| Author |
Message |
Leythos
Guest
|
 Posted:
Thu Dec 15, 2005 5:21 pm Post subject:
Re: Recurrent question |
|
|
In article <11q1mi0dn85rdbe@news.supernews.com>, no-spam@my.place
says...
| Quote: | Ric wrote:
On 11 Dec 2005 09:55:03 +0100, Volker Birk <bumens@dingens.org> wrote:
Yours,
VB.
By this reasoning an anti-virus program would be completely useless
because it can't stop all viral infections.
Consider the source. I plonked that guy a long time ago. So have a lot
of others.
|
Yea, he's about worthless - right after I said his "proof of concept"
didn't work on properly configured computers he kill-filed me - funny he
couldn't address his failures.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
 |
Kerodo
Guest
|
| Posted:
Thu Dec 15, 2005 11:40 pm Post subject:
Re: Recurrent question |
|
|
In article <43a164e9@news.uni-ulm.de>, bumens@dingens.org says...
| Quote: | Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't mean
it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely useless
because of being superseeded by the Windows-Firewall,
|
That's completely ridiculous. They do entirely different things.
--
Kerodo |
|
| Back to top |
|
|
Ansgar -59cobalt- Wiecher
Guest
|
| Posted:
Fri Dec 16, 2005 12:32 am Post subject:
Re: Recurrent question |
|
|
Kerodo wrote:
| Quote: | In article <43a164e9@news.uni-ulm.de>, bumens@dingens.org says...
Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't
mean it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely
useless because of being superseeded by the Windows-Firewall,
That's completely ridiculous. They do entirely different things.
|
No. Both filter inbound connections. That can be done reliably. The
Windows Firewall prevents applications from listening on ports. That can
be done reliably as well. Personal Firewalls try to prevent applications
from communicating outbound. That cannot be done reliably. Which is why
the Windows Firewall is sufficient.
cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Fri Dec 16, 2005 12:33 am Post subject:
Re: Recurrent question |
|
|
Kerodo <loopback@localhost.com> wrote:
| Quote: | "Personal Firewalls" aren't "not 100% perfect". They're completely useless
because of being superseeded by the Windows-Firewall,
That's completely ridiculous. They do entirely different things.
|
No. They're implementing a host based packet filter, just as the Windows-
Firewall do.
And most of them implement much more - and ALL of this is crap, misunder-
standing data security, and incompetency. All, what I saw was one of this.
This is what we tested:
* Kerio Personal Firewall 4.1.2
* Norman Personal Firewall 1.42
* Agnitum Outpost Firewall Pro 2.5
* Sygate Personal Firewall Pro 5.5
* Tiny Firewall 6.0
* Zone Labs ZoneAlarm Pro 5.5
* Symantec Norton Personal Firewall 2005
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Fri Dec 16, 2005 12:46 am Post subject:
Re: Recurrent question |
|
|
In article <40dr6mF19hmiuU1@individual.net>, usenet-2005
@planetcobalt.net says...
| Quote: | Kerodo wrote:
In article <43a164e9@news.uni-ulm.de>, bumens@dingens.org says...
Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't
mean it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely
useless because of being superseeded by the Windows-Firewall,
That's completely ridiculous. They do entirely different things.
No. Both filter inbound connections. That can be done reliably. The
Windows Firewall prevents applications from listening on ports. That can
be done reliably as well. Personal Firewalls try to prevent applications
from communicating outbound. That cannot be done reliably. Which is why
the Windows Firewall is sufficient.
|
You sound like offspring of VB's.
Windows firewall can be programatically changed without the user knowing
about it - try installing AOL and see if it doesn't make exceptions in
the Windows Firewall.
That means that Windows firewall is not acceptable under your
definition.
The only effective firewall is one that someone understands, can monitor
easily, can see/change rules for as needed, and is likely to be used
properly.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Iceman
Guest
|
| Posted:
Fri Dec 16, 2005 1:16 am Post subject:
Re: Recurrent question |
|
|
On 15 Dec 2005 13:43:21 +0100, Volker Birk wrote in message
<43a164e9@news.uni-ulm.de>:
| Quote: | Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't mean
it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely useless
because of being superseeded by the Windows-Firewall, but many of them are
dangerous because of their security breaches, especially Symantec Norton,
Outpost and Sygate. And they're very dangerous, because their "security"
relies on user's decisions, which is a b0rken concept and a security
breach itself, as with Zone Alarm, for example.
|
The problem is, older versions of Windows (pre-XP) don't have the
built-in firewall. |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Fri Dec 16, 2005 1:19 am Post subject:
Re: Recurrent question |
|
|
Iceman <ismand_57@hotmail.com> wrote:
| Quote: | The problem is, older versions of Windows (pre-XP) don't have the
built-in firewall.
|
Yes. Here the ICF can be enabled manually - or the filtering stuff,
which is called "IPSec" by Microsoft (I don't understand why).
