Jetico Personal Firewall freeware asks way to many questions

I'm quite happy with my system, so there's really no need for you to sulk about it...

"Max M.Wachtel III" wrote in news:Xns99D7A575FF87Ewhatsinaname@207.115.17.102:

I wouldn't outright say a waste of resources, you can use one to keep some applications from calling home.. for whatever reason. :)

Agreed.

"Sebastian G." wrote in news: snipped-for-privacy@mid.dfncis.de:

You've got my curiosity. What problem do you have with the listed applications?

And, you mentioned most router's these days aren't in fact firewalls. I'm fairly certain this Linksys router does indeed have a firewall. Can you elaborate on what specifically you are calling a firewall?

"Sebastian G." wrote in news: snipped-for-privacy@mid.dfncis.de:

On Vista, no. On XP and down, a normal user usually is an administrator and does have write access by default. You don't need to restart the system to take advantage. Windows will access the host file anytime it sees a dns request...*shrug*

So you practice safe hex and use a limited account for most of your day to day tasks right?

I write a spyware scanner, so I'm very interested in why you feel they are bad?

Can you explain further please?

what's up with this 'practice safe hex' fad ?

You'd wish.

On Windows XP and later, it's called "Software Restriction Policy". For Windows 2000 and NT4 there's "PolicyMaker Application Security", "Antihook Workstation" or the costy Winternals System Manager.

On Linux and Solaris, it's simple kernel setting.

After you have successfully implemented such a policy, your focus should exactly be on privilege escalation vulnerabilities. But don't tell me these would be inherent and unavoidable.

Sysprep

As long as you unplug it from the internet, I won't complain.

Beside the obvious?

With a third-party linux-based firmware that allows you full access to the underlying netfilter/IPTables rules, you can indeed build a firewill with a Linksys router. But with just the preinstalled firmware: No, definitely not.

A firewall is a concept to separate network segments.

In the current context: A device is a firewall if it's capable to implement a bridging firewall or a routing firewall.

The minimum requirement for that is that you can refer TCP states (and probably higher level protocl states for NAT helpers), and for the routing firewall you should additionally be able to either access the NAT state table or to have a confluent flow of the packets withing the filtering system with fully qualified flow routing.

When you assume that the user is logged in as an administrator, the entire discussion about security is void.

It won't reloaded cached requests though.

Dunno what exactly you mean with safe hex, but surely I won't use administrative privileges for anything else but administrative tasks.

As I already mentioned: Complexity is the exact contrary of security. As for your spyware scanner: What exactly stops me from writing a piece of malicious software that modifies itself without any detectable pattern? That works purely by side effects of the API?

What he mentioned doesn't even partitially address the problem, is based on horrible assumptions, has horrible side effects and is typically the most stupid way to achieve the intended.

goarilla after much thought,came up with this jewel in news:47280037$0$22317$ snipped-for-privacy@news.skynet.be:

"Sebastian G." after much thought,came up with this jewel in news: snipped-for-privacy@mid.dfncis.de:

Out here in the real world,that is what most users do.

Safe-Hex

The average user does not know what administrative privileges are.

I don't know. What does stop you? Afraid of getting caught perhaps?

If you look up MVPS hosts file

and scroll down,the page says to "Disable DNS Client" if using W2K/XP/Vista.

That doesn't make the discussion at this point any less void.

As I said: Might be different from my understanding. Just #1 (Install, use and update anti-virus software) has hardly anything to do with real security. Even considering to keep on abusing MSIE and MSOE as webbrowser and mail client under #2 isn't secure either, what's about "# Install a good firewall"? One should definitely wonder why "Backup your data regularly" isn't the listed as #1...

I meant technically. I can tell you that the bad guy per se isn't afraid to get caught. As from the user side: Why should I start playing a cat-and-mouse game where I'm always the loser?

Which is even more stupid, at least for the given arguments. But still less stupid than the entire HOSTS file approach.

"Sebastian G." after much thought,came up with this jewel in news: snipped-for-privacy@mid.dfncis.de:

But that is reality.

I thought that was the idea.

Turning off DNS Client prevents breakage.

sysctl?

goarilla wrote in news:47280037$0 $22317$ snipped-for-privacy@news.skynet.be:

administrator

It's a neat buzzword? :)

"Sebastian G." wrote in news: snipped-for-privacy@mid.dfncis.de:

I don't dispute that BugHunter is retroactive in what it does, and I wouldn't want anyone to think they are 100% safe regardless of the software they use, but I still believe some protection, even if it's retroactive in nature is better than none.

"Sebastian G." wrote in news: snipped-for-privacy@mid.dfncis.de:

I don't know the obvious problems you have with the programs listed, hence my question. Would you elaborate please?

Okay then. Thanks for answering my question in any event.

My linksys is a routing firewall, sir. I specify the ports I want redirected inside the lan and it does so. It's not nearly as advanced as a cisco full fledged router or anything, but it certainly does the job I ask of it. Keep this computer's ports safe, until/unless I open some.

"Sebastian G." wrote in news:5or713Fnqrn9U1 @mid.dfncis.de:

Unless the application is designed to evade whatever firewall a person might be using, that's usually how it goes. If you know something I don't, feel free to share it, we can all learn.