If you mean "Personal Firewalls" with "software firewalls", then for me you're right.
I don't need them at all - there are much better concepts.
Sygate is a security desaster itself. Wrong example, I bet.
No.
Already the concept, that a user should control what's going on, is b0rken.
A user should not be the one, who controls security, therefore is responsible for security. A user should not protect and therefore have to answer for protection.
A user should be protected.
A user should not be bothered with senseless popups with texts he cannot undererstand. A user should get a machine, which is configured in a way, that he is not in danger. If this is not possible, then at least it should be configured, that the user is as less in danger as possible - without any extra action.
For me that's not true. A packet filter is not worthless, if you're a user who doesn't know how to switch off all those network services Microsoft switches on for you.
You can buy a Macintosh. Or you can use a packet filter.
If the "Personal Firewalls" I had to see would not have so many security design flaws and exploits themselves, then I wouldn't have anything against them.
Please show me 1 security system that is 100% protection for everything and will not need tinkering? Do you think Anti Virus is 100%? Why do people use it? Do you think Anti Spwyare is 100%? Why do people use it?
So please show me 1 security (not 2, just 1 will do) that will protect you against everything and will never need tinkering?
Of course. And if you read between the lines of what Volker is saying, the problem is the false sense of security that security providers cultivate. They're all guilty of this, to some degree.
Unfortunately the message tends to get lost in the vitriol coming from some of the .de trolls. But, Volker is right-on about the unintentional disservice security software providers create.
I hope that your own "Comodo Personal Firewall" is 100% bullet proof if configured correctly against attacks, which are trying to remotely abuse network servces on a PC.
No. Anti Virus programs are very doubtful, too. While they can be used in a sensible way (like a Spam filter, filtering out many viruses, which are already known, but not all viruses), most people don't do so.
Because the advertizing of the security manufacturers tells lies and nonsense to them - they're fooled. Many people think, when installing an Anti Virus program, then there will be no virus on their PC. Additionally, they think, that "online-scanning" would be of any worth, but in reality this nonsense consumes their computing power only.
Just talk to such users, you will here those crazy ideas.
Anti Spyware is just nonsense and never can work.
Because they're fooled.
Against everything? Each security provision has to be chosen against one attack vector.
Against what is "outbound control"? Against unwanted outbound communication of already running malware. And that does not work. So it's useless.
And it's even counterproductive: because people are filtering away "phoning home" of applications, they're usually stopping the online software updates. And this endangers them.
Since I know you, I'm realizing, that you're not implementing this because you're just greedy and want to have the same features as your competitors to get into market.
No, I believe you in the meantime, that you're having these crazy ideas. This is very sad.
Perhaps this discussion can help to find out and make clear, what a security package for an home user should consist of to be very sensible, and maybe Comodo will be the first company, which offers such a thing.
Could we get that discussion becoming contructive in such a way?
Ok what would happen if people did not use AV programs? Do you think they would be better off?
that is so untrue!
oh now, you are fortune teller and a might reader and calling me greedy! Come on Volker, I don't want to loose my respect for you as I know you are the author of a good leak test!
of course! go ahead and start, better still why don't you come and put it in our forums we have a special section for it called: What products do you want Comodo to develop. There you can put your suggestions and have our developers involved in this discussion along with our users.
you still haven't answered me. Please answer the two questions I have been asking:
1) Why do you have doors in your home if they can be broken?
2)Also Is there any security that you know of that does not require tinkering against new threats?
Please explain to us: How is drive-by-download attacks that inject spyware without even user knowing about it, can be considered user induced (not inducted :-) ) stupidity?
As I said, there is no 100% security. I understand what you are saying and I agree with what you are saying! At least we are not making money from this ;-)
Drive-by-downloads are a buzzword invented by lame IE users accepting malware threats as simple unchangable facts that normal people would eve consider as unacceptable on any serious webbrowsers. There's no, absolutely no relation of the malware type to the attack vector being a crappy piece of software being misused as webbrowser.
