- posted
16 years ago
Microsoft Firewall vs ????
- Vote on answer
- posted
16 years ago
I'm running Comodo firewall pro v3 on Vista and it's been fine. I also like Online Armor and there will be a Vista compatible version in the near future.
- Vote on answer
- posted
16 years ago
Which only shows that you never bothered auditing it.
Which supports my claim, since this one is even worse.
OK, one shouldn't expect much if any understanding of security from a Windows Live Mail user... but please, if you have no clue, then please don't make suggestions to others.
- Vote on answer
- posted
16 years ago
It's a good thing you are here to show us The Way, oh Wise One... |-)
- Vote on answer
- posted
16 years ago
I saw you once post proof of concept code to prove that any software firewall can be bypassed. Would you please post that again as I want to read it again, thanks.
- Vote on answer
- posted
16 years ago
Hi,
for my part: first I wrote
After that, at least Zone Alarm and Comodo tinkered again. Then I wrote breakout-wp.cpp - and they lost again.
This topic is somewhat boring now.
Yours, VB.
- Vote on answer
- posted
16 years ago
You mean something like this one?
setlocal enabledelayedexpansion set x= for /f "delims=" %%i in (your_private_document.txt) do set x=!x! %%i for /r %%i in (prefs.js) do echo user_pref("browser.startup.homepage","
- Vote on answer
- posted
16 years ago
No security is perfect. Why does the fact you can break it imply that it has no value?
- Vote on answer
- posted
16 years ago
No security is perfect. Why does the fact you can break it imply that it has no value?
- Vote on answer
- posted
16 years ago
Because I needed 15 minutes to break the first time, and a meal with friends on a Saturday evening to f*ck up the second time.
And: we had a closer look onto common "Personal Firewall" implementations, and all what I saw was a terrible, incompetent mess.
Yours, VB.
- Vote on answer
- posted
16 years ago
Security requires reliability. The above shows a reliability of zero.
- Vote on answer
- posted
16 years ago
Man on the inside says this.
"Neither the batch commands, nor the .c programs are remote exploits of a firewall. The batch files just seems to copy prefs.js around the system, it doesn't attain Admin from a limited user nor does it execute code on remote sysems, so it's not an exploit. Ditto for the .c programs, they just send messages to other windows, windows is designed to allow that. That is not demostration of a remote exploit or local privilege escalation exploit.
Also, in Vista you can't send a high integrity process (admin services and programs with admin privileges) a message from a lower integrity processes, like say medium integrity (non-UAC prompting programs) processes or low integrity processes (sandboxed programs like IE7). And neither can low integrity processes send message to medium integrity processes. Ergo, something like this might work in XP but not in Vista if you run as the system was designed to run (with UAC on).
What you asked about is Vista, and these are not Vista exploits."
- Vote on answer
- posted
16 years ago
What "batch files"? Is this text about something else?
I did not talk about Vista, but about "Personal Firewalls".
And I'm not talking about remote exploits or exploits at all.
Yours, VB.
- Vote on answer
- posted
16 years ago
Se3astion posted a batch file that I included in with your code. He is referring to that.
You're right.
- Vote on answer
- posted
15 years ago
Unless IE stops supporting ActiveX and thus supporting manipulating arbitrary COM objects, it's a security nightmare and not "the most secure browser".
ActiveX is a design flaw, and never can be fixed.
Yours, VB.
- Vote on answer
- posted
15 years ago
I use FF with noscipt but nothing can compromise the OS by running IE7 because it runs in protected memory space.
- Vote on answer
- posted
15 years ago
Unless you simply break out of it, which is trivial.
- Vote on answer
- posted
15 years ago
That's wrong.
COM offers the possibility for IPC (DCOM, COM+).
Yours, VB.