Or you could use http://www.dingens.org or
http://www.ntsvcfg.de/ntsvcfg_eng.html
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Quaestor
Guest
|
| Posted:
Fri Dec 16, 2005 2:40 am Post subject:
Re: Recurrent question |
|
|
Iceman wrote:
| Quote: | On 15 Dec 2005 13:43:21 +0100, Volker Birk wrote in message
43a164e9@news.uni-ulm.de>:
Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't mean
it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely useless
because of being superseeded by the Windows-Firewall, but many of them are
dangerous because of their security breaches, especially Symantec Norton,
Outpost and Sygate. And they're very dangerous, because their "security"
relies on user's decisions, which is a b0rken concept and a security
breach itself, as with Zone Alarm, for example.
The problem is, older versions of Windows (pre-XP) don't have the
built-in firewall.
|
No, the problem is, XP does. This leads people to believe they have
security when they don't.
--
Godwin is a net-nazi |
|
| Back to top |
|
|
Kerodo
Guest
|
| Posted:
Fri Dec 16, 2005 3:05 am Post subject:
Re: Recurrent question |
|
|
In article <40dr6mF19hmiuU1@individual.net>, usenet-2005
@planetcobalt.net says...
| Quote: | Kerodo wrote:
In article <43a164e9@news.uni-ulm.de>, bumens@dingens.org says...
Kerodo <loopback@localhost.com> wrote:
Yep, just because something isn't perfect 100% of the time doesn't
mean it's useless.
"Personal Firewalls" aren't "not 100% perfect". They're completely
useless because of being superseeded by the Windows-Firewall,
That's completely ridiculous. They do entirely different things.
No. Both filter inbound connections. That can be done reliably. The
Windows Firewall prevents applications from listening on ports. That can
be done reliably as well. Personal Firewalls try to prevent applications
from communicating outbound. That cannot be done reliably. Which is why
the Windows Firewall is sufficient.
|
The key to your argument is the word "reliably". So it depends on what
exactly you mean by that. It goes back to that AV being useless
argument. By your definition of "reliably" then all AVs are useless too
because they don't catch 100% of the threats and hence are not
"reliable". Yet we still use them don't we? Why? Because they will
and do catch a high percentage of the threats. And catching most is
better than catching none.
Also to say that the reason why Windows Firewall is sufficient is
because Personal Firewalls can't catch all outbound, is another
illogical and silly argument. What does one have to do with the other?
I would say that the Windows Firewall is not sufficient because it makes
no attempt to try to catch outbound. Some attempt is better than none.
Why do you think people "try" at things? Nobody is perfect, yet we keep
trying simply because some success is better than none, and to give up
entirely is unacceptable. You would have everyone give up the attempt
to catch outbound simply because it might be difficult at times.
--
Kerodo |
|
| Back to top |
|
|
Ric
Guest
|
| Posted:
Fri Dec 16, 2005 4:54 am Post subject:
Re: Recurrent question |
|
|
On Wed, 14 Dec 2005 18:50:29 -0800, Quaestor <no-spam@my.place> wrote:
| Quote: | Ric wrote:
On 11 Dec 2005 09:55:03 +0100, Volker Birk <bumens@dingens.org> wrote:
Yours,
VB.
By this reasoning an anti-virus program would be completely useless
because it can't stop all viral infections.
Consider the source. I plonked that guy a long time ago. So have a lot
of others.
|
I like reading his posts, although I disagree with his opinion that
PFW's are completely useless. It could be down to a
language/subjective difference. One extreme would say if a thing
doesn't do exactly the job it is intended to do, it is useless. The
other extreme would say It's not useless, at least I can use it as a
doorstop.
At least he has actually experimented with PFW's, instead of just
pasting links and quoting other peoples work. Do yourself a favor and
unplonk him, he has some interesting things to say.
Ric |
|
| Back to top |
|
|
Ric
Guest
|
| Posted:
Fri Dec 16, 2005 4:58 am Post subject:
Re: Recurrent question |
|
|
On 15 Dec 2005 13:40:21 +0100, Volker Birk <bumens@dingens.org> wrote:
| Quote: | Ric <me@privacy.net> wrote:
By this reasoning an anti-virus program would be completely useless
because it can't stop all viral infections.
No. An Anti-Virus program is useful exactly the same way a SPAM filter
is.
