Microsoft Windows Vista includes a two-way firewall. TO THE TOP

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

Sam Hobbs wrote:

> "Root Kit" <b__nice@hotmail.com> wrote in message

> news:r2tpp4pg39qpald3h3b42cvgv92gu45hm6@4ax.com...

>> On Wed, 18 Feb 2009 20:52:49 -0800, "Sam Hobbs"

>> <Gateremovethis@SamHobbs.org> wrote:

>>

>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>>> news:%23gqTT1ikJHA.4912@TK2MSFTNGP04.phx.gbl...

>>>>

>>>> My point is that there is no middle ground - if you don't trust it to

>>>> access the internet, don't have it on your system (who knows what other

>>>> horrible things it could be doing that you aren't aware of).

>>>

>>> Using that logic, most users of SQL Server should not use it. SQL

>>> Server can

>>> communicate over a network, including the network, but Microsoft

>>> recommends

>>> not allowing SQL Server to access the internet unless there is a need

>>> for

>>> it. I think the MBSA suggests closing the SQL Server ports if they

>>> are open.

>>

>> I'm convinced that's configurable and therefore doesn't need a PFW to

>> "control" it.

>

> The statement made by FromTheRafters did not make an exception for

> anything that can be configured.

>

>>> MySQL is worse, unless they fixed it in the past few years. It does,

>>> or at

>>> least did, require access to the internet in order to communicate among

>>> processes in a single system. I think it used localhost and therefore

>>> perhaps it is possible to configure firewalls to only allow localhost

>>> but

>>> that is still more than what you are suggesting to allow, correct?

>>

>> Since when did localhost reside on the Internet?

>

> Any software that uses localhost can use and/or be used by thousands of

> other IP addresses, simply by changing the IP address or domain name.

> Localhost is just an IP address (127.0.0.1); it is nothing more than an

> IP address. What I am saying is that use of MySQL requires that MySQL be

> allowed access to the internet, unless that has been changed in the past

> few years. Some firewalls probably provide the ability to limit internet

> access to just the localhost but localhost is the internet. MySQL uses

> RPC for inter-process communication and RPC is an internet protocol. RPC

> is also used by DCOM but only for inter-system communication.

Local on localhost means local to the machine. And no other machine

can use the Localhost IP belonging to another machine. It is the

Loop-Back IP of 127.0.0.1 local to a give machine. Localhost is not an

Internet IP just like 192.168.1.100 on a router is a LAN IP and not a

WAN/Internet IP.

RPC is Remote Procedure Call is not a protocol.

http://en.wikipedia.org/wiki/Remote_procedure_call

HTTP -- HyperText Transfer Protocol is a protocol.

SMTP -- Simple Mail Transfer Protocol is a protocol.

FTP -- File Transfer Protocol is a protocol

TCP -- Transmission Control Protocol is a protocol.

February 19, 2009

On Thu, 19 Feb 2009 07:32:56 +0100, Root Kit <b__nice@hotmail.com>

wrote:

>On Wed, 18 Feb 2009 22:54:30 -0500, +Bob+ <nomailplease@example.com>

>wrote:

>

>>Nonsense. I run programs that have no need to access the Internet - at

>>least not unless I want them too.

>

>How do you know? Did you code them yourself? Or did you thoroughly

>investigate exactly what they are doing online? - Or are you just

> assuming that it must be bad?

Let's try to stay in reality here, OK? Obviously I didn't code them,

so toss that strawman.

Back to a reasonable question and answer. Ex. There is no need for

Adobe PDF to constantly check for updates. In fact, there is no need

for it to check for updates - ever. Ex #2. There is no need for Media

Player to access the Internet and check for whatever it's checking for

every time I run it.

>>They aren't intrinsically evil

>>programs, but they also don't need to do internet access unless there

>>is a specific need for it.

>

>If a program does something against your will or policy and this is

>not programmatically configurable it is by definition malicious.

If you say so. I'd say it's just a case of the company/programmers

deciding that they know what's best for me. I'd prefer to make that

decision whenever possible.

>>>In the case of foistware/malware, there is no reason to

>>>assume outbound filtering would catch it in egression.

>>

>>Some is very sharp (in an evil sense) and no doubt will sneak through.

>>THen again, some isn't and will be easily trapped. This is like having

>>a dead bolt on your front door - some thieves are sharp enough to pick

>>such a lock and will get in. Most will not and move on to easier prey.

