rules. The stuff you're talking about has no

business trying to do application control. Their job is to act as packet

filter.

99.99% of users don't have a false sense of security. 99.99% of users don't

know what security is about period. 99.99% of them if a message comes up

into their face to allow or disallow something, they flat out don't know the

circumstances as to why it's even happening.

So, they stop something like Svchost.exe from accessing the network.

Svchost.exe is not the one that wants access. Svchost.exe only host

something, a program, that wants the access. So, they stop Svchost.exe this

time never knowing what they really needed to stop. Then they turn around

and allow Svchost.exe to access the network, and then the exploit now has

its shot to get out un-detected, piggy backing of that instance of

Svchost.exe that was granted access.

July 29, 2008

On Tue, 29 Jul 2008 00:33:55 -0400, +Bob+ wrote:

> On Mon, 28 Jul 2008 21:16:31 -0400, "FromTheRafters"

> <erratic@ne.rr.com> wrote:

>

>>Once you have an "evil program" executing on your machine, the

>>game is over. That is unless it is a very lame "evil program". The

>>firewall application would now be running on a system that can't

>>be trusted - and so itself can't be trusted even if it tells you it can

>>be trusted.

>

> I agree that some programs can work towards beating your outbound

> firewall - but on a practical basis, it catches quite a few. Some is

> better than none.

What is there to 'catch'. Since malware already has/is manipulating your OS

the game is lost[PERIOD]!

>>IOW a false sense of security exists whether or not the machine

>>is compromised.

>

> 99.99% of users have a false sense of security.

And 99.99% of quoted statistics are made up on the spot...

> THat's why so many of their machines get infected.

No, unsafe browsing and relying on Phony-Baloney Ware such as 3rd party

software (so-called) firewalls aka Illusion Ware gets you in hot water.

> An outbound firewall is one more layer that can help identify problems.

Relying on this layer is precisely what gives you this false sense of

security.

Educate yourself, Google can assist.

BTW, ever wondered why nobody responded to your WLM query?

July 29, 2008

"+Bob+" <uctraing@ultranet.com> wrote in message

news:r67t84dc3fpef5drvti8kvl06l9gvmujav@4ax.com...

> On Mon, 28 Jul 2008 21:16:31 -0400, "FromTheRafters"

> <erratic@ne.rr.com> wrote:

>

>>Once you have an "evil program" executing on your machine, the

>>game is over. That is unless it is a very lame "evil program". The

>>firewall application would now be running on a system that can't

>>be trusted - and so itself can't be trusted even if it tells you it can

>>be trusted.

>

> I agree that some programs can work towards beating your outbound

> firewall - but on a practical basis, it catches quite a few. Some is

> better than none.

As an aside, would you feel safe with an antivirus that recognizes

"quite a few" viruses? True, some is better than none, but the

idea that only the lame ones will be caught would not give me the

warm fuzzy feeling that personal firewall applications seem to promise

the user.

>>IOW a false sense of security exists whether or not the machine

>>is compromised.

>

> 99.99% of users have a false sense of security.

....and 90% of those achieve it without additional software running

on their machine telling them how safe they are.

> THat's why so many of

> their machines get infected. An outbound firewall is one more layer

> that can help identify problems.

I agree that they are not completely useless.

July 30, 2008

On Tue, 29 Jul 2008 08:17:45 -0400, "FromTheRafters"

<erratic@ne.rr.com> wrote:

>> I agree that some programs can work towards beating your outbound

>> firewall - but on a practical basis, it catches quite a few. Some is

>> better than none.

>

>As an aside, would you feel safe with an antivirus that recognizes

>"quite a few" viruses? True, some is better than none, but the

>idea that only the lame ones will be caught would not give me the

>warm fuzzy feeling that personal firewall applications seem to promise

>the user.

But the point be argued here is having an outbound firewall vs. none

at all (windows firewall).

No A/V solution will catch everything. Add a few layers - an extra

non-unobtrusive, non-performance impacting layer that can help is

worth it, IMHO.

>...and 90% of those achieve it without additional software running

>on their machine telling them how safe they are.

