Don't use a Firewall other than Windows Firewall?

No. Sounds like a person, who presents the proof for this:

Yours, VB.

Sorry, we're talking different things. You're talking personal firewalls - I'm talking appliances.

I agree with personal firewalls - I lost a lot of faith in them some time ago.

Mark wrote: ["Outbound application control"]

BTW: it's not possible to prevent tunneling without losing connectivity by using appliances, too. This is problem on principle.

This is, why therefore some people choose the second best option - Virus Scanners and IDS. Those cannot be perfect, but they can detect the well known attacks.

Yours, VB.

Ermmm sorry you are quite incorrect.

Sonicwalls IPS can detect http tunneling, and block it, as can several other flavours of IPS.

Careful, when you disagree with his ignorant statements he's put you in his kill file.

That's not tunneling and you appear to be too stupid to understand it - you are accessing the handle of a running application and entering an address in the running web browser - it's not tunneling, it's real web browsing. At best your BS code is just ad ware.

Tunneling would be something like trying to use IM on Port 80, or SMTP over port 80, or PcAnywhere over SMTP.....

If you are using the port for what it was designed for it's not tunneling. Most firewall appliances, quality ones, can tell the difference between SMTP going out over port 80 and HTTP going out over port 80.

Sonicwalls IPS can detect _some_ _type_ of HTTP-tunneling. That was it. And this is not the fault of Sonicwall, that it cannot detect any type of tunneling, because this is impossible as I said.

If you don't believe this, I would be happy to show a type of tunneling Sonicwall does not detect.

But because I have no Sonicwall product here, would you mind to run

on one of your Windows boxes, to test? If you're trusting me, you could use the precompiled binary on for your convenience.

If this is not enough for you for believing, then I'm suggesting, that I will tunnel some information out usually one does not want to offer, say, the date your %SystemRoot% directory was created on this box.

Yours, VB.

Tried it, it didn't get out. Happy now?

Did you start Internet Explorer before? Is Internet Explorer able to reach web pages?

Yours, VB.

I agree with Klass. I am ok allowing eg Avast update to dial out, but some of the requests give no clue to WHY they are dialling-out. Usually if I block things that are not clearly labelled then I freeze the pc. If I don't know then I might as well let them get on with it in the knowledge that some time in the last few days spybot/adaware/MSantispyware have cleaned the baddies I would not recognise anyhow.

No, since he gives you a lot of arguments to think about. I'm not in the situation to discuss these tricky details, but I try to learn from the arguments I can read here.

What I learned for me personally is, that you can't delegate a security concept to a software alone. You should have some ideas, how to protect yor pc, your data and your software and to what degree.

I used ZA Pro 6, but I simply didn'd understand all the messages popping up asking for descisions. Even in automatic mode I was bothered with questions I was not able to understand. Obviously some of my decisions for allowing traffic MUST be wrong.

So - after reading this news group - I decided for MY concept: Have a good and up to date software to check for viruses, trojans spyware etc and do the checks regurlary. Block incoming traffic with the firewall of XP Pro. And thats it.

Klaas

Contgratulations. This is the most important point, I think.

Yours, VB.