looking for XP firewall

Port blocking firewalls do have a major defect. What if nastylittletrojan.exe used port 80 or 53 for its connections ? Would go straight through the rules. Users don't usually have the time or patience to read log files, or monitor connections realtime. []'s

-- Don't be evil - Google 2004 We have a new policy - Google 2012

[OT] Shadows tend to come and go ... I will be off to Rio tomorrow. No Shadows under a 40c sun. I'll leave you with the experts here... good luck. :) []'s

-- Don't be evil - Google 2004 We have a new policy - Google 2012

Any kind of personal firewalls do have a major defect. What if nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you happen to have) for its connections? Would go straight through the rules.

You may want to think about that.

cu

59cobalt

What my nasty little trojan tried, via BHOs . Clipped them with hijackthis. It took me > 4 hours to clean, manually. Of course, the first thing I did was pull the cable. Then delete it's "undeletable" autorun and autorun-referenced executables from a linux boot, and restore the registry with ERUNT (from within a linux DOS emulator). []'s

-- Don't be evil - Google 2004 We have a new policy - Google 2012

Because there obviously are *still* people around who didn't get the gist of it:

BTW, BHOs are just one way for malware to abuse a browser. There are quite a few more.

cu

59cobalt

If you're that concerned, set up InPrivate Filtering to import the malware domains blacklist XML file then set your other browsers to use the same list via Adblock. But it's pretty simple to fetch files with wget.exe so I'm not sure why any malware would bother to open a browser to transfer files.

All of this is a lot of assumption in response to someone merely asking for an OS firewall to use with XP without providing any additional usage details. So why assume they're blocking outbound when they may only be blocking inbound traffic, whether or not they plan to monitor their process list, etc. It's pretty common knowledge that TCP ports 80 and

443 are wide open from any but the most restrictive networks so why speculate as to what may or may not traverse those ports without prior knowledge of the deployment? We can spend all day guessing and pontificating but it seems superfluous to merely providing an answer until more questions are asked.

-Gary

I stand corrected. Using Adblock as suggested will allow you to block domains of your choosing -- including lists of known malware domains. Blocking programs is a bit more tricky with XP and its built-in firewall or an add-on like ipfw. You could block everything but the ports you know you're going to want to access but as mentioned previously, this will not be foolproof. If you want to have warnings for applications that try to access the Internet without your permission then you'll probably want to upgrade to Windows 7. And patch it regularly.

-Gary

What took me the 4 hours. BHO's autoruns etc and reinstalling the registry took 15 minutes. Shell hooks, rogue services, strange drivers, bogus system dlls etc, they took longer. System has been up for 5 years since. No unexplained traffic registered on my linux router since I cleaned it. (all my traffic goes through a linux box) There are still people that believe in microsoft patches. Oh well. Live and let live. :) []'s

-- Don't be evil - Google 2004 We have a new policy - Google 2012