The only thing which really belongs to the spyware so-called threat is installing voluntarily , f.e. as a part of a promised free software. And this is purely user-inducted, by lacking any means of trials to verify the trustworthyness of the software vendor.
According to the fact, that increased awareness and a broader installation base didn't even noticeably limit the exponential growth of malware spread, the answer should be pretty simple: Nothing would change
- the systems would be all messed up, just like they're already now with AV programs.
It's very true. Just take a look at the "phoning home" hype whereas they isn't even one pseudo legitimate software that does so - well, except ZoneAlarm. ;-)
Then you don't know much. Volker just wrote down what has been known since years and has already been used by malware since years, to easily demonstrate the obvious to the uninitiated. And it seems that you didn't understand the concept: That leaktests will always work, and worrying about it is just downright stupid and a waste of time/resources/code.
Now if this was Naruto, a crow would be flying by and crying: baka! (idiot)
So what you are saying is that its not possible for any firewall to pass this leak test? Can you pls confirm.
So come on then answer it why do you have it? You are scared of answering it because you know it defeats your argument!
You must be joking! ACLs will require constant tinkering by adding new records to whitelist otherwise users won't be able to access the new software. Also who decides if this new software that wants to get into ACL is good or malware? All you are doing is shifting the checking/analysis to central authority and you are relying on that central authority's process to make sure they can analyse (dissassemble) the software to make sure there is nothing malicious in it before they give the green light to include it in the whitelist.
FYI: I am a believer in whitelisting, and if you check our products and some of my inventions I use whitelisting in providing security (eg:
formatting link
Also, both our Firewall and AV uses whitelisting approach also and we will increase its usage, so its fair to say that I have a fair bit of expertise in the design and implementation of whitelisting in security applications. But it aint' 100%! Because you could still defeat the process that puts the application into safelist.
Also, the one big point you are missing in designing security is there are many stages where you have to implement a solution for and also deploy:
1)Prevention
2)Detection
3)Cure
Whitelisting is about Prevention (whitelisting technologies) ( physical world example: your door at home etc ;-) it prevents unauthorised people from coming in)
Blacklisting is about Detection (Anti Virus, anti spyware etc, things that identifies what is bad) (physical world example: your burglar alarm, cos we all know that doors can be broken so you need to know when prevention has failed)
Cure: depends on the damage (eg: removing a virus/spyware etc) (physical world example: Insurance etc)
Any good security solution has to include all these components. Until recently the PC security was purely about detection and cure with little prevention. Comodo is changing this by creating the best possible protection by deploying layered approach.
Melih, you're wasting your time debating this .de troll. He's a Volker Birk wannabe with deplorable communicative skills; a miserable creature one would expect to encounter in a Charles Dickens classic.
No, I'm saying that it's not possible for any firewall to pass arbitrary leak tests. And that's where malware goes.
We've already discussed the differences between physical and virtual doors, buglar alarms and intrusion detection systems, their design goals and their limits. Now could we please stop making unsuitable comparisons?
And for a specific software there's usually no need to change an already created ACL.
You're giving exec rights for random software to your users?
ACLs are not intended to verify trustworthyness of software. They're intended to limit impact of untrustworthy software and users to only their data. Effectively.
Yeah, another classical bullshit. Not wanting to accept that once the malware has admin rights you've alread lost. Or do you actually allow restricted users to change the database of applications?
No, it doesn't and isn't supposed to do so. Could we now please stop with such comparisons?
Yet another bad comparison. The only cure is to sour back to a well-defined known safe state of the (sub)system. Anything else is just brabbling around and losing to the already totally overtaken system.
And any good security concepts understand unnecessary complexity as a threat. You're adding some hundred KBs of code to catch only the obvious, while totally ignoring much more effective and reliable measures (f.e. would you write a software that analyzes and approciately changes ACLs? You know, denying write access to executables is what serious antivirus software should do).
Some very trivial and effective evidence examples are the Blaster and Sasser worms.
As I've already pointed out sometimes, Automatic Updates have already been enabled on the RTM versions of Windows XP (at least with giving notifications).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.