| Author |
Message |
E.
Guest
|
 Posted:
Sun Dec 11, 2005 9:22 am Post subject:
Re: Recurrent question |
|
|
Quaestor wrote:
| Quote: | Godwin is a net-nazi
|
;->
E. |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Sun Dec 11, 2005 5:21 pm Post subject:
Re: Recurrent question |
|
|
In article <gZKmf.10650$kt5.1037893@news20.bellglobal.com>,
triffid@nebula.net says...
| Quote: |
Leythos wrote:
In article <pan.2005.12.10.21.53.41.815715@shconnect.de>,
wolfgang@shconnect.de says...
Am Sat, 10 Dec 2005 20:14:23 +0000 schrieb Sla#s:
Windows Firewall only blocks incoming, it does not block outgoing.
Personal firewalls can't do that.
Personal firewalls can and do block outgoing traffic.
Only if the application generating the traffic isn't smart enough to
reconfigure, disable, or bypass the personal firewall.
|
So, then making a blanket statement of "Personal firewalls can't do
that" is actually incorrect in your opinion. What you should have said
was that Some personal firewalls, when improperly configured with the
OS, do not offer much, if any, outbound protection. Some personal
firewalls, of which the XP Firewall is not considered a firewall, do
provide outbound protection when properly configured and maintained.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Quaestor
Guest
|
| Posted:
Sun Dec 11, 2005 5:21 pm Post subject:
Re: Recurrent question |
|
|
Wolfgang Kueter wrote:
| Quote: | Quaestor wrote:
Every one that I ever used did,
It claimed that it did, sometimes it probably even did but for sure none
of the placebos you used was able to do that had the malware been
sufficienly evil enough.
and I used just about all of them (of
course I have not used the windows "firewall", which being a ms product
is a POS).
Now it becomes really funny: If you had ever thought more than a second
|
Obviously you didn't.
*plonk*
--
Godwin is a net-nazi |
|
| Back to top |
|
|
Wolfgang Kueter
Guest
|
| Posted:
Sun Dec 11, 2005 5:21 pm Post subject:
Re: Recurrent question |
|
|
Quaestor wrote:
| Quote: | Every one that I ever used did,
|
It claimed that it did, sometimes it probably even did but for sure none
of the placebos you used was able to do that had the malware been
sufficienly evil enough.
| Quote: | and I used just about all of them (of
course I have not used the windows "firewall", which being a ms product
is a POS).
|
Now it becomes really funny: If you had ever thought more than a second
about the fact that all the firewall placebos you tried or used run in a
windows operating system environment and therefore *must* rely on
everything that MS coded you'd been able to see yourself that your
statement makes no sense at all.
If you (for whatever reason) don't trust MS using a third party software
so called security software will not help at all because the third party
software *does* trust MS and therefore you trust MS as well.
Wolfgang |
|
| Back to top |
|
|
Wolfgang Kueter
Guest
|
| Posted:
Mon Dec 12, 2005 12:47 am Post subject:
Re: Recurrent question |
|
|
Quaestor wrote:
| Quote: | Wolfgang Kueter wrote:
Now it becomes really funny: If you had ever thought more than a second
Obviously you didn't.
|
It is really laughable that you believe that any third party software
exists in the vacuum and not within an operating system.
Get a patent on that.
Hint: Killfiling me doesn't make your idea correct just like closing
your eyes does not make you invisible. If you believe that you are
invisible when you close your eyes, well, live happily with it but don't
blame it on me if you get hit by a bus while crossing the street with you
eyes closed.
Wolfgang |
|
| Back to top |
|
|
Kerodo
Guest
|
| Posted:
Mon Dec 12, 2005 1:38 am Post subject:
Re: Recurrent question |
|
|
Casey Klc wrote:
| Quote: | In article <pan.2005.12.10.21.53.41.815715@shconnect.de>,
wolfgang@shconnect.de says...
Am Sat, 10 Dec 2005 20:14:23 +0000 schrieb Sla#s:
Windows Firewall only blocks incoming, it does not block outgoing.
Personal firewalls can't do that.
Wolfgang
Sygate does an excellent job blocking outgoing connection attempts.
Casey
|
Only if there is no proxy software running. If you use proxy with
Sygate then it will let things out via the proxy without even asking.
This is one glaring "hole" in Sygate which has never been fixed.
