What is the BEST program to stop programs from calling out

Eh... none? You might unplug or cut the wire or put a packet filter in place which discards everything.

Yes, but what should this be good for?

Well, now that's a good reference for a spyware program.

The best defence is to scan your computer regularly with antispyware software, exercise caution in Web browsing and downloading, and never open unsolicited e-mail, containing attachments.

Two of the most used antispyware tools:

Ad-Aware

Why? What exactly do you expect, except at lot of false positives and technical nonsense?

Why should browsing the web be bad? Why exactly should I care? What websites should I consider trusted? (hint: none)

Why not? OK, it'd be a waste of time, but why should it be a problem?

And why am I missing the most important aspects: using password-protected accounts with restricted rights and not using defective or misconfigured software

What about useful tools?

waiting_2b_reborn wrote in news: snipped-for-privacy@4ax.com:

Your firewall. You might have to manually block (from accessing the 'net) all the executable files in all programs (exe's dll's etc) apart from the obvious that you may want to allow access: browsers, email, newsreader, download manager etc. I don't know how you do this in ZA as I don't use it but it is a tedious process in my firewall initially. Subsequently, whenever I install a new app that I _don't_ want connecting to the 'net', I block 'net access for all it's components with my firewall. I then start the app and seek out the options for say, 'auto-update' or similar and disable them. But it's your firewall that you will be relying on to make them behave as too many programs these days try to 'ring home' by default. Should be a law against it. If I was selling vacuum cleaners and you allowed me into your home for a demo but the first thing I did was run to your 'phone and start dialling my boss you'd probably kick me out the door with a good smack on my earhole as well.

I agree entirely.

I suggest requiring Internet Explorer to ask permission before connecting to the Internet. You'll probably find, as I have, that a number of other applications use it to call home at times IE isn't purposefully open.

I really don't understand this obsession about apps "phoning home". They do that to get program updates. Many of those updates are security updates that fix vulnerabilities.

It's pure paranoia that actually *increases* your vulnerability to remote exploits.

If you don't trust an application that *you* chose to install on *your* computer to check for security updates, then it was just damn stupid to install it in the first place.

Malicious can simply shut down your "firewall", circumvent it, ignore it or control/script trusted programs to do the communication.

Beside that, there is nothing real behind so-called "phone home" phenomena other than stupidity and hype.

If you are unfortunate enough to install a neferious app or have one installed on your computer by somebody else, if you make no controls whatsoever on outgoing connections, it may merrily send all of your information home for later review. Many viruses in fact have done this.

Similar applications are capable of phoning home to recieve remote instructions and carry them out, if no other controls exist. This also has been done by viruses.

If we're still talking about Windows here, it is not uncommon for things to get installed on your machine that you didn't really ask for, or, components to be added in for products you though perhaps you could trust. Most home users will install software they download on a few recommendations and will not check the references of the company or set it up in a quarantine lab to examine it's outbound communication behavior and how it modifies their system before installing it on their production system. So, they get what they get, which sometimes includes a surprise or two.

There is also the concept of hijacking an application that is doing updates. Hypothetically, if I am able to slightly modify an app locally (which probably doesn't require much in terms of programmning or permissions to accomplish) than I may be able to convince it to phone the wrong spot and get my bogus update, which now gives me the ability to install anything I want and give it outbound communication privledges.

Finally, sometimes updates are broken, and one wants to wait until the community has a chance to test them before applying, and blocking the update is one way to do that if you can't or don't want to reconfigure the app itself.

-Russ.

Sort of like inviting complete strangers into ones home for a party and then requiring everyone leaving, including friends you've invited, to submit to a security check before they are allowed to leave. Unscrupulous persons can always find a way to thwart security. Take it from someone without any scruples, whatsoever :). The idea is to not invite in those you do not totally trust in the first place.

Well, yeah. But what about that pretty new box that UPS just delivered. From Dell in my case. It's loaded with stuff I don't want and getting rid of the stuff is not a task to be taken lightly.

Case in point. One program insists on calling home. I don't know what is so track it down in dir and double click on it. It goes into extraction/install window. Not even installed and wants to call home!!

Without a PFW, I never would have known. Granted, it ain't doin' any harm, but there is no reason (to me) why it has to check with home. Now it doesn't.

TomJ

What a bullshit. You don't know where and what your executables are, but you run them?

Did you even take the step to configure it correctly?

Stupid. 'netstat' exists, TCPView exists, and for sure your PFW will even call a socket IPC on localloopback a connection attempt (and there are many other false positives).

Well, how did you configure it? What program is it?

So you configured it. Did you?

Or do you think your personal network disco will effectively block the communication? Yet another laughter...

Why are you buying Dell if you don't like their products? And even worse, why are you buying Dell if you don't trust into their products?

If they want to do harm to you, they will do, and even your "Personal Firewall" toy cannot detect the pre-installed root-kit.

Yours, VB.

Real simple solution: Reformat, install the OS, and whatever programs

Notan

Granted, Sebastian, his handling of it was flawed. But will you at least concede that there are apps, installed by computer providers, that are not well documented or explained, that communicate out? I believe he has a valid point. Most modern PC's come from factory with dozens of TSR's and services running for which finding detailed information is like pulling teeth.

In fact, some of these programs can and do cause their own faults in the system (ever maintained a fleet of IBM laptops?) when they do their updates, but also cause operational problems when they are removed from the system. So, controlling outbound communication is one way to shackle them, among others.

-Russ.

Do you really feel that your solution is "real simple"? Have you ever tried that with a modern laptop for example? You'll be left with *no* functional devices except 640x480 VGA in many cases. It takes hours and hours to track down and install all the correct device drivers, and when you do, guess what, you've got a bunch of unexplainable services running that you didn't bargain for, that came bundled in with the driver software. I really don't think that's a "real simple" solution for any normal user to even accomplish, and even if they do accomplish it, they'll be in much the same place, because the only place to get the driver software is the original vendor which puts you back where you started.

-Russ.

No. For two reasons:

- Computer providers don't install apps. They _preinstall_ apps, which results in any serious computer user flattening the system and reinstalling it with an OEM version (from a friend or by suing the provider for not providing an OEM copy) or a free Unix system :-)

- They don't communicate if you configured them to not do so.

Controlling outbound communication is done by configuration of the programs, not by trials of treating the symptoms with a lousy host-based packet filter.

That's why you dump the hardware list, download and test/verify the most recent drivers before flattening the system. And guess what? This works so damn well even with laptops.

Mind you, there's a difference between a graphic driver and preinstalled graphic driver bundled with OMG.IT'S.A.DVD.PLAYER.MEDIA.CENTER.AND.REMOTE.CONTROL. And throwing away or selling at eBay all those PowerDVD, Nero, Roxio, MS Works, $some_lousy_picture_editor and alikes bundles is something pretty usual.

I've done it with every new system that I've purchased, and, yes, it is "real simple." (Especially when you're at a stage where you haven't installed many programs.)

Notan

To be honest, what else can a regular user do then either flatten and rebuild with a plain Windoze or to trust into his provider and the manufacturers?

No "Personal Firewall" can detect rootkits by concept.

Controlling outbound does not work reliably. Then one has to have an external packet sniffer and must hope that there is no unknown tunneling.

But: which regular user can do such things? I bet, nearly no-one.

Really, more trust into the manufacturers and providers is needed, or just buying something else. The trial with a "Personal Firewall" must fail.

Yours, VB.