I've read all your posts and am confused by your statement(s) that PFWs only deal with incoming traffic.
I've been using Sygate for several years (don't know what to use instead, even now), and it definitely asks before it connects for an update. For example, Adobe Reader always wants to update - I set Sygate to stop it. Several other programs I run want to go check for updates all the time and I don't want them to use resources and keep my waiting.
And - perhaps more importantly, I certainly don't want them to download and install their updates unless I decide I need that update. And then, I want to install one update and make sure it hasn't affected machine performance, before I download another. Essentially, I want to know what's going on. Even if the intentions are good, if there is a negative result, a bug, a conflict between programs, I want to know what was just changed/installed/updated.
If Windows FW doesn't do that - then what would I need it for? I have a Linksys NAT, SP1 router - doesn't that perform the same function better?
Sarcastic? It's cynicism. It's cynicism, that "Personal Firewalls" entraping people to act like Louise here. It's cynicism, that those "security system providers" catch billions of dollars for crap. For endangering people, like Louise.
Adobe software, as many other software, too, is far from being perfect. So is Adobe Reader, too. From time to time it has exploits.
Stopping keeping it up to date endangers not only the user who does so, it endangers many other users which are attacked from this box afterwards.
It is impossible to control "outbound traffic" in a reliable way. Not only my own PoC code proofs this.
So one should not have a security concept which relies on this.
I would have no problem if "Personal Firewalls" would filter it anyways, would filter what can be filtered.
But they're not only doing so. They're bringing extra attack vectors to your PC. They're entraping people to switch off automatic updates, which is endangering them by opening an additional attack vector.
So for the very small benefit of "controlling what lets itself control" you're getting huge security drawbacks. This is what I'm critizising.
It's just the same problem I have with content filtering in the Web. It's not the content filtering which is the problem. It's people believing that they will be secure doing so.
No, what I said is a FW concentrate on stopping unsolicited inbound traffic and PFW(s) or machine level packet filters as I like to call PFW(s)do that too.
What? Did you go to Application control to tell Sygate to stop these program from making contact, which I don't consider it to be a FW feature or did you set outbound packet filtering rules by port, protocol or remote WAN IP to stop the traffic that I do consider a FW feature or action?
You can either go to the O/S to stop those downloads or to the solution itself and stop the download, IMO.
It's not the job of the FW to control what's running on the machine. That's the job of the O/S and the end-user to control through the O/S or said application that you have control of as to when it should or not do something.
So you're telling me that you cannot control that by other means. Again, it's not the FW's job. The FW's job is to control inbound and outbound packets by setting rules.
? Even if the intentions are good, if there is a
You blame that on yourself as the buck stops with you and nowhere else as to something happening on that machine.
You go to the O/S, you go to the application itself and turn off the features that you don't want such as automatic update and you take the control if it's a concern to you.
You use or configure the browse that you can disable downloading of stuff that you don't want downloaded when surfing sites. You use a better browser that gives better security. You don't go to dubious sites. You don't open unknown emails with attachments, configure the email client for better security or use an email client that gives you better security.
Things of that nature that you have control over along with going to the O/S and securing it to attacks that you have control over. You should know what's happing on the machine when things are running and wanting access to the Internet.
It's not their job to do application control at the machine level and you're not going to find anything that fits the above category that's going to do it.
If Application Control in a PFW solution gives you some sense of control and security, then use it as best you can for your purposes. That's all I can tell you.
I myself don't have Application Control running on the PFW solution I run that has that feature. It does me no good and I don't need it running getting in my way.
OK. Some M$fans on this ng thinks that a firewall should listen to inbound traffic only.
Now, unless there is some outbound traffic from our pc, how would inbound traffic begin?
Anyway. please coin some other term for the software that listens to and controls outbound traffic, but give me some tips about such software who are good at that, and are free.
I can't hold your hand. You have got to figure things out for yourself.
Again, you're way off in left field as usual. I don't even consider a PFW to even be a FW period. What I do consider it to be is a machine level packet filter. That's it and nothing else.
And again, I or anyone else in this ng that have little expertise know the difference that you can't seem to grasp. It's not my fault that you cannot seem to grasp it. But you're not alone.
If you actually knew what you were talking about, then you would be dangerous. Inbound unsolicited traffic from a application running from a remote site can cause the listening or server program to send outbound traffic from a machine. Such would be the case of your browser on the client machine that must initiate contact with a Web serve to begin a session between the two, with it sending back outbound traffic to continue the session. Now of course, the FW that would be setting in front of the Web server would have port 80 HTTP open to all unsolicited inbound traffic from potential client machines.
In addition to this, you as a typical home user would never have that situation and nothing running on your machine would be in a server listening mode as the norm.
None of them are IMHO and you won't get it out of me. :)
Except that they seem (some of them at least) to keep computers protected for years where the user was compromised monthly before.
I've personally seen a home with several kids that use the family computer, where it was compromised every month by things that the kids where doing, that remained free of malware for more than a year after installing ZoneAlarm Pro (I only tracked it for a year, that's why I say 'year' in my time frame.).
I've seen other systems protected from attack and malware by other personal firewall applications, ones that would have been compromised without the PFW.
Why don't you just turn off the option to install updates? In Acrobat Reader
7, go to Edit > Preferences, choose the Updates option at the left, set it do not automatically update at the top. Don't rely on a personal "firewall" to block things for you - what happens on the day your PFW isn't running? Killing a running process is a simple thing to do.
So go through each program and turn off automatic updates. If you've got a program that doesn't allow you to do so, be wary of that program.
Windows FW can be used to supplement your router. What happens if you misconfigure your router and allow all ports incoming, or ports on which you have running services on your desktop PC? What happens if your friend brings their laptop around and plugs it into your router, and it's infected with a worm that then spreads to your desktop PC? Never make assumptions, never rely on one thing that could easily be bypassed.
Volker, I don't know what the German for this idiom might be, but in English, we call it bedside manner. If you were a doctor and talked to your patients who came for help, you'd have no one return. I think that's what the comment above is all about. Leadership, if you're trying to provide it, is more effective if it's sincere, not cynical. I don't know, is it a German thing to speak to non-Germans like they are all stupid? I may be off base, but I think I'm seeing a lot of that here. Is that the professorial standard? Maybe I'm just stupid :).
Maybe you're right here - I'm used to use German usenet ;-) In German usenet there is a very short-cut, clear style of discussion, often misunderstood as rough offending. Perhaps I'm too long in German usenet now, and additionally my English is not very good.
Beside I'm not a doctor at all and not able to heal anybody ;-)
I guess that sounds like undocumented magic to him. The official way still is Start, Settings, Control Panel, Administrative Tools, Computer Configuration, Local Security Policy
One might also simply start MMC and add the snapin "Group Policy Object Editor" manually, in terms of creating a collection of the most relevant snapins.
Your English is very good. I didn't understand your discussion style as being typical of German usenet. You do give good advice, generally, you cynic :).
"From time to time" is a nice description for "always, as long as you don't disable/delete that damn DRM plugins (DigSig.api, eBook.api) and the JavaScript engine".
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.