>

>Are we debating trustworthy security measures or trial-and-error

>approaches?

We discussing reality. The reality is that I can stop some malicious

programs from going outbound. Not all, some. In addition, and

importantly to me, I can stop other programs which have no need for

constant internet access from going outbound. While that is not

perfect control in either situation, it's the level of control I can

exert in the real world and still get work done.

February 19, 2009

On Thu, 19 Feb 2009 08:06:46 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>> Nonsense. I run programs that have no need to access the

>> Internet - at

>> least not unless I want them too. They aren't

>> intrinsically evil

>> programs, but they also don't need to do internet access

>> unless there

>> is a specific need for it.

>

>Nice argument - they don't need to unless they need to.

The point is that I decide if they need to access at that particular

moment, based on what I've done in the program and whether the access

is related.

An example would be MS Media Player. It needs to access the Internet

for playing purposes. So, I let it. It does not need to call home

after every session (but it tries to). So, I disallow it.

MY choice. You can make YOUR own. Great world, isn't it?

February 19, 2009

On Thu, 19 Feb 2009 09:53:35 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>Yes. Say someone sends you a supposedly "freeware" program.

>Once you click past that pesky EULA thingy and install the

>program you find it "phones home" - (your trusty firewall

>catches it) so its just gotta be spying on you. You set a

>rule to stop this behavior. Turns out that it was legitimate

>"adware" or more correctly "advertising supported software".

>You have defeated the advertisements (which you agreed to in

>the EULA) and have also defeated the ability to be notified

>of critical security vulnerabilities in the software.

And all totally hypothetical.

February 19, 2009

On Thu, 19 Feb 2009 10:03:57 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>I was looking for an analogy, the best I could come up with

>is those instances where someone doesn't want their admins

>to have access to a command prompt. If you can't trust your

>admins with a command prompt - they shouldn't be admins in

>the first place. If you can't trust a program, you shouldn't

>execute it.

There are programs I trust to run on my machine that are fine locally.

They do not require Internet Access to do their job. Therefore, they

don't get it.

You have apparently never done any physical security/site work. Your

administrator analogy is akin to saying "if I give my secretary a key

to go into my office and put papers in the in-basket, I should also

give her a key to all my file cabinets" or how about "if I give the

security guard a key to check the bank vault for intruders, I should

also give him the combination to the safe"

February 19, 2009

On Thu, 19 Feb 2009 10:17:30 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>

>> In my experience, ZA has no trouble blocking unauthorized

>> software from going online

>

>Why are you running unauthorized software?

'nuther strawman.

February 19, 2009

On Thu, 19 Feb 2009 10:54:51 -0500, Jack the Ripper <Jack@Rripper.com>

wrote:

>+Bob+ wrote:

>> On Wed, 18 Feb 2009 23:41:00 -0500, Jack the Ripper <Jack@Rripper.com>

>> wrote:

>>

>>> +Bob+ wrote:

>>>> On Wed, 18 Feb 2009 19:59:31 -0500, "FromTheRafters"

>>>> <erratic@nomail.afraid.org> wrote:

>>>>

>>

>>>> Nonsense. I run programs that have no need to access the Internet - at

>>>> least not unless I want them too. They aren't intrinsically evil

>>>> programs, but they also don't need to do internet access unless there

>>>> is a specific need for it.

>>> Nonesense, you either know what is running on the computer or you don't.

>>

>> I know what's running.

>>

>>

>>> If you trust the program, then you should have no problems in allowing

>>> that program to access the Internet. If you don't trust the program,

>>> then you shouldn't have the program on the computer period.

>>

>> Your opinion, not mine. Many people disagree with you.

>>

>>

>>> It's as simple as that, and it doesn't take a rocket scientist to figure

>>> it out.

>>

>> Certainly no one will ever mistake you for a scientist as you are

>> incapable of objectively analyzing anything.

>>

>>

>

>You are an idiot. Why I bother with you is beyond me?

When the verbal going gets tough, people with lower IQ's and

difficulties articulating (or even formulating) an arguable position

tend to fall back to personal insults.

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

FromTheRafters wrote:

> "Jack the Ripper" <Jack@Rripper.com> wrote in message

> news:%23nDJk9kkJHA.1288@TK2MSFTNGP02.phx.gbl...

