I am sick of windows firewall

One can read this sentence in a different manner to cover the actual quality of this webservice.

formatting link
has a much higher quality level, in both directions.

Still searching for a good Esperanto and Portuguese translator...

Reply to
Sebastian Gottschalk
Loading thread data ...

This is no exploit, this is behaviour as documented and configured.

Anyway, ZA does not catch Adobe License Manger on certain high-cost (and often pirated) products like Photoshop or Premiere. Think about it!

Wrong, it's just that you didn't read the fine manual.

So far anything except the activation can be disabled, with the latter one being unnecessary on the Corporate Edition. So far any data transfer works and contains data as documented.

Usenet is a place for discussion, guidance to newbiews is only an optional side effect.

Reply to
Sebastian Gottschalk

If you were serious about stopping it, you'd disable it rather to try achieving a workaround with a (lousy!) host-based packet filter.

And they're saving the majority from even more trouble due to missing updates.

You point of view is those of the more educated users. As long as you can keep up with regularly looking, approving and installing all necessary updates, you're fine.

Wrong conclusion.

Wrong facts and wrong conclusion.

Yes, but not for the reason you want to tell.

TcpView does the same and doesn't mess up your system.

No, it doesn't.

Reply to
Sebastian Gottschalk

Any serious firewall configuration assumes that every outbound traffic is trusted and an according rule is added ("allow tcp,udp from any to me related,etablished keep-state"). Windows Firewall has this rule implied, but you obviously don*t want to understand why it's there,

netstat is already existent. Microsoft ships a tool "portqry" for automatic monitoring and processing, and there are a lot of alternatives like TcpView, Active Ports, ...

Reply to
Sebastian Gottschalk

That's why I'm storing a pretty usable standard configuration (registry file, batch scripts) among the installers.

If I wouldn't, I would at least pay attention to the most relevant settings. And this includes any automatic net activity.

and fail. In the meanwhile, ZA messes up your networking and creates a lot of wonderful attack vectors. Dude, why don't you at least some serious alternative like Wipfw? Yet it will still be totally unreliable when it comes to filtering outbound traffic from untrusted sources, but it doesn't mess up everything.

Reply to
Sebastian Gottschalk

Right-click on your taskbar, Properties, Start Menu, Customize, [X] Display Administrative Tools

I still wonder because I think this is checked by default.

Start, run, "mmc"

Reply to
Sebastian Gottschalk

I have a problem with automatic update that is why I am stopping it.

I had to reinstall xpsp2 some four times in last one month. And I am sure that it was because of automatic update.

I had posted a thread in

formatting link
or tinyurl:
formatting link
under the subject: My xpsp2 died.

the starting part of my post is:

After that, the new installation worked well for a few days while automatic update was off, and heeding to advice of M$fans like you, I again set automatic update on.

And the very next morning, after 36 updates were installed, my system ran like a snail. it often gave error "virtual memory too low, windows is adjusting that", and nothing i did helped.

I had to format and reinstall xpsp2, but I kept automatic updates on.

the very next day after the updates were installed, the same "virtual memory" problem recurred in the same vain. But this time I was so sure that it was caused by updates, that I uninstalled all 36+ updates one by one in "add-remove programs", and system was miraculously well again, as if it never had any problem.

Then I thought that I should zero in on which exact update is causing all the problem. So I started reinstalling them in sets of five updates. updates were already lying downloaded. After each such update, I was booting my system, working for an hour or two, and when no problem came, I installed next five.

The following 10 updates went well and didn't give any problem.

19/3/2006 886185 885884 896727 911565 911564

-------------

887472 873339 885835 885836 888113

-------

But, when I updated the following five,

888302 890046 890859 891781 896358

and booted the box, the very same 0xc0000018 (0x00000000

0x00000000) error came and it didn't boot. I tried all options in boot-up F8 menu, but none recognized my xp, and everyone gave that c00 error. I tried to boot from xp cd, and that did warn that I already have xp installed, but I didn't know how to make that work. So, I reinstalled xp and all my programs. This was not a clean install, so I still have old folders, new folders.

----------------------

I don't have any courage to further identify which of the above five updates is giving problem, and why, and how to overcome, etc. etc. I am not going to intentionally bring some situation which will make me reinstall my xp fifth time in one month, just because of your and your beloved M$'s automatic updates.

The morale of the story is: You are trusting M$ too much. They don't deserve that much trust. They are causing trouble by their automatic-ness.

Hence automatic updates must be stopped. Hence, outbound traffic must be monitored, because windows firewall is partial to call home. It is not for no reason that your cousin Mr Gates has opted NOT to control outbound traffic.

ZA might be having 100s of problems, but it does tell me which program are talking among themselves, and talking and transacting with net, and it gives me a chance to stop a program's talkativeness.

