Agnitum Anti-Spware False Positive???

1. Scare people about non-existent threats
2. Sell a software that detects nonsense
3. ...
4. Profit !!!11

Wait, Step 3 isn't needed at all.

Actually, I've been well satisfied with Agnitum/Outpost, and the anti-spyware came as a free plug-in. Through one of the bulletun boards available for support I learned today "Looxee" is (in fact) a false positive, so I am much relieved.

Shows your lack of knowledge. Have you ever audited the packet filter and even read about in Securityfocus about its bug history, you'd be puking by now.

BTW, if "X-Newsreader: Microsoft Outlook Express 6.00.2900.2869" is true, then your security concept has failed so blatantly.

So what? So-called RAM optimizers usually come free as well.

Oh, and please fix your quoting. It sucks a lot.

Frankly, I have better things to do with my time than sit auditing packet filters, but I suppose someone has to do it.

Securityfocus? Never heard of it. Sounds about as interesting as packet filters.

You don't get out much, do you?

Yeah. Serious firewall products can receive certain evaluations and sometimes independent reviews. The common PFW bullshit won't and usually fails even casual tests.

Well, Securityfocus' Bugtraq mailing list is, I guess, the most famous and qualified computer-security-related bulletin. You should search to bug list for vulnerabilities of Outpost to get a glimpse at how shitty this piece of software is at that it usually makes your computer vulnerable in first place.

As if you had to the right to ask that... if you're talking to persons the same way you're quoting... :-)

By the way: Outpost "Personal Firewall" at least in version 2.5 has security design flaws comparable to those from Sygate.

Yours, VB.

Securityfocus

are the providers of Bugtraq, the most important list for announcing bugs and exploits, and for discussing consequences. They have the highest reputation for this on this planet AFAICS.

Yours, VB.

All I know is that I posted an innocent question here, then responded when Gottschalk criticized Outpost, then got sand-bagged by him when I suggested Outpost has worked OK for me. Got all pissy saying I "misquoted" him, as if he is the Oracle at Delphi . . . .

FYI, the average computer user doesn't know shit about firewalls, nor about Securityfocus, and only wants/needs reasonable protection . . . and I include myself in that broad group of average computer users. I didn't realize I was stepping into a club here, so please excuse the intrusion.

Since you guys are so knowledgeable about firewalls, and think Outpost is trash, perhaps you could suggest a decent software firewall that won't break the bank. I looked at Securityfocus, and although it may be -the- source you turn to, there is absolutely nothing there for 99% of everybody. Kinda like reading JAMA for assistance with hemmorhoids -- you get the picture?

BTW, for what it's worth, a guy at Agnitum support told me he had reported Looxee to the Outpost devel>> Actually, I've been well satisfied with Agnitum/Outpost

There is a small group of individuals here in the ng that think this:

Software Firewalls = Dog Poo

So if you want to talk about software firewalls, you'll have to just overlook their comments and find the folks who like talking about them.

I figured it was something like that. I feel like I stumbled into a biker bar or something.

Having said that, if software firewalls are really junk, that would be good to know, although it is getting to the point with computers that maybe we should just chuck them all and go back to smoke signals!

I appreciate it when somebody who knows something I don't can educate me, but (as you say) this is evidently not the right place.

Cheers,

Chas.

Using Oracle with Delphi is a PITA, either with Borland DB engine or ODBC. *SCNR*

And the point is that a packet filter won't add any security without proper configuration, maintainance and supervision - which requires a reasonably deep knowledge about networking and protocols. Obviously that doesn't apply to Joe Average.

- Windows Firewall

- Wipfw

CHI-X

recommendation for the clueluess: Either stick with Windows Firewall or don't use any packet filter at all. Just disable unnecessary services and get the patches in time.

Why do you actually thing that you'd need a "firewall"? I guess because the media are spilling out a lot of marketing bullshit.