>> FromTheRafters wrote:

>

>>> Thanks for the link, although I'm not sure why you posted

>>> it here. This poster seemed to imply that there is middle

>>> ground to cover for programs that you trust to play your

>>> video files, yet don't trust to access the internet for

>>> instance. My point is that there is no middle ground - if

>>> you don't trust it to access the internet, don't have it

>>> on your system (who knows what other horrible things it

>>> could be doing that you aren't aware of). There is no

>>> problem having an API that allows a program you have

>>> given permission to execute the ability to configure your

>>> firewall. You indicated your trust when you installed or

>>> executed the program.

>> If one doesn't trust the program in this case, then one

>> shouldn't have it on the machine.

>

> Yes. Say someone sends you a supposedly "freeware" program.

> Once you click past that pesky EULA thingy and install the

> program you find it "phones home" - (your trusty firewall

> catches it) so its just gotta be spying on you. You set a

> rule to stop this behavior. Turns out that it was legitimate

> "adware" or more correctly "advertising supported software".

> You have defeated the advertisements (which you agreed to in

> the EULA) and have also defeated the ability to be notified

> of critical security vulnerabilities in the software.

You know, I did a little test of PFW(s), like ZA, BlackIce, Kerio, and

most of the others setting rules to stop Gator both FW rules and

application control rules. None of them could stop Gator, as Gator

switched gears and started piggy-backing off of other legit processes.

Also Gator could get to the network connection first and be done before

the PFW(s) could have their FW service started to protect the connection.

>

> No mention in the EULA of any umbilical cord to the mother

> ship (as if anybody actually reads them). You install the

> program and it sends banking information

> to a criminal organization - without the firewall alerting

> to anything untoward.

>

> Bottom line, you had no reason to trust the program in

> either case. Your filters didn't save you, in fact in the

> first case your filters retrograded security.

A FW's job is to stop unsolicited inbound traffic by creating packet

filtering rule or do the same for outbound by creating packet filtering

rules if the solution has outbound packet filtering.

The FW's job is not to play malware detector by stopping

applications/programs.

>

>> Who has time to be playing Russian roulette, because

>> that's what is happening when one starts playing that

>> game?

>

> With a six shooter loaded with five bullets. style_emoticons/)

<smile>

>

>> Those programs are smart enough to find

>> other ways of punching out by piggy-backing off of other

>> legit processes running on the machine.

>

> Ah, so that was the point of the URL

> http://www.securityfocus.com/infocus/1839/1 .

Yes, they can be circumvented, easily.

>

>>> In the case of foistware/malware, there is no reason to

>>> assume outbound filtering would catch it in egression.

>>> Houdini demonstrated that a safe isn't designed to keep a

>>> person locked in . When he repeatedly managed to escape

>>> from them, it didn't cause the manufacturers to redesign

>>> their safes to be escape proof. You just have to work

>>> within the safe's specifications.

>> Malware can have several back doors and other means to

>> punch its way out, undetected.

>

> A person trying to get into a safe is living outside the

> box. Malware running on a machine is living inside, and

> the box wasn't designed to keep escape artists from getting

> out. Having other security software inside the box is not as

> effective as having security outside the box (a real

> firewall) - even Houdini couldn't escape from within a

> locked safe if the safe had locked chains wrapped around the

> outside .

agreed

>

>> You know, a malware maker can set-up a honey-pot situation

>> sort of speaking, where as, they expose the exploit and

>> let it be seen so that it can be caught, giving someone a

>> false sense of accomplishment that they caught it.

>

> Yes, or this could be just the side effect of having a

> blended threat. Three ingress methods, one of which gets

> caught out by a PFW.

The hacker are slick, and you know that they test what they can do or

not do before moving on to bigger game, like hacking into the Visa'a

debit/credit card system that my credit union uses, which forced a

cancellation of about 10 million cards and reissue. This is the second

time this has happened too.

>

>> In the meantime, they are being back-doored somewhere

>> else, undetected.

>

> Yes, in which case the PFW user has had his paranoia

> misplaced. He should be more wary of what he allows to

> execute rather than to try to control or detect what actions

> the malware is taking.

agreed

February 19, 2009

"+Bob+" <nomailplease@example.com> wrote in message

news:kg3rp4980k1drqbl0puck7pjhnb540l72i@4ax.com...