When has an outbound firewall ever done anything to make the 99% feel

safe? Most of them don't even know it's there until it reports

something. They feel safe thorough ignorance of the dangers, not

knowledge of the solutions.

July 30, 2008

"+Bob+" <uctraing@ultranet.com> wrote in message

news:8e6194tfd4b07ms82r6gqi0qmup24qnbee@4ax.com...

>

> But the point be argued here is having an outbound firewall vs. none

> at all (windows firewall).

Once again, will someone tell this person what outbound packet filtering

means, which Vista has outbound packet filtering. What he is talking about

is application control, which are two differnt things and is snake-oil.

July 30, 2008

On Tue, 29 Jul 2008 15:50:09 +0700, Kayman

<kaymanDeleteThis@operamail.com> wrote:

>> I agree that some programs can work towards beating your outbound

>> firewall - but on a practical basis, it catches quite a few. Some is

>> better than none.

>

>What is there to 'catch'. Since malware already has/is manipulating your OS

>the game is lost[PERIOD]!

>

Nonsense. Not all malware is sharp enough to avoid firewall detection.

Not all malware infections are lost cases. Repair is possible quite

often. The earlier the problem is detected, the higher the probability

for repair. There are enough malware schemes that don't avoid the

firewall that it is worth using one. PERIOD.

Museums have sophisticated security systems. Nonetheless, criminals

get through them and steal valuable items fairly consistently. Do the

museums throw up their arms and say "we won't bother with an alarm

system since there are _some_ people who can beat it". No, they

install a security system that keeps out the large majority of

potential thieves, recognizing that no system is perfect.

>> THat's why so many of their machines get infected.

>

>No, unsafe browsing and relying on Phony-Baloney Ware such as 3rd party

>software (so-called) firewalls aka Illusion Ware gets you in hot water.

The fact that some people have an illusion of safety does not negate

the increased security offered by an outbound firewall.

>> An outbound firewall is one more layer that can help identify problems.

>

>Relying on this layer is precisely what gives you this false sense of

>security.

There's a difference between relying and utilizing.

>Educate yourself, Google can assist.

>BTW, ever wondered why nobody responded to your WLM query?

No, I've been spending my "wondering time" puzzling over how someone

becomes such a condescending, know-it-all, dick head like you.

July 30, 2008

On Wed, 30 Jul 2008 13:01:16 -0400, "Mr. Arnold" <MR.

Arnold@Arnold.com> wrote:

>> But the point be argued here is having an outbound firewall vs. none

>> at all (windows firewall).

>

>Once again, will someone tell this person what outbound packet filtering

>means, which Vista has outbound packet filtering. What he is talking about

>is application control, which are two differnt things and is snake-oil.

Vista's outbound filtering needs manual configuration and is well

beyond the scope of anyone who doesn't have serious training.

Application filtering is not snake-oil and does have value. It's also

possible for average users to actually turn it on an have it work.

July 30, 2008

Kayman wrote:

>

> And 99.99% of quoted statistics are made up on the spot...

>

Including yours??? ;-)

--

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

July 30, 2008

On Wed, 30 Jul 2008 13:01:16 -0400, "Mr. Arnold" <MR.

Arnold@Arnold.com> wrote:

>

>"+Bob+" <uctraing@ultranet.com> wrote in message

>news:8e6194tfd4b07ms82r6gqi0qmup24qnbee@4ax.com...

>>

>> But the point be argued here is having an outbound firewall vs. none

>> at all (windows firewall).

>

>Once again, will someone tell this person what outbound packet filtering

>means, which Vista has outbound packet filtering. What he is talking about

>is application control, which are two differnt things and is snake-oil.

Okay. There is a big difference between outbound packet filtering and

application control. Neither are reliable counter measures against

malware allowed to run.

July 30, 2008

On Wed, 30 Jul 2008 13:44:53 -0400, +Bob+ <uctraing@ultranet.com>

wrote:

>Vista's outbound filtering needs manual configuration and is well

>beyond the scope of anyone who doesn't have serious training.

That's true for any kind of "outbound control". One who doesn't

understand networking shouldn't be expected to be able to properly

configure a firewall.

For application control the situation is even worse, since it requires

a deep understanding of the inner workings of the OS.

