Windows has a good engine (hey, why do you think the NT kernel got EAL4+ and C2 security certification?) and a bad look-and-feel (configuration issues, dangerous programs like MSIE, hard-to-trace and sometimes surprising issues like improper ACLs on services).
The build-in XP firewall or another simple but good packet filter like wipfw or CHX-I.
Within security, that's not exactly true. Offering no network services is better than offering network services and then adding a firewall to protect them.
Please be more specific about what you expect that software package to help you with.
Security products can only protect you against what they already know about.
Agreed. But competent and independent reviews seem hard to find.
You need inbound protection from a good packet filter. Then you need a good anti-malware product to help you try and stop malware at the gate. You don't need a big personal firewall piece of software to try and control malware already running from "phoning home".
Then you need to follow a few rules and use your common sense:
- Keep your software patched True for windows as well as for your other trusted app's.
- Don't run software you don't trust. Run only software and programs from vendors you trust, or from normally trustworthy download sites. Not from files received by e-mail, from a chat friend, from questionable web-sites, from file-sharing applications or from somebodys home-made CD etc.
- Use another browser than IE for your daily surfing and another client than Outlook or Outlook Express for your e-mails.
- Don't click links in e-mails or on questionable web-sites without checking that what it directs you to seems trustworthy.
And then it's a good idea to keep an image of your system in a known clean state together with regular backup's of your important data - so that when you have the slightest suspiscion about some kind of infection - revert to that clean state instead of running tons of different malware scanning/removal tools. Restoring from an image can be done both faster and more reliable than running removal tools.
It's about the worst ever. Sometimes obviously inconsistent results, bad testing methods, useless reporting, utterly wrong description, and the creator is a known k00k.
I understand your comment. There is an important difference, however. With windows, MS's primary claim is to provide an O/S. Agnitums primary claim is to provide security products.
Furthermore there is a difference between a bug - which can be fixed, and a design error - which normally means rewriting.
Because of a fake. If you're restricting NT to C2, you cannot work with it. It's like with the original POSIX subsystem, which is now replaced with somewhat better SFU, since Cygwin made it anyways.
On top of that, how is the Windows O/S any version of it in a wireless hotspot going to be attacked if the Client for MS Network and MS File and Print Sharing are unbound off of the wireless NIC, which should be done, if the machine is connected to a network in an unprotected LAN situation?
I switch between a DUN and wireless BB connection at this hotel. The services are unbound off of the wireless NIC and the DUN connection.
I have no concerns about being attacked from someone using another machine on the same network, because I am connecting this XP Pro machine to untrusted networks.
Its a relevant comment in context to the posters reply...which basically was that agnitum cant be trusted because it had security flaws in its programming.Windows has security flaws too..hence the continued security updates.Hence my reply. me
I download'd the free version, (real email address is required) now I'm being spam'd by them...
"NOTE: This is a limited-time! You have to purchase Outpost Firewall Pro within 48 hours of receiving this message to qualify for this special price. This offer will not be repeated."
Yeah. If you don't want to that, configure it accordingly.
Oh, quite simple. It has access to the TDI stack information, therefore is able to allow passive listen()ing ports. The rest is usually addressed by SPI.
Huh? Where's the argument?
Yeah, that's the point of Group Policies. Anyway, it's stupid, as a local Administrator could always circumvent them.
You should put the "easy" in IRONY tags. Anyway, why didn't you use the Group Policy Object Editor?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.