Most of the part of this post is sort of OT. My apologies for that.

One more small personal issue I had with automatic update, is that I can't select any "update now". I have to select some fixed time, and it will call home every day at that time.

Once I was download two files, one from rapidshare, and one from badongo, both 100 MB, and they were supposed to have been over by 2:00 PM which is the official power failure time for this place (I am in India)

But, it couldn't. One file reached 69% and the other reached 62% at the time when power disappeared, booting my computer. And those sites don't offer resume for free accounts.

And why did it happen? Because automatic updates starts downloading all those 36 updates, and remained showing 8% for hours. I clicked on everything, chainged every setting, but I couldn't stop automatic updates from downloading all that, that was taking my bandwidth and was slowing my intended downloads. I sat on my chair and prayed to God to let all downloads complete before power failure but to no avail.

That is the helplessness, cripleness that is introduced by M$ in living beings.

That sort of monopolistic, dictatorial control is desired by windows component on our pc.

I am not amused with that.

za stays with all its overhead and problem. I just don't trust M$ products when I have an option.

Reply to
V S Rawat

In my system, the above is appearing, the following are not there in it.

Though I could reach there by Run-gpedit.exe as suggested b Spack. How to bring that to Start Menu?

How to start MMC?

Reply to
V S Rawat

I can understand the merit of that observation.

inbound traffic doesn't come on its own. I am sure that no hacker/cracker is sitting at his computer monitoring my pc, so that, as soon as I go online, he will start sending traffic to my pc.

inbound traffic comes AFTER some outbound traffic occurs from our pc. Our computer sends something that does something over there somewhere, and inbound traffic starts arriving.

Thus, if we could control outbound traffic, and know that whatever is going out from our pc is going to trusted places, then there are much less chance that a bad inbound traffic will arrive at our pc.

Reply to
V S Rawat

That is why it is a responsibility thrusted by divinity upon your strong shoulders to find out and tell us which are the effective, free software which will be able to do what different users want to do in their knowledge level which is less than yours.

za catches its "I am now going to update" exploit very effectively. windows firewall doesn't because windows' 10s of software are themselves doing what adobe is doing.

usenet is not a place for discussion among veterans. It is a place for providing usefull guidance from veteran to newbies.

You did take some 15-18 years to raise you son. You didn't teach him all your knowledge when he was just one year old.

Recall that your son agreed and understood the best when you were the sweetest. :)

And I am talking about the duration before he started understanding what bulls and bees do.

?:-|

Reply to
V S Rawat

That is why I felt that all of you must be techy.

Meaning that you guys are able to keep your pc problem free, and it doesn't need reformat/reinstall of xp in years.

Otherwise you would have known that reinstalling an O.S. can cause almost a heart attack. We count our breaths while xp is installing itself. We can breath calmly only when we see it over, and system running ok. And it is a lengthy process.

Thus, when you install 30 or 50 programmes, you want to give minimum attention to each program by settings their internals. That can wait. You first want to bring your pc to the running position as earlier.

Hence, I just install all the software without bothering for their updating, connecting to net or whatever activities. Then, when I go online, and each software tries to connect to net, ZA dutifully prompts me and then, I first refuse the permission for that software, and then I go to individual software and set their options not to connect to net, if such an option is at all available.

Boy! try seeing the world from the sights of us have-nots also, at least some times.

I don't have router. Just a DSL modem.

Reply to
V S Rawat

What you have described is plausible only if our PSW (ZA, etc.) are not controlling inbound traffic. They are controlling and filtering that, so they are as effective as windows firewall in that respect. Plus za also controls and reports outbound traffic, which windows firewall doesn't, hence za is one up on windows firewall.

:) Then, I would have to rephrase the question.

Suppose I switch on windows firewall, and uninstall za, which other software should I install to observe and control outbound traffic?

Reply to
V S Rawat

Like I told you before, there is another packet filtering element on the XP O/S that can be used to stop outbound packets from leaving the machine by port, protocol, or IP to supplement the XP FW or machine level packet filter.

Your point is moot as far as I am concerned.

And again, I don't consider a PFW a FW. It doesn't meet the definition for a FW, which is to protect the network it is protecting from the WAN/ Wide Area Network/Internet and the network it is protecting the LAN (Local Area Network). PFW is only a machine level packet filter that's it and nothing else.

I am going to tell you one more time. I have given you the links to IPsec in a previous post. You need to go read them.

BlackIce cannot stop outbound traffic by setting packet filtering rules by port, protocol or IP either and I like BI better than I like any other machine level packet filter solution -- that's just me.

That's why IPsec supplements BlackIce in this area when the laptop is in use with a direct connection to the Internet, and BI's Application Control is disabled I don't need it.