"Do you want svchost.exe to connect to the internet?" - Erhmmm, NO -

BEEEEEEEEP - WRONG ANSWER. Okay.. then erhm... YES - BEEEEEEEEEEP -

WRONG ANSWER.

And how about when the "firewall" asks you to make decisions based on

utter nonsense? How about this one that I have come across in several

"personal firewalls": "Program X is trying to contact the internet on

IP address 127.0.0.1"? Not only is it nonsense, it's of absolutely NO

help to a user and worst of all gives the impression of the program

having been developed by coders who have no clue about networking

themselves.

>Application filtering is not snake-oil and does have value.

That's true. It does have value. A good feeling of being in control

certainly has value. Just not in terms of security.

>It's also possible for average users to actually turn it on an have it work.

It's possible for average users to turn it on and shoot themselves

seriously in the foot.

July 30, 2008

On Wed, 30 Jul 2008 13:05:31 -0400, +Bob+ <uctraing@ultranet.com>

wrote:

>Nonsense. Not all malware is sharp enough to avoid firewall detection.

>Not all malware infections are lost cases.

No. But no matter what, that has to be always the default assumption.

Unless you have a baseline and can identify exactly what has been

changed you are basing your security on hope.

>Repair is possible quite often.

Repair is possible if you're very skilled. It's certainly not a job

for Mr. Average. If you rely on running a few anti-tools in order to

declare a system clean as soon as the symptom seems to be gone, you're

on a very slippery slope.

>The earlier the problem is detected, the higher the probability

>for repair. There are enough malware schemes that don't avoid the

>firewall that it is worth using one. PERIOD.

If you allow even poorly coded malware to have a ball on your

computer, your defenses are non-existing anyway.

>Museums have sophisticated security systems. Nonetheless, criminals

>get through them and steal valuable items fairly consistently. Do the

>museums throw up their arms and say "we won't bother with an alarm

>system since there are _some_ people who can beat it". No, they

>install a security system that keeps out the large majority of

>potential thieves, recognizing that no system is perfect.

The real and the virtual worlds don't easily compare. This has lead to

a variety of bad analogies. Yours is just yet another one.

>>> THat's why so many of their machines get infected.

>>

>>No, unsafe browsing and relying on Phony-Baloney Ware such as 3rd party

>>software (so-called) firewalls aka Illusion Ware gets you in hot water.

>

>The fact that some people have an illusion of safety does not negate

>the increased security offered by an outbound firewall.

The possible increase in security from an outbound firewall must as a

minimum outweigh the drawbacks. For me that's a very easy assessment

to make.

>>> An outbound firewall is one more layer that can help identify problems.

>>

>>Relying on this layer is precisely what gives you this false sense of

>>security.

>

>There's a difference between relying and utilizing.

One shouldn't utilize a security measure one can't rely on to a very

high degree. Especially not one which has a serious impact on the

system it's trying to protect.

July 30, 2008

On Wed, 30 Jul 2008 12:46:04 -0400, +Bob+ <uctraing@ultranet.com>

wrote:

>But the point be argued here is having an outbound firewall vs. none

>at all (windows firewall).

If it was only that simple.

>No A/V solution will catch everything.

That's true. In fact they are getting less effective every day.

>Add a few layers - an extra non-unobtrusive, non-performance impacting

>layer that can help is worth it, IMHO.

But a "firewall" implementing "outbound application control"

unfortunately does not fall into that category.

Sign In

FIREWALL CHECK

Recommended Posts

Guest Richard

Popular Days

Popular Days

Guest Charlie Tame

Guest FromTheRafters

Guest Peter Foldes

Guest Kayman

Guest Hank Arnold (MVP)

Guest Paul Montgomery

Guest Kayman

Guest +Bob+

Guest Mr. Arnold

Guest Peter Foldes

Guest FromTheRafters

Guest +Bob+

Guest Mr. Arnold

Guest Kayman

Guest FromTheRafters

Guest +Bob+

Guest Mr. Arnold

Guest +Bob+

Guest +Bob+

Guest Hank Arnold (MVP)

Guest Root Kit

Guest Root Kit

Guest Root Kit

Guest Root Kit

Join the conversation

Browse

Activity

Support