Windows has a good engine (hey, why do you think the NT kernel got EAL4+ and C2 security certification?) and a bad look-and-feel (configuration issues, dangerous programs like MSIE, hard-to-trace and sometimes surprising issues like improper ACLs on services).
The build-in XP firewall or another simple but good packet filter like wipfw or CHX-I.
Within security, that's not exactly true. Offering no network services is better than offering network services and then adding a firewall to protect them.
Please be more specific about what you expect that software package to help you with.
Security products can only protect you against what they already know about.
Agreed. But competent and independent reviews seem hard to find.
You need inbound protection from a good packet filter. Then you need a good anti-malware product to help you try and stop malware at the gate. You don't need a big personal firewall piece of software to try and control malware already running from "phoning home".
Then you need to follow a few rules and use your common sense:
- Keep your software patched True for windows as well as for your other trusted app's.
- Don't run software you don't trust. Run only software and programs from vendors you trust, or from normally trustworthy download sites. Not from files received by e-mail, from a chat friend, from questionable web-sites, from file-sharing applications or from somebodys home-made CD etc.
- Use another browser than IE for your daily surfing and another client than Outlook or Outlook Express for your e-mails.
- Don't click links in e-mails or on questionable web-sites without checking that what it directs you to seems trustworthy.
And then it's a good idea to keep an image of your system in a known clean state together with regular backup's of your important data - so that when you have the slightest suspiscion about some kind of infection - revert to that clean state instead of running tons of different malware scanning/removal tools. Restoring from an image can be done both faster and more reliable than running removal tools.
How can you be sure about that?
How did it fail? - What did you test?
the Shields Up and
Aha.
In what respect?
Agreed.
It's about the worst ever. Sometimes obviously inconsistent results, bad testing methods, useless reporting, utterly wrong description, and the creator is a known k00k.
Huh? General services are < 1024.
I'd rather consider it misconfigured then.
I understand your comment. There is an important difference, however. With windows, MS's primary claim is to provide an O/S. Agnitums primary claim is to provide security products.
Furthermore there is a difference between a bug - which can be fixed, and a design error - which normally means rewriting.
Because of a fake. If you're restricting NT to C2, you cannot work with it. It's like with the original POSIX subsystem, which is now replaced with somewhat better SFU, since Cygwin made it anyways.
Yours, VB.
Sincere condolences.
Yours, VB.
What is the advantage of those popups? Why not filtering away what's not wanted, and that's it?
What "Linux" do you talking about? Linux is an operating system kernel, no operating system.
Yours, VB.
Why not? Or is this true being restricted user, too?
Yours, VB.
On top of that, how is the Windows O/S any version of it in a wireless hotspot going to be attacked if the Client for MS Network and MS File and Print Sharing are unbound off of the wireless NIC, which should be done, if the machine is connected to a network in an unprotected LAN situation?
I switch between a DUN and wireless BB connection at this hotel. The services are unbound off of the wireless NIC and the DUN connection.
I have no concerns about being attacked from someone using another machine on the same network, because I am connecting this XP Pro machine to untrusted networks.
Duane :)
I had users see if they could break through the Windows Firewall and they were able to break through it. The Windows Firewall is definitely overrated.
Please give a proof for this claim. How can I break through?
Yours, VB.
Its a relevant comment in context to the posters reply...which basically was that agnitum cant be trusted because it had security flaws in its programming.Windows has security flaws too..hence the continued security updates.Hence my reply. me
Sound like half a dozen of one ,and six of the other to me. me
>
I download'd the free version, (real email address is required) now I'm being spam'd by them...
"NOTE: This is a limited-time! You have to purchase Outpost Firewall Pro within 48 hours of receiving this message to qualify for this special price. This offer will not be repeated."
I'll not install it now, sticking to ZA :)
IBTD. There's almost no difference from a properly secured configuration and a C2-conformant logging, mainly in terms of extensive logging.
If you'd like to compare an existing setup against a certified C2 configuration policy, try the demo of StatsScanner.
Anyway, just having the possibility to run a C2-conformant system means that all the security mechanisms exist and are properly implemented.
Actually it's just the original POSIX subsystem renamed.
ACK.
But you understand the difference between random and systematic errors?
Yeah. If you don't want to that, configure it accordingly.
Oh, quite simple. It has access to the TDI stack information, therefore is able to allow passive listen()ing ports. The rest is usually addressed by SPI.
Huh? Where's the argument?
Yeah, that's the point of Group Policies. Anyway, it's stupid, as a local Administrator could always circumvent them.
You should put the "easy" in IRONY tags. Anyway, why didn't you use the Group Policy Object Editor?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.