> On Thu, 19 Feb 2009 10:03:57 -0500, "FromTheRafters"

> <erratic@nomail.afraid.org> wrote:

>

>>I was looking for an analogy, the best I could come up

>>with

>>is those instances where someone doesn't want their admins

>>to have access to a command prompt. If you can't trust

>>your

>>admins with a command prompt - they shouldn't be admins in

>>the first place. If you can't trust a program, you

>>shouldn't

>>execute it.

>

> There are programs I trust to run on my machine that are

> fine locally.

> They do not require Internet Access to do their job.

> Therefore, they

> don't get it.

>

> You have apparently never done any physical security/site

> work. Your

> administrator analogy is akin to saying "if I give my

> secretary a key

> to go into my office and put papers in the in-basket, I

> should also

> give her a key to all my file cabinets" or how about "if I

> give the

> security guard a key to check the bank vault for

> intruders, I should

> also give him the combination to the safe"

Not at all. Both of your "akin's" reflect the "limited user"

account not the administrator.

Let me guess - you are running as admin right now?

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

+Bob+ wrote:

> On Thu, 19 Feb 2009 10:54:51 -0500, Jack the Ripper <Jack@Rripper.com>

> wrote:

>

>> +Bob+ wrote:

>>> On Wed, 18 Feb 2009 23:41:00 -0500, Jack the Ripper <Jack@Rripper.com>

>>> wrote:

>>>

>>>> +Bob+ wrote:

>>>>> On Wed, 18 Feb 2009 19:59:31 -0500, "FromTheRafters"

>>>>> <erratic@nomail.afraid.org> wrote:

>>>>>

>>>>> Nonsense. I run programs that have no need to access the Internet - at

>>>>> least not unless I want them too. They aren't intrinsically evil

>>>>> programs, but they also don't need to do internet access unless there

>>>>> is a specific need for it.

>>>> Nonesense, you either know what is running on the computer or you don't.

>>> I know what's running.

>>>

>>>> If you trust the program, then you should have no problems in allowing

>>>> that program to access the Internet. If you don't trust the program,

>>>> then you shouldn't have the program on the computer period.

>>> Your opinion, not mine. Many people disagree with you.

>>>

>>>> It's as simple as that, and it doesn't take a rocket scientist to figure

>>>> it out.

>>> Certainly no one will ever mistake you for a scientist as you are

>>> incapable of objectively analyzing anything.

>>>

>>>

>> You are an idiot. Why I bother with you is beyond me?

>

> When the verbal going gets tough, people with lower IQ's and

> difficulties articulating (or even formulating) an arguable position

> tend to fall back to personal insults.

Pfft, you are a llort, a responder, and you can reverse spell the word.

February 19, 2009

On Thu, 19 Feb 2009 12:17:40 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>

>Not at all. Both of your "akin's" reflect the "limited user"

>account not the administrator.

>Let me guess - you are running as admin right now?

You just failed to address the real issue bring discussed.

February 19, 2009

On Thu, 19 Feb 2009 10:49:14 -0500, Jack the Ripper <Jack@Rripper.com>

wrote:

>> Seems like you are the one avoiding the question. Why do you post

>> under so many different monikers?

>

>If it was any of your business as to what I do, how I do it, when I do

>it or why I do it, that would be one thing. But since its none of your

>business as to what I am doing and I don't answer to you, then your

>question means absolutely nothing to me concerning this.

In other words, posting to newsgroups is mental masturbation for you.

Very clear, thanks.

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

+Bob+ wrote:

> On Thu, 19 Feb 2009 10:49:14 -0500, Jack the Ripper <Jack@Rripper.com>

> wrote:

>

>>> Seems like you are the one avoiding the question. Why do you post

>>> under so many different monikers?

>> If it was any of your business as to what I do, how I do it, when I do

>> it or why I do it, that would be one thing. But since its none of your

>> business as to what I am doing and I don't answer to you, then your

>> question means absolutely nothing to me concerning this.

>

> In other words, posting to newsgroups is mental masturbation for you.

> Very clear, thanks.

If there is any masturbation going on here, it's with you sitting at the

keyboard after you have taken you Viagra pill, with things in your hand

and bashing MS. You should go do it in the Linux NG(s) where it counts,

particularly in Linux.Advocacy where you'll be right at home.

February 19, 2009

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:uHYtyXrkJHA.504@TK2MSFTNGP06.phx.gbl...

