looking for XP firewall

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Looking for suggestions or link to article for good firewall for XP.
    want to be able to block domains.
    want to be able to restrict some programs from accessing internet.



Re: looking for XP firewall
Have you tried WIPFW?
http://wipfw.sourceforge.net

Re: looking for XP firewall
wrote:

Quoted text here. Click to load it

    Nope. I've used iptables under linux in the past.
    I'm old and tired. What's the learning curve ?

    []'s

--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: looking for XP firewall
Shadow wrote:
Quoted text here. Click to load it

There's a chance you might get Firewall Builder to work with it if you'd
prefer some sort of GUI -- just so long as you don't try to redirect
packets since modifying packets in any manner is not yet supported in
the Windows port of ipfw.

-Gary

Re: looking for XP firewall
I forgot about this but it hasn't been updated since 2006. Also, I've
never used it so I've no idea if it's even usable or not as it's still
in beta. http://sourceforge.net/projects/wipfw/files/GUI%20frontend

Re: looking for XP firewall
wrote:

Quoted text here. Click to load it

    Port blocking firewalls do have a major defect. What if
nastylittletrojan.exe used port 80 or 53 for its connections ? Would
go straight through the rules. Users don't usually have the time or
patience to read log files, or monitor connections realtime.
    []'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: looking for XP firewall
Quoted text here. Click to load it

Any kind of personal firewalls do have a major defect. What if
nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
happen to have) for its connections? Would go straight through the
rules.

You may want to think about that.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: looking for XP firewall
On 10 Feb 2012 17:42:08 GMT, Ansgar -59cobalt- Wiechers


Quoted text here. Click to load it
    
    What my nasty little trojan tried, via BHOs . Clipped them
with hijackthis. It took me > 4 hours to clean, manually.
    Of course, the first thing I did was pull the cable. Then
delete it's "undeletable" autorun and autorun-referenced executables
from a linux boot, and restore the registry with ERUNT (from within a
linux DOS emulator).
    []'s


Quoted text here. Click to load it
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: looking for XP firewall
Quoted text here. Click to load it

Because there obviously are *still* people around who didn't get the
gist of it:

<http://technet.microsoft.com/en-us/library/cc512587.aspx

BTW, BHOs are just one way for malware to abuse a browser. There are
quite a few more.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: looking for XP firewall
On 11 Feb 2012 13:40:27 GMT, Ansgar -59cobalt- Wiechers

Quoted text here. Click to load it

    What took me the 4 hours. BHO's autoruns etc and reinstalling
the registry took 15 minutes. Shell hooks, rogue services, strange
drivers, bogus system dlls etc, they took longer.
    System has been up for 5 years since. No unexplained traffic
registered on my linux router since I cleaned it. (all my traffic goes
through a linux box)
    There are still people that believe in microsoft patches. Oh
well. Live and let live.
    :)
    []'s

Quoted text here. Click to load it
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: looking for XP firewall
Ansgar Wiechers wrote:

Quoted text here. Click to load it

If you're that concerned, set up InPrivate Filtering to import the
malware domains blacklist XML file then set your other browsers to use
the same list via Adblock. But it's pretty simple to fetch files with
wget.exe so I'm not sure why any malware would bother to open a browser
to transfer files.

All of this is a lot of assumption in response to someone merely asking
for an OS firewall to use with XP without providing any additional usage
details. So why assume they're blocking outbound when they may only be
blocking inbound traffic, whether or not they plan to monitor their
process list, etc. It's pretty common knowledge that TCP ports 80 and
443 are wide open from any but the most restrictive networks so why
speculate as to what may or may not traverse those ports without prior
knowledge of the deployment? We can spend all day guessing and
pontificating but it seems superfluous to merely providing an answer
until more questions are asked.

-Gary


Re: looking for XP firewall
bob (the original poster) wrote:

Quoted text here. Click to load it

I stand corrected. Using Adblock as suggested will allow you to block
domains of your choosing -- including lists of known malware domains.
Blocking programs is a bit more tricky with XP and its built-in firewall
or an add-on like ipfw. You could block everything but the ports you
know you're going to want to access but as mentioned previously, this
will not be foolproof. If you want to have warnings for applications
that try to access the Internet without your permission then you'll
probably want to upgrade to Windows 7. And patch it regularly.

-Gary

Re: looking for XP firewall
On 9/28/2011 3:22 AM, bob wrote:
Quoted text here. Click to load it


<http://www.matousec.com/projects/proactive-security-challenge/results.php

Re: looking for XP firewall
On Wed, 28 Sep 2011 05:22:08 -0500, bob wrote:

Quoted text here. Click to load it

kerio 2.15

Re: looking for XP firewall

Quoted text here. Click to load it

    +1
    Vulnerabilities listed are not targeted by hackers anymore.
Too few people use it, and the ones that do are not the best victims.
    IMHO
    []'s

Re: looking for XP firewall
Quoted text here. Click to load it

-1

Obscurity is an utterly braindead security policy.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: looking for XP firewall
On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers

Quoted text here. Click to load it

    I'd rather keep the vulnerabilities I know than have them
updated daily by adobe, oracle, microsoft, google or whatever.
    :)
    []'s

Re: looking for XP firewall
Quoted text here. Click to load it

[ idiocy of using kerio 2.15 in this day and age ]

Quoted text here. Click to load it

I take it you'd rather be 0wned, too.

Hint: Theres this word "security" in the newsgroup's name. It's there
for a reason.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: looking for XP firewall

Quoted text here. Click to load it

I have questions. I admit to not knowing a lot about this stuff.
I am asking so I can learn.

Say an attacker is trying to get through a firewall, is there
anything that tells them what make/model/brand/version of firewall
they are facing? I would expect not, but recognize I could be wrong.

If not, then how do they know which vulnerabilities they should
attempt in order to get through the firewall? Surely there are so
many possibilities that they can't just run through them all? At
least not in a reasonable amount of time?

Brian
--
http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism
Sed quis custodiet ipsos Custodes?

Re: looking for XP firewall
wrote:

Quoted text here. Click to load it

    A lot of trojans specifically target certain services and
programs. Some I recently downloaded disabled AVG and Avast
engines,maybe a grudge the programmer had, but you can make a trojan
disable any service then download the main payload. Very, very few
trojans are designed to take down Kerio 2.1.5.
    I know Kerio is old, but it still detects outbound network
activity, and points you to the program that is doing that.
    (saved me from an USB-born autorun trojan from downloading a
fake antivirus some years ago, a month before the main antiviruses
detected it).
    It's simple, fast, very kind on resources, etc.
    Of course, it's not my main protection.
    []'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Site Timeline