An Anti-Virus program DOES NOT PROTECT FROM EVERY VIRUS infection. But it
does help to filter out the annoying trials of so many malwares, which are
in the wild.
|
PFW, anti-virus, spam filter. They all seem similar in this respect.
Each one can only be partially effective.
| Quote: | Protection against viruses only is achived by wise behaviour of PEBKAC
(and not using Windows, but OSes, which have much fewer problems in this
field).
So Anti-Virus programs can _help_ to prevent malware from running on your
PC. So can firewalls.
|
So you agree in the right situation, and in the right hands, a PFW can
prevent _some_ malware, and therefore be useful?
| Quote: | But it's completely useless to try to prevent malware, which already is
running, from doing what it wants to do, with the exception of concepts
like capability based systems (which are designed to do this) and
virtualization technics (which are designed to do this) or at least
technics like BSD's jail or Linux' seccomp (which are designed to to
this).
|
I thought PFW's stopped most trojans connecting out.
| Quote: | The latter technics (or something like that) are impossible with Windows,
because of the fact, that Windows messages are a pushing IPC without any
security system, and that all Windows applications are relying upon this.
I can see your point though. There is a lot of code out there for
defeating personal firewalls.
Yes. And it's trivial to write it.
I think one of the best uses for a rules based personal firewall is to
interactively teach users what is happening on their computers
The opposite is true.
It is completely useless to teach somebody about technical aspects of
what's going on, who is not able to understand even the basics.
|
People want to learn though, and some will grasp it. I know a few
people who have benefited from PFW's, even if their security hasn't
been enhanced much, their knowledge has.
| Quote: | A security system for end users has to do its job _invisible_ for the
user, it has to _secure_ the user whatever he does, and the worst mistake
is to depend on user's decisions.
|
Agreed. Yet that seems the only option to me. Only I can decide what
is to run on my computer. I wouldn't accept a piece of software or
hardware telling me what I can run or where I can go. That sounds like
the Microsoft Dream. The workplace would be a different matter.
| Quote: | All what I can (or must) read on c.s.* and d.c.s.* documents this: users
even don't understand, that a "port" is not a "door" or a "harbour", but
just a maintenance number. They don't understand, what a process is -
of course they don't, because how should they? Without hearing about
operating systems and the concepts of userland and kernelspace, and why
implementing protection, and what is meant with "protection" here, how
should they at all?
Without knowing about the TCP/IP protocol family, and knowledge about
the BSD sockets API, how should anybody understand what's going on here?
Teaching users by alerting "The process svchost.exe tries to open port 53,
do you want to allow this?" - IBTD.
Even an IT professional cannot answer this question correctly, and
%USERNAME% cannot understand what's going on here at all.
|
I can answer it for my situation. Deny it. I don't use any Microsoft
network protocols (except TCP/IP), so I deny svchost all access, and
allow access to my DNS servers in a lower rule.
If the user can be bothered to search for it they will soon find the
answer.
The alerts could be a lot more helpful instead of spreading FUD. It
doesn't help when they say you have just been attacked by 3 echo
request packets or some UDP packets to port 1026. They always seem to
think messenger spam is a port scan.
| Quote: | Personal firewalls are popular.
Yes. This is the problem Microsoft brought to us by being so stupid to
open sockets and even offer DCE RPC to the Internet with every home user's
Windows box _before_ Windows XP SP2.
And since then, there is the Windows-Firewall. It is only the second best
concept, because it's ridiculous and dumb from Microsoft not just to stop
offering TCP servers and RPC to the complete world, but at least they're
filtering away this afterwards.
|
While many people are happy with a Microsoft OS they often look
elsewhere for their security products. Can't say I blame them. :)
Ric
| Quote: | So now "Personal Firewalls" are completely useless, even if one does not
stop those TCP servers and DCE RPC manually.
And: they often are dangerous, too, because many of them open additional
security leaks, you don't have with just stopping TCP servers and RCP or
by using the Windows-Firewall.
I think people will continue to use
them no matter how insecure they are
I fear, you're right here.
Yours,
VB. |
|
|
| Back to top |
|
|
Kerodo
Guest
|
| Posted:
Fri Dec 16, 2005 5:00 am Post subject:
Re: Recurrent question |
|
|
In article <tks3q19uvrsnfod0lmi110m2p3qaccsbf2@4ax.com>, me@privacy.net
says...
| Quote: | On Wed, 14 Dec 2005 18:50:29 -0800, Quaestor <no-spam@my.place> wrote:
Ric wrote:
On 11 Dec 2005 09:55:03 +0100, Volker Birk <bumens@dingens.org> wrote:
Yours,
VB.