[...]

> You know, I did a little test of PFW(s), like ZA,

> BlackIce, Kerio, and most of the others setting rules to

> stop Gator both FW rules and application control rules.

> None of them could stop Gator, as Gator switched gears and

> started piggy-backing off of other legit processes. Also

> Gator could get to the network connection first and be

> done before the PFW(s) could have their FW service started

> to protect the connection.

http://www.errorsite.com/815-boot-time-fil...g-in-windows-7/

This is one reason it is such a shame people drop the

built-in and run a 3rd party firewall because they

overvalue outbound filtering. This IMO is a case of "making

the people think you are giving them what they think they

want" with offering what appears to be outbound protection

in Windows Firewall with Advanced Security.

> A FW's job is to stop unsolicited inbound traffic by

> creating packet filtering rule or do the same for outbound

> by creating packet filtering rules if the solution has

> outbound packet filtering.

Clearly this is true for hardware firewall devices. As for

software running on the machine you hope to protect, the

incoming must come in to be filtered. Very nearly as good as

the hardware version, since incoming gets stopped before

anything can "execute" - unless the filtering software is

flawed in a very bad way. Now with outbound, the assumption

is that the program is being executed and generating (or

attempting to generate) outbound traffic. The hardware

firewall can still be trusted to filter as normal - but what

of the filters on the local (compromised?) machine?

I'm not saying filtering outbound is useless, only very

nearly so.

> The FW's job is not to play malware detector by stopping

> applications/programs.

Exactly! Why is it that so many people judge a firewall's

worthiness by such a feature?

It's like tailfeathers on a peacock - artificial selection.

[...]

February 19, 2009

Hey Root, Jack, Sam, Rafters, and Bob --

Would y'all mind taking microsoft.public.vb.vista.compatibility out of the

discussion?

This thread seems to have nothing at all to do with Visual Basic.

Thanks... Karl

--

..NET: It's About Trust!

http://vfred.mvps.org

February 19, 2009

"+Bob+" <nomailplease@example.com> wrote in message

news:6c5rp41kh75quo9rcn2c2pnf4gapduag5r@4ax.com...

> On Thu, 19 Feb 2009 12:17:40 -0500, "FromTheRafters"

> <erratic@nomail.afraid.org> wrote:

>

>>

>>Not at all. Both of your "akin's" reflect the "limited

>>user"

>>account not the administrator.

>>Let me guess - you are running as admin right now?

>

> You just failed to address the real issue bring discussed.

I prefer to think I just hit the nail squarely...

....guess we'll never know...

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

FromTheRafters wrote:

> "Jack the Ripper" <Jack@Rripper.com> wrote in message

> news:uHYtyXrkJHA.504@TK2MSFTNGP06.phx.gbl...

> [...]

>

>> You know, I did a little test of PFW(s), like ZA,

>> BlackIce, Kerio, and most of the others setting rules to

>> stop Gator both FW rules and application control rules.

>> None of them could stop Gator, as Gator switched gears and

>> started piggy-backing off of other legit processes. Also

>> Gator could get to the network connection first and be

>> done before the PFW(s) could have their FW service started

>> to protect the connection.

>

> http://www.errorsite.com/815-boot-time-fil...g-in-windows-7/

>

> This is one reason it is such a shame people drop the

> built-in and run a 3rd party firewall because they

> overvalue outbound filtering. This IMO is a case of "making

> the people think you are giving them what they think they

> want" with offering what appears to be outbound protection

> in Windows Firewall with Advanced Security.

>

>> A FW's job is to stop unsolicited inbound traffic by

>> creating packet filtering rule or do the same for outbound

>> by creating packet filtering rules if the solution has

>> outbound packet filtering.

Outbound filtering has it place even of a host based solution like

Vista's FW and other's. But outbound only really works on a standalone

solution such as a FW appliance, router or network software FW solution

on a secured gateway computer.

Yes, I am very aware of protecting the connection at boot, and WFP on

Vista and Win-7.