I also use Active Ports (free) on this machine too with a short-cut for Active ports in the Start-up Folder to observe connections being made at the boot and login or anytime I need to observe what is connecting to the Internet and where is it connecting.

If I want to know about a remote IP, then I use Arin Whois to look up the IP to make a determination as to who it is and whether or not it's dubious.

If I want to know what is happening on the machine and I use these tools periodically on routine basis on all my Windows based machines even the ones connected to my FW appliance, then I do just that. I use them and go look for myself and let nothing like a PFW tell me that everything is okey dokey.

Long

formatting link
Short

formatting link
Also, I run the free RootTool Kit revealer that the PE people make from time to time.

Lastly, for my laptop that has a direct connection to the Internet, I try to further secure the machine by going to the O/S and hardening it to attack and certain things like accounts and whatnot I don't use and other things too that I don't need active on the machine, like I don't use Client for MS network or File and Print Sharing for MS on the NIC. I have no need for the machine to be doing networking so why leave that open, as it's not on my LAN at home where I would be sharing resources between machines.

The buck stops at the O/S and your ability to configure it, configure applications such as OE and IE for security or don't use them and using, your common sense with not having the happy fingers clicking on everything under the Sun or Moon. It doesn't rest with the PFW and some of its worthless features is the bottom line.

formatting link
Duane :)

Reply to
Duane Arnold

However, there is no GUI providing that functionality for IPFilter. Or did you refer to IPSec, which most notably is not a serious alternative?

The term is "host-based packet filter"

And one might add that common PFWs are pretty lousy ones.

BlackIce? Isn't that this funny software that tried to parse ICQ traffic even when no ICQ client is running nor any connection to any server is etablished, so taking packets from some random unknown? I don't mind them for the actual buffer overflow, this is pretty hard to get right when doing complicated RegExps.

On any serious system this lousy software doesn't work correctly. Just add one junction folder linking towards a no-medium-inserted drive and it will keep on hanging forever.

Serious alternatives are RootKit Detector v2, IATHooksAnalyzer, IceSword, VICE and System Virginity Verified.

The latter being impossible.

I still wonder why anyone would use IE on the web? Its security is based upon only talking to a trusted network, by design!

Reply to
Sebastian Gottschalk

"inbound traffic doesn't come on its own. "

Ahh, it most definitely it does. Many if not all compromised systems are responsible for initiating an extremely high majority of connection attempts to random IP's or to IP's within their same subnet, all in the effort of spreading themselves. Granted not every inbound connection attempt is the result of a 'bot or compromised system attempting to spread itself, but many of the attempts are.

Simply booting up a unprotected system and allowing inbound traffic from the 'net can almost certainly guarantee compromise within one hour of that system.

Reply to
Don Kelloway

Strange, I've had roughly 50 unsolicited inbound packets in the last hour. Maybe you haven't found the logs in ZA yet. Does your PC have a public IP address?

You are probably right, but I am not as sure as you are.

If it doesn't upset Volker too much I suggest you use this

formatting link
And try to understand that although you requested the test, there is nothing to stop anyone else doing similar tests on you without your knowledge. So your conclusion, that outbound traffic is required before inbound traffic can occur, must be incorrect, assuming I correctly understand what you said.

If you really want to control where outbound connections can and cannot be made to, then you need an external box.

Also install

formatting link
try to understand what it is telling you.

Jason

Reply to
Jason Edwards

You can call it what you want. It's software running on the host machine.

That's your opinion.

You need to get out of my face with this. I know how to use BlackIce. I know how to take BlackIce out of its automatic setting. I know how to configure BlackIce to do what I need it to do. Therefore, I don't have a problem using BlackIce. And I'll say it to you again with get out of my face with this.

I through it out there. If there are better ones, then by all means use them.

see the above

That's your problem not mine. I don't have any problems using the products when I have needed to use them. But again, that's me and I cannot account for anyone else and there usage of the solutions.

I don't have a problem using IE when I need to use it.

Duane :)

Reply to
Duane Arnold

And I am going to address this too. I have explained to you that IPsec running on the Windows platform is a supplemental packet filtering solution if you understand the word *supplement* -- maybe it's beyond you -- and is not a front line solution. IPsec on the Windows platform does have a GUI that can be used and is a viable supplemental solution.

And point blank, I don't give a rat's butt about IPFilter. I know all about IPFilter. I don't need you bringing it up to me.

Duane :)

Reply to
Duane Arnold

One last thing, I think you're becoming some kind of PITA with you running up and down the NG trying to give your take on things that I for one don't care about.

Duane :)

Reply to
Duane Arnold

Not True!

I read these and related newsgroups extensively and I am aware of security updates and I install them quite regularly. But I do it after I have a good backup and when I'll know what I've done were something to go wrong.

I believe Adobe Reader is now 7.0.5.

Louise

Reply to
louise

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.