Comodo ?

Then they get hacked, no problem. That is it is no problem to those who take the time to protect their systems.

Malware is detected by apps such as Spybot; that is what they are for.

Not if they are updated daily. Users also have to refrain from running every old app they see on the net. Most of this is social engineering. But again, you can't be concerned about those who won't take the time to learn the basics; their hacked system will be no threat to yours.

Here you're calling for users to be smart when you clearly think they are all stupid.

Didn't we already discuss COM, OLE, NetDDE, WMI, RPC and alikes?

Calling the COM server "MSIE.loadpage" already does the job. Or what about {B45FF030-4447-11D2-85DE-00C04FA35C89}.NavigateToDefaultSearch()?

What about putting a JavaScript as your webbrowser's homepage?

Do you fear going out at night because someone may attack you with a light-saber? Who knows what the future will bring. The point is to protect yourself from the known threats to the best of your ability. Firewall vendors do offer updates also.

Yes, and this is not running malware in first place. And not using bug-loaden highly complex pseudo security software.

So what? It doesn't solve unsolvable problems.

Malware is generally not detected. That's what malware is for.

Even then.

That's an absolutely consistent view.

Enough of talk Sebastian, time for action!

give me the code and show that it leaks CPF :-)

we really want people to help us make CPF better!

Melih

You've been given code and/or description above, now verify my claims as well.

Obviously not. If so, then you would allow to just use the packet filter part without all the useless trials of application control with lots of complex and potentially insecure code.

It does seem fairly silly to attempt to plug or defeat every so called "leak test" that exists and/or might exist in the future. Kinda like chasing your tail, it will probably never end, and in the meantime the product's code becomes more and more bloated and complicated until at some point it reaches the point of ridiculousness. It makes far more sense to educate the user I think.

Seems like the Symantec Norton product series still doesn't hit the ultimate pain nerves of the users. :-)

When I'm showing an empirical proof, then I'm assuming, that people know what I'm talking about, especially when I'm making clear, that the proof is empirical.

Maybe I should not assume that ;-)

Maybe. But this is irrelevant. We're talking about wether a feature for a product for the masses is a good idea or not. So relevant is, what this feature means to many people, not to each person.

I did not mean my statement as an universal claim. This is just a misunderstanding.

Wikipedia seems to work. So why not using it? "Nature" is putting much faith in Wikipedia, though:

As a matter of fact, of all philosophical ideas, I'm preferring logical positivism.

This does not matter. The criticisms just don't understand.

Again, they just don't understand. We're living in the times past Gödel's incompleteness theorems.

No.

Maybe. I did not do such a claim, and seeing what I said as an universal claim just is a misunderstanding.

Thank you. And: dito ;-)

Yours, VB.

You're failing now, "Melih", as a provider of security systems. You should know, that it's very easy to tinker against a single PoC implementation, while you need much more effort to secure against a complete class of attacks (what Sebastian is calling an "attack vector"). The class of work we're talking about, is: "implementing a security system for COM/COM+ to control such communication between all local applications". You shouldn't implement "controlling the part of the communication, which implements COM to the Active Desktop". This is not enough.

So your measuring is useless.

As a matter of fact, I'd thought, that tinkering against my simple PoC does not need more than 10 or 15 minutes ;-)

"Melih", how long did it take to implement a security system for Windows messages? Because this is comparable.

Yours, VB.

Then please stop this "outbound filtering", because it's counterproductive, if you're managing to make it perfectly work or not.

Yours, VB.

Your statement, as stated above, if false, clearly, completely, totally.

You can not show how in all cases your statement is true and I've already shown how it's false, so learn a little from your written words and understand that you should be saying:

Outbound filtering from personal firewalls MAY be counterproductive in some instances where security/patch updates are blocked, other forms out outbound filtering can help reduce chaf on the internet, block spreading of worms and SMTP attacks.

As Volker replied to me in our exchange, he doesn't buy the criticism against the logical positivist reliance on empirical evidence; namely you better make sure your statistical sample is large enough to draw a conclusion. And in the case of making what by any reasonable person would be regarded a universal statement, you better make sure all possibilities/populations are included.

This thread will continue just to spin in a circle, since for the dialectic to work, there has to be an eventual agreement on a position. That won't happen here, it appears.

Sebastian

Look at Volker and learn. He wrote leak tests, codes that one can download and run against. So stop the talk and show us some action.

"Demonstrate that you can transmit data without consent and post executable with which you transmit custom data!"

Give us some Code like Volker's code, that leaks a firewall. Not talk!

Melih

Don't forget that enabling Automatic Updates is one of the steps of installing XP, and again with SP2 (if disabled, the user is asked to enable it right after the first reboot). So that's at least two times that people had the opportunity of enabling AU (or rather keep it enabled, because that's indeed the default choice). My point is that people have been known to explicitly disable AU at one of those times.

So we have programs like AntiSpy disabling AU, firewalls blocking it, and users disabling it themselves (with the control panel, or services.msc). Whatever their reasons may be, this made for a fairly large population of vulnerable PC's on the internet. All of them ready and waiting to be taken over by Blaster (and/or Sasser, Slammer, etc).

I wonder if Microsoft made the right choice by making users choose to enable or disable AU right before using a newly installed system (or newly updated in the case of SP2). I mean, it should have been enabled by default without immediately confronting the user. Users who don't like it would disable it themselves anyway.

Except his leak-test app doesn't work on properly configured Windows XP machines - even without a personal firewall.

My friend, I've purposely disabled AU because of the documented problem on certain laptops running WIN 2000 SP4 wherein AU is responsible for periodic surges of CPU grab that eat 90+ % of CPU for up to 7 minutes. I don't assume that my security is dependent upon automatic updates. I manage this problem and my security, manually. Anyone who relies solely on software to update itself to maintain a secure environment is making a terrible mistake.

For you this may work, and it may be a good idea.

Many people are not able to evaluate, which update could be a good idea or not. So those people are depending on having online software update, which automatically installs security related fixes at least.

Yours, VB.