February 19, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

+Bob+ wrote:

> On Thu, 19 Feb 2009 10:54:51 -0500, Jack the Ripper <Jack@Rripper.com>

> wrote:

>

>> +Bob+ wrote:

>>> On Wed, 18 Feb 2009 23:41:00 -0500, Jack the Ripper <Jack@Rripper.com>

>>> wrote:

>>>

>>>> +Bob+ wrote:

>>>>> On Wed, 18 Feb 2009 19:59:31 -0500, "FromTheRafters"

>>>>> <erratic@nomail.afraid.org> wrote:

>>>>>

>>>>> Nonsense. I run programs that have no need to access the Internet - at

>>>>> least not unless I want them too. They aren't intrinsically evil

>>>>> programs, but they also don't need to do internet access unless there

>>>>> is a specific need for it.

>>>> Nonesense, you either know what is running on the computer or you don't.

>>> I know what's running.

>>>

>>>> If you trust the program, then you should have no problems in allowing

>>>> that program to access the Internet. If you don't trust the program,

>>>> then you shouldn't have the program on the computer period.

>>> Your opinion, not mine. Many people disagree with you.

>>>

>>>> It's as simple as that, and it doesn't take a rocket scientist to figure

>>>> it out.

>>> Certainly no one will ever mistake you for a scientist as you are

>>> incapable of objectively analyzing anything.

>>>

>>>

>> You are an idiot. Why I bother with you is beyond me?

>

> When the verbal going gets tough,...

....you mean like when you start spreading your lies and FUD?

people with lower IQ's..

...."lower IQ's"...well just how low is your IQ to be able to post your

bullshit in here?

and

> difficulties articulating (or even formulating) an arguable position

> tend to fall back to personal insults.

You actually believe that your lies and FUD in here constitute an

"arguable position"?

Hahahaha...Really? And your IQ is...?

February 19, 2009

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:udlTaoqkJHA.3480@TK2MSFTNGP06.phx.gbl...

> Sam Hobbs wrote:

>> "Jack the Ripper" <Jack@Rripper.com> wrote in message

>> news:OM2Q6ClkJHA.5980@TK2MSFTNGP06.phx.gbl...

>>> Sam Hobbs wrote:

>>>> "mayayana" <mayayaXXna@rcXXn.com> wrote in message

>>>> news:%23FbIbxdkJHA.1340@TK2MSFTNGP06.phx.gbl...

>>>>>

>>>>> Complicating matters, Microsoft shrouds a number of

>>>>> services in the svchost.exe process, which can run in

>>>>> multiple instances. So if you allow svchost through the

>>>>> firewall it's not so easy to know exactly what you're

>>>>> allowing. And ZA can't differentiate between the actual

>>>>> processes running under the svchost "hat".

>>>>

>>>> Actually it is possible to determine what each instance of svchost is

>>>> doing. WMI can show what is executed by each instance and you can use

>>>> the Task Manager interactively to determine that information (you

>>>> probably need to modify the view to show the columns). The sysinternals

>>>> site in Microsoft has a process monitor that can show the information.

>>>>

>>>> The ZoneAlarm people are technical enough that they could hook each

>>>> instance of svchost if necessary.

>>>>

>>>

>>> Look man, those users using ZA (home users most likely) or any other

>>> personal FW solutions are not savvy enough to find a hidden process,

>>> because I have talked with them in other NG(s) including ZA users about

>>> using PE, how to use it and they couldn't find a thing, probably looking

>>> right at it in their face.

>>

>> I said nothing about users. I said "ZoneAlarm people", not ZoneAlarm

>> users.

>

> You make no sense none whatsoever. If one using the ZA application, then

> one is a user of ZA. style_emoticons/

I know you are an intelligent person, therefore you are using your

intelligence to be ignorant. Obviously you don't want to understand.

February 19, 2009

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:%23AkzjtpkJHA.1928@TK2MSFTNGP03.phx.gbl...

>

> "Sam Hobbs" <Gateremovethis@SamHobbs.org> wrote in message

> news:29772EAC-EC0E-4D9B-9362-7CBFEAF57848@microsoft.com...

>> "Root Kit" <b__nice@hotmail.com> wrote in message

>> news:r2tpp4pg39qpald3h3b42cvgv92gu45hm6@4ax.com...

>>> On Wed, 18 Feb 2009 20:52:49 -0800, "Sam Hobbs"

>>> <Gateremovethis@SamHobbs.org> wrote:

>>>

>>>>"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>>>>news:%23gqTT1ikJHA.4912@TK2MSFTNGP04.phx.gbl...