--
Kerodo |
|
| Back to top |
|
|
Casey Klc
Guest
|
| Posted:
Mon Dec 12, 2005 3:51 am Post subject:
Re: Recurrent question |
|
|
In article <1f%mf.1034$Ru.1021@fed1read05>, loopback@localhost.com says...
| Quote: | Casey Klc wrote:
In article <pan.2005.12.10.21.53.41.815715@shconnect.de>,
wolfgang@shconnect.de says...
Am Sat, 10 Dec 2005 20:14:23 +0000 schrieb Sla#s:
Windows Firewall only blocks incoming, it does not block outgoing.
Personal firewalls can't do that.
Wolfgang
Sygate does an excellent job blocking outgoing connection attempts.
Casey
Only if there is no proxy software running. If you use proxy with
Sygate then it will let things out via the proxy without even asking.
This is one glaring "hole" in Sygate which has never been fixed.
Yes, I am aware of the fact that Sygate has no control over |
local host 127.0.0.1. Most users don't run proxies.
Casey |
|
| Back to top |
|
|
Kerodo
Guest
|
| Posted:
Mon Dec 12, 2005 4:50 am Post subject:
Re: Recurrent question |
|
|
Casey Klc wrote:
| Quote: | In article <1f%mf.1034$Ru.1021@fed1read05>, loopback@localhost.com says...
Casey Klc wrote:
In article <pan.2005.12.10.21.53.41.815715@shconnect.de>,
wolfgang@shconnect.de says...
Am Sat, 10 Dec 2005 20:14:23 +0000 schrieb Sla#s:
Windows Firewall only blocks incoming, it does not block outgoing.
Personal firewalls can't do that.
Wolfgang
Sygate does an excellent job blocking outgoing connection attempts.
Casey
Only if there is no proxy software running. If you use proxy with
Sygate then it will let things out via the proxy without even asking.
This is one glaring "hole" in Sygate which has never been fixed.
Yes, I am aware of the fact that Sygate has no control over
local host 127.0.0.1. Most users don't run proxies.
Casey
|
Quite a few do actually. One good example is if you use Avast
anti-virus (Nod32 also), which does proxy on port 80 traffic. In that
case, Firefox, IE or Opera slide right thru Sygate without even a word.
If you don't use proxies then great, but many people do, sometimes
without even realizing it.
--
Kerodo |
|
| Back to top |
|
|
Ansgar -59cobalt- Wiecher
Guest
|
| Posted:
Mon Dec 12, 2005 4:59 am Post subject:
Re: Recurrent question |
|
|
Quaestor wrote:
| Quote: | Wolfgang Kueter wrote:
Quaestor wrote:
and I used just about all of them (of course I have not used the
windows "firewall", which being a ms product is a POS).
Now it becomes really funny: If you had ever thought more than a
second
Obviously you didn't.
|
It's quite obvious that you have no clue whatsoever what Wolfgang and
your very self are talking about. Please read [1] and STFU until then.
[1] http://www.acm.org/classics/sep95/
cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq |
|
| Back to top |
|
|
Ansgar -59cobalt- Wiecher
Guest
|
| Posted:
Mon Dec 12, 2005 5:07 am Post subject:
Re: Recurrent question |
|
|
Quaestor wrote:
| Quote: | Triffid wrote:
Leythos wrote:
Personal firewalls can and do block outgoing traffic.
Only if the application generating the traffic isn't smart enough to
reconfigure, disable, or bypass the personal firewall.
IF the personal firewall is running on a separate machine it gets a
lot harder to do that.
|
IF the personal firewall was doing that it wasn't a PERSONAL firewall
anymore (hint: you may want to deliberate over why they are called
PERSONAL). Plus, if it were running on a separate machine it wouldn't be
able to try and filter by process anyway.
/me detects: Quaestor is in dire need of dried frog pills.
cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq |
|
| Back to top |
|
|
E.
Guest
|
| Posted:
Mon Dec 12, 2005 9:21 am Post subject:
Re: Recurrent question |
|
|
Ansgar -59cobalt- Wiechers wrote:
| Quote: | Quaestor wrote:
Triffid wrote:
Leythos wrote:
Personal firewalls can and do block outgoing traffic.
Only if the application generating the traffic isn't smart enough to
reconfigure, disable, or bypass the personal firewall.
IF the personal firewall is running on a separate machine it gets a
lot harder to do that.