By this reasoning an anti-virus program would be completely useless
because it can't stop all viral infections.
Consider the source. I plonked that guy a long time ago. So have a lot
of others.
I like reading his posts, although I disagree with his opinion that
PFW's are completely useless. It could be down to a
language/subjective difference. One extreme would say if a thing
doesn't do exactly the job it is intended to do, it is useless. The
other extreme would say It's not useless, at least I can use it as a
doorstop.
At least he has actually experimented with PFW's, instead of just
pasting links and quoting other peoples work. Do yourself a favor and
unplonk him, he has some interesting things to say.
|
He can be somewhat interesting, however, his stance and arguments are
way too black and white. He leaves no room for anything else.. which
is not good.
--
Kerodo |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Fri Dec 16, 2005 9:23 am Post subject:
Re: Recurrent question |
|
|
Kerodo <loopback@localhost.com> wrote:
| Quote: | Some attempt is better than none.
|
This has nothing to do with security.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Fri Dec 16, 2005 9:23 am Post subject:
Re: Recurrent question |
|
|
Quaestor <no-spam@my.place> wrote:
| Quote: | No, the problem is, XP does. This leads people to believe they have
security when they don't.
|
Please explain, what exactly should be unsecure with the host based
packet filter, Windows implements as the "Windows-Firewall".
Hint: it is intended to control, which TCP server on the local machine
can be reached from the network.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Fri Dec 16, 2005 9:23 am Post subject:
Re: Recurrent question |
|
|
Ric <me@privacy.net> wrote:
| Quote: | An Anti-Virus program DOES NOT PROTECT FROM EVERY VIRUS infection. But it
does help to filter out the annoying trials of so many malwares, which are
in the wild.
PFW, anti-virus, spam filter. They all seem similar in this respect.
Each one can only be partially effective.
|
The difference is:
If an Anti-Virus program knows how to detect a specific virus, this virus
loses.
It does not matter, that virus programmers know how Anti-Virus products
work. It does not matter, what the virus code looks like. If an Anti-Virus
program scans all incoming data, _before_ code out of this data can be
executed, the Anti-Virus program wins. It makes your computer secure
against well-known viruses. There is no way, how viruses could circumvent
this, if the Anti-Virus software is well designed.
The opposite is true for "Personal Firewalls" and their attempt to
control malware, which already is running.
If the malware is not written too dumb, the malware wins. The "Personal
Firewall" has no chance to win that battle, and it does not matter, if
the malware programmer knows, how exactly a "Personal Firewall" looks
like (as I proofed with http://www.dingens.org/breakout-en.c). There is
no way to implement this securely, because of the design of Microsoft
Windows. No "Personal Firewall" provider can change this fact. It only
can be changed by Microsoft by dropping the core Windows concepts.
These are the reasons why I'm saying, that Anti-Virus programs can help
with security, if they're well designed and are used to scan any incoming
data before code out of this data can be executed, while "Personal Firewalls"
and "controlling outbound traffic" is a useless attempt.
| Quote: | So you agree in the right situation, and in the right hands, a PFW can
prevent _some_ malware, and therefore be useful?
|
No. A security system cannot be designed for "can control everything,
which let itself being controlled". This has nothing to do with security.
A security system has to control _especially_ those, who do not want
to be controlled.
| Quote: | I thought PFW's stopped most trojans connecting out.
|
You're wrong. Only very dumb designed or old malware can be controlled,
because it lets itself being controlled.
| Quote: | Teaching users by alerting "The process svchost.exe tries to open port 53,
do you want to allow this?" - IBTD.
Even an IT professional cannot answer this question correctly, and
%USERNAME% cannot understand what's going on here at all.
I can answer it for my situation. Deny it.
|
Yes, I do. Hint: I just offered the worst example a "Personal Firewall"
can alert - nobody can find out useful information of this special alert,
because there is nothing like that in it ;-)
I believe you, that with better and more useful alerts you can deal with ;-)
| Quote: | I don't use any Microsoft
network protocols (except TCP/IP)
|
TCP/IP is not a network protocol. It's a family of many network protocols.
And it's not from Microsoft. Not even Windows' implementation of the TCP/IP
network protocol stack originally is from Microsoft - it's a modified BSD
stack.
| Quote: | The alerts could be a lot more helpful instead of spreading FUD. It
doesn't help when they say you have just been attacked by 3 echo
request packets or some UDP packets to port 1026. They always seem to
think messenger spam is a port scan.
|
Yes. For an experienced user, who knows about network protocols. Or, to
say this another way: for a very small group of users.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in