>>>>>

>>>>> My point is that there is no middle ground - if you don't trust it to

>>>>> access the internet, don't have it on your system (who knows what

>>>>> other

>>>>> horrible things it could be doing that you aren't aware of).

>>>>

>>>>Using that logic, most users of SQL Server should not use it. SQL Server

>>>>can

>>>>communicate over a network, including the network, but Microsoft

>>>>recommends

>>>>not allowing SQL Server to access the internet unless there is a need

>>>>for

>>>>it. I think the MBSA suggests closing the SQL Server ports if they are

>>>>open.

>>>

>>> I'm convinced that's configurable and therefore doesn't need a PFW to

>>> "control" it.

>>

>> The statement made by FromTheRafters did not make an exception for

>> anything that can be configured.

>

> I consider configurable items to be items you are (or at least should

> be) aware of.

I responded to the comment: "My point is that there is no middle ground - if

you don't trust it to access the internet, don't have it on your system (who

knows what other horrible things it could be doing that you aren't aware

of).". That is such an extreme comment that I had to reply to it. You seem

to be saying something different now.

Your next sentence was: "There is no problem having an API that allows a

program you have given permission to execute the ability to configure your

firewall. You indicated your trust when you installed or executed the

program.". Perhaps I misunderstood that. If so then I will assume you have

now explained that adequately.

February 19, 2009

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:eC5F%23zqkJHA.4028@TK2MSFTNGP03.phx.gbl...

> Sam Hobbs wrote:

>> "Root Kit" <b__nice@hotmail.com> wrote in message

>> news:r2tpp4pg39qpald3h3b42cvgv92gu45hm6@4ax.com...

>>> On Wed, 18 Feb 2009 20:52:49 -0800, "Sam Hobbs"

>>> <Gateremovethis@SamHobbs.org> wrote:

>>>

>>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>>>> news:%23gqTT1ikJHA.4912@TK2MSFTNGP04.phx.gbl...

>>>>>

>>>>> My point is that there is no middle ground - if you don't trust it to

>>>>> access the internet, don't have it on your system (who knows what

>>>>> other

>>>>> horrible things it could be doing that you aren't aware of).

>>>>

>>>> Using that logic, most users of SQL Server should not use it. SQL

>>>> Server can

>>>> communicate over a network, including the network, but Microsoft

>>>> recommends

>>>> not allowing SQL Server to access the internet unless there is a need

>>>> for

>>>> it. I think the MBSA suggests closing the SQL Server ports if they are

>>>> open.

>>>

>>> I'm convinced that's configurable and therefore doesn't need a PFW to

>>> "control" it.

>>

>> The statement made by FromTheRafters did not make an exception for

>> anything that can be configured.

>>

>>>> MySQL is worse, unless they fixed it in the past few years. It does, or

>>>> at

>>>> least did, require access to the internet in order to communicate among

>>>> processes in a single system. I think it used localhost and therefore

>>>> perhaps it is possible to configure firewalls to only allow localhost

>>>> but

>>>> that is still more than what you are suggesting to allow, correct?

>>>

>>> Since when did localhost reside on the Internet?

>>

>> Any software that uses localhost can use and/or be used by thousands of

>> other IP addresses, simply by changing the IP address or domain name.

>> Localhost is just an IP address (127.0.0.1); it is nothing more than an

>> IP address. What I am saying is that use of MySQL requires that MySQL be

>> allowed access to the internet, unless that has been changed in the past

>> few years. Some firewalls probably provide the ability to limit internet

>> access to just the localhost but localhost is the internet. MySQL uses

>> RPC for inter-process communication and RPC is an internet protocol. RPC

>> is also used by DCOM but only for inter-system communication.

>

> Local on localhost means local to the machine. And no other machine can

> use the Localhost IP belonging to another machine. It is the Loop-Back IP

> of 127.0.0.1 local to a give machine. Localhost is not an Internet IP

> just like 192.168.1.100 on a router is a LAN IP and not a WAN/Internet

> IP.

You are intentionally ignoring other comments I made.

> RPC is Remote Procedure Call is not a protocol.

>

> http://en.wikipedia.org/wiki/Remote_procedure_call

>

> HTTP -- HyperText Transfer Protocol is a protocol.

> SMTP -- Simple Mail Transfer Protocol is a protocol.

> FTP -- File Transfer Protocol is a protocol

> TCP -- Transmission Control Protocol is a protocol.