IF the personal firewall was doing that it wasn't a PERSONAL firewall
anymore (hint: you may want to deliberate over why they are called
PERSONAL). Plus, if it were running on a separate machine it wouldn't be
able to try and filter by process anyway.
/me detects: Quaestor is in dire need of dried frog pills.
cu
59cobalt
|
Catching the dried frog is the hard part.
E. |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Mon Dec 12, 2005 9:21 am Post subject:
Re: Recurrent question |
|
|
Wolfgang Kueter <wolfgang@shconnect.de> wrote:
| Quote: | It is really laughable that you believe that any third party software
exists in the vacuum and not within an operating system.
|
It is laughable in this context. It is not laughable in general, because
you don't need an OS for running software programs on a computer. An OS
is optional (and practical).
| Quote: | Hint: Killfiling me doesn't make your idea correct just like closing
your eyes does not make you invisible.
|
ACK.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Wolfgang Kueter
Guest
|
| Posted:
Mon Dec 12, 2005 9:21 am Post subject:
Re: Recurrent question |
|
|
Volker Birk wrote:
| Quote: | Wolfgang Kueter <wolfgang@shconnect.de> wrote:
It is really laughable that you believe that any third party software
exists in the vacuum and not within an operating system.
It is laughable in this context. It is not laughable in general, because
you don't need an OS for running software programs on a computer. An OS
is optional (and practical).
|
ACK.
Jede Menge merkbefreite Volldeppen hier ... ;-)
Wolfgang |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Mon Dec 12, 2005 9:22 am Post subject:
Re: Recurrent question |
|
|
Quaestor <no-spam@my.place> wrote:
| Quote: | and I used just about all of them (of
course I have not used the windows "firewall", which being a ms product
is a POS).
Now it becomes really funny: If you had ever thought more than a second
[explanation]
Obviously you didn't.
*plonk*
|
You can plonk me, too, because Wolfgang is completely right here.
The security system of a classical OS like Windows does not protect code
in the OS kernel at all. So if you don't trust Microsoft, then you should
not run _any_ Microsoft code in the kernel - you may not use Windows then.
An additional software program like a "Personal Firewall" cannot change
Windows' kernel code completely. And it cannot prevent security issues
with kernel code _by_ _design_. This is not the fault of anybody, it is
a result of the concept, that code in processes is protected, while code
in kernel can do what it wants to.
It is the direct result of the concept _having_ a kernel and processes.
Now you can ignore all these facts and plonk me, too. Have fun being an
ignorant.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Mon Dec 12, 2005 5:21 pm Post subject:
Re: Recurrent question |
|
|
In article <405lvrF18h02jU1@individual.net>, usenet-2005
@planetcobalt.net says...
| Quote: | Kerodo wrote:
Leythos wrote:
In article <gZKmf.10650$kt5.1037893@news20.bellglobal.com>, triffid@nebula.net says...
Leythos wrote:
Personal firewalls can and do block outgoing traffic.
Only if the application generating the traffic isn't smart enough to
reconfigure, disable, or bypass the personal firewall.
So, then making a blanket statement of "Personal firewalls can't do
that" is actually incorrect in your opinion. What you should have
said was that Some personal firewalls, when improperly configured
with the OS, do not offer much, if any, outbound protection. Some
personal firewalls, of which the XP Firewall is not considered a
firewall, do provide outbound protection when properly configured and
maintained.
Well said...
... yet still wrong.
You can configure and maintain any personal firewall as properly as you
like, it still can't prevent applications from communicating outbound,
if the applications are smart enough to reconfigure, disable or bypass
the personal firewall. Period.
http://www.copton.net/vortraege/pfw/en.html
|
Funny you mention the IF part, but I've had a PFW on every laptop in our
group, been in some really bad places, always have the systems secured,
and found that it's been every effective at blocking outbound, blocking
inbound, and in general has kept the machines from being compromised.
Now, in normal hands, like with the Windows XP firewall, it's easy to
punch holes in it - even AOL can do that, as well as many other apps,
but, when it comes to other PFW apps, I've not had one yet punch a hole
outbound.
Yea, I know that some apps can make use of lamers account status if they
run as Admin, but, at the same time, if they are properly configured
I've not seen one instance of a break.
Your link didn't work, nothing is displayed and nothing left my system
except to request the page.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in