A seatbelt fails to address the case when the car falls into an abyss and is crushed by giant prehistoric creatures.
So is that to say you dont' wear seatbelts?
I'm confused. Is that your reason for not answering the question, or something your mother said to you as an infant?
Bad analogy alert!
You seem to be lacking technical arguments.
Maybe because the question can't be answered. For example, what does "best" mean?
A highly unreliable "feature" is worse than no feature.
Um - XP firewall can filter outbound traffic if you configure it to. The firewall is fairly functional for what it is. Being that it's embedded in an OS with an insanely large code base makes it not as 'safe' as other dedicated firewall choices.
You're best route would be to purchase a separate firewall device to handle your firewall needs. Between the firewall, spyware, anti-virus software and a patched system you should protect yourself from the majority of what's out there. When I say 'majority' I mean your casual network scanner/script 'kiddie' type person.
Bottom line is - if someone wants in bad enough and they have the knowledge and skill set - they will get in no matter what you have 'protecting' you.
The only defense against events like that is narrow your exposure and mitigating risk (i.e. not having all your eggs in one basket.)
Hehe... "best" is well-defined. The real question is: best with respect to which criteria?
Seatbelts are reliable within their design criteria. Application control isn't reliable in any way. Oh, and seatbelts won't harm you. Application control typically makes your system vulnerable in first place.
Oh, and you're twisting the analogous world with the digital world.
No, sorry, doesn't work. Indeed, the underlying IPFilter driver allows for outbound filtering, and both the IPsec policies, the NIC TCP/IP filtering and the RAS firewall use it - Windows Firewall doesn't.
Orrright
No. It can prevent programs from listening on ports (which would allow them to accept inbound connections). Unlike attempts to filter outbound traffic this can be done reliably.
Yes.
Umm... what?
cu
59cobalt
Say that again. I've lost count of the number of Windows apps that fire up a connection to "home" or a registration server, "support" server or whatever.. for a data file update or somesuch. It's nice to have that control on Win environment to shut off network - or at least know when it's being used and for what.
Agreed.
Regards....j
With a correct configuration, I only know exactly one program that misbehaves: DC++, which launches an update check on the About dialog without any way to disable it. Of course, this application is open source so can can simply remove it from the source code and recompile.
If you had actual control over your system, you would already know that any connection only happens on the user's demand. If not, well, then you already consider the programs as untrusted.
There's also Online Armor at
Louise
You mean the one which has a privilege service opening 6 invisible windows, rendering it trivially prone to shatter attacks?
You mean the one which even crashes on the standard WHQL driver tests?
it opens 6 invisible windows you mean ??? it forks 6 graphical invisible processes? shatter attacks ? got any good links relating to that
PS: Can you give me the links pertaining to winipfw patches, my machine died :( and i'm thinking off rebuilding my sister's pc which i'm currently on.
Yes, that's what Spy++ shows me. Sending a WM_SHOW message to them makes them visible.
No, it runs 6 invisible windows in the privileged service process.
Google is your friend, but well, the principle of shatter attacks is very simply: First you send a WM_SETTEXT message to the windows which allows you to place arbitrary bytes in the target process memory. Then you send a WM_TIMER message with a callback address pointing into the memory space you wrote.
You've got mail.
sounds like abusing shared memory
does process explorer give you the same information about invisible windows eg if it's a process that has invisible windows you can click window and bring it to the front because there is a lot of Spy++ info on google but it seems to be MSDN/VS related
WM_SHOW etc... syntax seems to be very similar to *Nix window managers coincidence ?
No, it's not shared memory. The problem is a shared Desktop object, which allows any process to send IPC messages to another process, and the default implementation of this IPC mechanism executing callbacks.
Of course, Microsoft explicitly told the developers to never open windows in a privileged process, and separating all UI functionality into an unprivileged client. Seems like the developers of this security software never bothered to read the most basic security documentation.
No. Process Explorer only cares for visible windows, which is a sensible design decision.
Because it's a tool from VS. But it's available for free in the trials of VS, and possibly also in the Express editions.
But there's also a freeware with the name "Winspector" which does the same.
Maybe. Window managers on Unix don't have an equivalent of DefaultWndProc (every window is responsible for doing its own UI), and messaging rather works by polling than pushing. But unless you use the X11 security extension, it's generally true that graphical application can send arbitrary events to other applications.
wow this is yet again a buttload of info but i use MIT-MAGIC-COOKIE ... am i vulnerable to scatter attacks ?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.