1. Home
  2. Networking Firewalls
  3. Microsoft TechNet Magazine Article about Outbound Filtering

Microsoft TechNet Magazine Article about Outbound Filtering

| Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. | | Speaking of host firewalls, why is there so much noise about outbound | filtering? Think for a moment about how ordinary users would interact | with a piece of software that bugged them every time a program on their | computer wanted to communicate with the Internet. What would such a | dialog box look like? "The program NotAVirus.exe wants to communicate on | port 34235/tcp to address 207.46.225.60 on port 2325/tcp. Do you want to | permit this?" Ugh! How would your grandmother answer that dialog box? | Thing is, your grandmother just got an e-mail with an attachment that | promises some rather sexy naked dancing pigs. Then this crazy dialog box | appears. We promise: when the decision is between being secure and | watching some naked dancing pigs, the naked dancing pigs win every time. | The fact is, despite everyone's best efforts, outbound filtering is | simply ignored by most users. They just don't know how to answer the | question. So why bother with it? Outbound filtering is too easy to | bypass, too. No self-respecting worm these days will try to communicate | by opening its own socket in the stack. Rather, it'll simply wait for | the user to open a Web browser, then hijack that connection. You've | already given the browser permission to communicate, and the firewall | has no idea that a worm has injected traffic into the browser's stream. | Outbound filtering is only useful on computers that are already | infected. And in that case, it's too late - the damage is done. If | instead you do the right things to ensure that your computers remain | free of infection, outbound filtering does nothing for you other than, | perhaps, to give you a false sense of being more secure. Which, in our | opinion, is worse than having no security at all.

(Jesper Johansson, Steve Riley)

I'm happy to read, that Microsoft is learning about security. Maybe we can hope, that Windows Vista will correct some concepts. Let's see...

Hey, Jesper, Steve, could you please, *PLEAZE* work on the topic, that Torsten's Script on

formatting link
and my little tool on
formatting link
will get superfluous, and no firewall at all will be needed any more for a default Windows installation, because Windows could just not offer network services in the default configuration?

Thank you for helping fighting bot-nets! And, by the way: please,

*PLEAZE* offer this as a patch for older Windows versions, too! We're all suffering from your failures in the past.

Yours, VB.

Reply to
Volker Birk
Loading thread data ...

But WGA, so to speak, does not act that way, and can be blocked with a software firewall that monitors ougoing connections (if it just doesnt reboot the system as the newly released ZA do :-)). On the other hand WGA has no option to prevent it from calling home, nor it can be uninstalled. I still remember Microsoft stating that there was no use for a defrag on NTFS partitions because of the indexing structure, until they inserted one in their o.s.

Reply to
Axo

Or simply disabled without the overhead of a complex packet filter.

It can, and you don't need to install it in first place.

This is because NTFS supports a defragmentation mechanism for single files internally and utilizes it from time to time. This doesn't address free space consolidation, but it doesn't have such a big impact like file fragmentation. The defragmentation program itself is just a control utility like many others have been existing before, f.e. Sysinternals' Contig. Again, the same is true for about any other modern file system.

Reply to
Sebastian Gottschalk

Maybe it is just me --- but I believe that I would reserve the right to discard ANY recommendations from an organization(and their computer security personnel) that naively fails to provide even the most trivial consideration to end-user security.

How many times does an end-user have to be burned by the "security" mindedness of this organization before enough is enough?

Seems to me that they may need to quit writing meaningless technet articles and try implementing or developing some sufficient logical controls for their own products.

Thomas

Volker Birk wrote:

Reply to
Secure Buddha

Don't twist marketing and technical competence.

Dunno, but AFAICS the only problem is MSIE and derivative programs. All other big problems have been purely user-inducted.

Why do you think these are meaningless?

Oh, now you don't even recognize improvements.

BTW, it seems like you're using IE as a webbrowser. Now you want to tell us anything about security?

Reply to
Sebastian Gottschalk

I assume then, that your header is a fake:

| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1 You for sure don't use Microsoft's products, if you don't trust them, do you? Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.