Even a fool can enter "Outpost OR Agnitum" at the Bugtraq list search and find out that 41 results with "Vulnerability", "conflicts" and "trojan" are surely no good bug history and that this piece of software is crap. Other security-related mailing list will add even more vulnerabilites and worsen the image.

Well, in their defense, they do seem to be very knowledgeable, however, they definitely are biased and don't like software firewalls. :)

I personally have stopped using them ever since I got the router here. I just don't see the need anymore. But I won't go so far as to say that software firewalls are completely useless and without merit.

Thanks for the recommendations; I will do my own due diligence.

It seems you are a decent soul, after all, peace. . .

Chas.

---------------------------------------

If you have Windows XP, why not just using the Windows-Firewall?

Yes. Before Windows XP SP2, there was a lack of such a solution. This is, why I coded

It's the functionality of Torsten's great script at accessible for the home user.

Would be nice to hear, that Outpost is learning now. I'm looking forward to what they're changing.

Yours, VB.

I purchased Outpost before MS came out with its own firewall, so just stuck with it. But, if you think MS has a better product, there is no reason for me to shell out $40 for Agnitum's product.

It is difficult for Everyman to know which product is best. Before a few days ago, for example, I could not have named one reputable source of information about internet security, much less firewalls. I have gotten a bit of an education here, and appreciate that though my tech skills are best described as "emergent."

Thanks for the links; I will follow up on them and see what I can extract from them.

Chas.

Did Outpost even exist back in autumn '99?

reason for

No, you're not stuck with it, and you shelled it out anyway. Why can't you accept the fact and categorize it as learning, for sake of informing yourself the next time before you buy?

However, it's not so difficult to know which product you need or not. And if you don't feel the serious need for firewalling, you don't need a firewall or whatsoever.

I still have Outpost on my machines, partly because I have a lifetime subscription thanks to some early testing, but mainly because I'm curious to see what's trying to open connections FROM my machines rather than who might or might not be trying to get in.

It's not about security so much as curiosity. The router provides all the inbound protection, and on the rare occasion that Outpost has claimed to have stopped something nasty inbound it's invariably been a false-positive.

I have to agree on the comments regarding the media, though. It's getting completely out of hand. There's an advertisement running on UK commercial radio at the moment (possibly in other territories as well) and it goes like this (paraphrased, but pretty close to the original):

"Hackers. They're out there, waiting. Waiting to steal YOUR bank details and credit card numbers. When you go online they can have your personal information within seconds. But there is a way to stop them in their tracks. McAfee..."

Honestly, if such misleading and scare mongering tactics were used to market any other type of product the Advertising Standards people would be on it like a shot.

I don't even need a packet filter for that. The netstat command already does it, and there are wonderful graphical versions like TcpView.

For purer curiosity than simple diagnostics, why don't you take a look at Ethereal? Or does your curiosity mean intentionally installing untrusted or misconfiguring trusted software to make any unexpected connections?

Sure?

There is no need to stop any nasty inbound. On a safe system it will simply fail, and that's it. Well, one might utilize a packet filter to save bandwidth with not responding to the usual suspects, but this is not security-related.

Neither Ethereal nor netstat are ideal as on-demand tools. If one takes advantage of the world of shareware (in which ALL software is effectively untrusted until proven otherwise) then Outpost and its ilk are ideal for spotting that unexpected outbound traffic that appears because the programmer embedded LatestSpyware.dll in his code and 'forgot' to mention it in the documentation.

How sure is sure? Experience tells me that of the DOS attacks and Windows exploit-based viruses that have been doing the rounds in the last couple of years (and that have affected router-less friends and family quite severely in some cases), not one made it past the router. That'll certainly do for me.

Not sure what you mean by 'safe system' here. If you mean that with a router / NAT / SPI protected network there's no need for inbound software-based checking on the individual machines, then I'm in agreement. As I said, in my experience Outpost reports nothing but false positives under those circumstances.

On the other hand if you're suggesting that a well-patched and configured system needs no inbound protection AT ALL, then you clearly have more faith in the integrity of your operating system than I do in mine. I suspect you meant the former.