Um - XP firewall can filter outbound traffic if you configure it to. The firewall is fairly functional for what it is. Being that it's embedded in an OS with an insanely large code base makes it not as 'safe' as other dedicated firewall choices.
You're best route would be to purchase a separate firewall device to handle your firewall needs. Between the firewall, spyware, anti-virus software and a patched system you should protect yourself from the majority of what's out there. When I say 'majority' I mean your casual network scanner/script 'kiddie' type person.
Bottom line is - if someone wants in bad enough and they have the knowledge and skill set - they will get in no matter what you have 'protecting' you.
The only defense against events like that is narrow your exposure and mitigating risk (i.e. not having all your eggs in one basket.)
Seatbelts are reliable within their design criteria. Application control isn't reliable in any way. Oh, and seatbelts won't harm you. Application control typically makes your system vulnerable in first place.
Oh, and you're twisting the analogous world with the digital world.
No, sorry, doesn't work. Indeed, the underlying IPFilter driver allows for outbound filtering, and both the IPsec policies, the NIC TCP/IP filtering and the RAS firewall use it - Windows Firewall doesn't.
No. It can prevent programs from listening on ports (which would allow them to accept inbound connections). Unlike attempts to filter outbound traffic this can be done reliably.
Say that again. I've lost count of the number of Windows apps that fire up a connection to "home" or a registration server, "support" server or whatever.. for a data file update or somesuch. It's nice to have that control on Win environment to shut off network - or at least know when it's being used and for what.
With a correct configuration, I only know exactly one program that misbehaves: DC++, which launches an update check on the About dialog without any way to disable it. Of course, this application is open source so can can simply remove it from the source code and recompile.
If you had actual control over your system, you would already know that any connection only happens on the user's demand. If not, well, then you already consider the programs as untrusted.
They also have a paid version with more options - keylogger in particular. But if you're running a good AV and a good Anti-Spyware, the free version is probably adequate.
Yes, that's what Spy++ shows me. Sending a WM_SHOW message to them makes them visible.
No, it runs 6 invisible windows in the privileged service process.
Google is your friend, but well, the principle of shatter attacks is very simply: First you send a WM_SETTEXT message to the windows which allows you to place arbitrary bytes in the target process memory. Then you send a WM_TIMER message with a callback address pointing into the memory space you wrote.
does process explorer give you the same information about invisible windows eg if it's a process that has invisible windows you can click window and bring it to the front because there is a lot of Spy++ info on google but it seems to be MSDN/VS related
WM_SHOW etc... syntax seems to be very similar to *Nix window managers coincidence ?
No, it's not shared memory. The problem is a shared Desktop object, which allows any process to send IPC messages to another process, and the default implementation of this IPC mechanism executing callbacks.
Of course, Microsoft explicitly told the developers to never open windows in a privileged process, and separating all UI functionality into an unprivileged client. Seems like the developers of this security software never bothered to read the most basic security documentation.
No. Process Explorer only cares for visible windows, which is a sensible design decision.
Because it's a tool from VS. But it's available for free in the trials of VS, and possibly also in the Express editions.
But there's also a freeware with the name "Winspector" which does the same.
Maybe. Window managers on Unix don't have an equivalent of DefaultWndProc (every window is responsible for doing its own UI), and messaging rather works by polling than pushing. But unless you use the X11 security extension, it's generally true that graphical application can send arbitrary events to other applications.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.