It is a little confusing, since the internet was built upon existing

software. For example HTML initially used SGML which is a word-processing

standard.

The IETF defines the internet; the standards are called Request For Comments

(RFCs) which is a misleading term but everything that you call the internet

is defined in RFCs and the RFCs are the standards. RFC 1831 defines RPCs:

RPC: Remote Procedure Call Protocol Specification Version 2

http://www.ietf.org/rfc/rfc1831.txt?number=1831

It clearly calls RPC a protocol and says it is for the internet.

In addition to all that, when I used MySQL a few years ago, it did not work

unless I configured my firewall to allow it access to the internet.

Also, note that the comments I replied to are probably now clarified such

that all this is not relevant.

February 19, 2009

On Thu, 19 Feb 2009 11:38:32 -0500, +Bob+ <nomailplease@example.com>

wrote:

>Back to a reasonable question and answer. Ex. There is no need for

>Adobe PDF to constantly check for updates. In fact, there is no need

>for it to check for updates - ever.

Erhmmm... No need to update your Adobe - ever??? - That's a perfect of

example of shooting oneself in the foot right there.

>>If a program does something against your will or policy and this is

>>not programmatically configurable it is by definition malicious.

>

>If you say so. I'd say it's just a case of the company/programmers

>deciding that they know what's best for me. I'd prefer to make that

>decision whenever possible.

What about all the other bad stuff a company's program may do to your

machine that you wouldn't like if only you knew about it?

February 19, 2009

"+Bob+" <nomailplease@example.com> wrote in message

news:kf3rp4pfr3bbhp5v3i6a4u17sr0lkvuigm@4ax.com...

> On Thu, 19 Feb 2009 09:53:35 -0500, "FromTheRafters"

> <erratic@nomail.afraid.org> wrote:

>

>>Yes. Say someone sends you a supposedly "freeware" program.

>>Once you click past that pesky EULA thingy and install the

>>program you find it "phones home" - (your trusty firewall

>>catches it) so its just gotta be spying on you. You set a

>>rule to stop this behavior. Turns out that it was legitimate

>>"adware" or more correctly "advertising supported software".

>>You have defeated the advertisements (which you agreed to in

>>the EULA) and have also defeated the ability to be notified

>>of critical security vulnerabilities in the software.

>

> And all totally hypothetical.

Not totally hypothetical. Software that "phones home" happens and is quite

common.

February 19, 2009

Sorry; yes I agree. I will try to remember to do that for my future replies.

"Karl E. Peterson" <karl@mvps.org> wrote in message

news:eYIFh0rkJHA.4372@TK2MSFTNGP02.phx.gbl...

> Hey Root, Jack, Sam, Rafters, and Bob --

>

> Would y'all mind taking microsoft.public.vb.vista.compatibility out of the

> discussion?

>

> This thread seems to have nothing at all to do with Visual Basic.

>

> Thanks... Karl

> --

> .NET: It's About Trust!

> http://vfred.mvps.org

>

February 19, 2009

On Thu, 19 Feb 2009 12:18:46 -0500, Jack the Ripper <Jack@Rripper.com>

wrote:

>>> You are an idiot. Why I bother with you is beyond me?

>>

>> When the verbal going gets tough, people with lower IQ's and

>> difficulties articulating (or even formulating) an arguable position

>> tend to fall back to personal insults.

>

>Pfft, you are a llort, a responder, and you can reverse spell the word.

Might want to check your system time there, smart guy, for a guru you

seem to have some real issues.

Sign In

Microsoft Windows Vista includes a two-way firewall. TO THE TOP

Recommended Posts

Guest Jack the Ripper

Popular Days

Popular Days

Guest +Bob+

Guest +Bob+

Guest +Bob+

Guest +Bob+

Guest +Bob+

Guest +Bob+

Guest Jack the Ripper

Guest FromTheRafters

Guest Jack the Ripper

Guest +Bob+

Guest +Bob+

Guest Jack the Ripper

Guest FromTheRafters

Guest Karl E. Peterson

Guest FromTheRafters

Guest Jack the Ripper

Guest FBonWin7b1x64

Guest Sam Hobbs

Guest Sam Hobbs

Guest Sam Hobbs

Guest Root Kit

Guest Sam Hobbs

Guest Sam Hobbs

Guest +Bob+

Join the conversation

Browse

Activity

Support