I don't want any application having the ability to add its own rules to a PFW, period. I don't care what it is.
What are you talking about? Programmers are not stupid, particularly hacker types. You think someone couldn't figure out a program interface after hitting it numerous times to figure it out?
You think that information on how to access the interface is going to be kept under some kind Fort Knox lock and key?
Me, Job Blow program writing hacker who has cracked the interface, got some user with the happy fingers to click on something that did the install of my hacker program and I have good intentions. You come on let's do some delegation.
Come on man, why is anyone running with admin rights? Maybe, it's because it's the default.
I like the way you try to take the focal point away from your beloved XP FW. It won't hold.
Actually, between VB and SG, anyone following them would be fed the crap about XP SP2 firewall being all that they need and that nothing else is as good.
Time and time again, and again, they've made that assertion.
Time and time again they are wrong - XP SP2 firewall, by default, on most home users computers, has file/printer sharing exceptions, has AOL exceptions, has IM exceptions, etc...
Those same holes are not there by default on a ZAP installation, and it's a long more evident when they are created.
It's been preached by me and others about admin rights and the none use of them. I really doubt that you even follow your own preaching about it.
No program interface is secured if the the call can be made from one program to another one exposing the interface.
The interface is only a contract between the client and server program on how and what parameters are passed between the two to access a method or property in the server program, which in this case the XP FW is the server and the malware is the client program.
There are people better than you or me that can accomplish this. So, don't kid yourself, me or this NG about it.
You're talking more nonsense, as I have made cryptic keys for programs.
Someone knows the keys. He or she must pass this information out or provide the file that has the key to others that will use the key to access a program that's using/or needs a cryptic key to be accessed.
A cryptic key is NOT iron clad security. A again, don't kid yourself, me or this NG about this.
This is drivel from you and more nonsense, since the hacker program is the program running with admin rights of the user that's logged on to the machine and is the one that's being talked about above that wants to set rules and control the BS XP FW.
Yeah, so come on down and lets do some delegations with the so called malicious program, so that it's delegating to the XP FW program, its interface, and is setting rules. Hell, it might not even be a malicious program and does nothing malicious.
But the bad oh so very bad program is running and it's going to do what it needs to do malicious or not malicious. And it's going around the XP FW.
It has come around the XP FW, because it delegated some rules to it, because the cryptic key is known, the interface between the calling program (the hacker program) and the server program the XP FW is known, and the methods and properties are known for the XP FW (the server program).
And if you think that this cannot ever happen, then your bullshitting yourself, me and this NG.
Man, you don't talk to me as if you know what I am doing, because you don't.
You're talking more nonsense and you can't seem to face reality, when it comes to the average job blow home user and security that 99% of them are running are with admin rights.
The preach from you has been preached numerous times in this NG and other's and yet the average job blow home user is going to run with admin rights.
You preach to them. You stand on your soapbox and you preach to them, not me.
WTF are you talking about? This is some absolute bullshit drivel from you.
You take the XP FW burger, you stick it right up your ass, smell it after you pull it out, and then you eat it.
You go ahead and you post again you *clown*, because we all know you will do that.
People in this NG are so tired of you and your f****ng bullshit about the XP FW or anything else for that matter.
you and your lunatic posts about and for the XP FW, because you and the XP FW are not a bed of roses.
It's not my job to pick anything when it comes to supporting a claim you made. So name something I said that was "full of so many holes and misinformation".
So? That's a) no crap and b) something completely different from what you wrote above.
If you had taken a closer look at various personal firewalls, and seen how crappy their design and/or implementation is, you'd understand why.
The only exception the Windows-Firewall has enabled by default is the one for Remote Support. Why don't you get a clue before making unsubstantiated claims that everyone can prove wrong by simply making a default install of XP and taking a look at the firewall config?
And when someone installs an instant messenger he usually wants it operational, so the installer SHOULD (be able to) open the ports required for it to work properly. No surprise here.
You mean because ZA implements rootkit functionality (kernel hooks in particular) as to prevent the system administrator from doing certain things? You *do* realize that this is an attempt at effectively making the administrator a non-administrator (as I said above), don't you?
However, up to now nobody has been able to explain to me why limiting the administrator account with a rootkit is so much more intelligent than just using a limited user account.
Thanks for reminding me why I blocked this jerk. Indeed, I'd rather say not using any packet filter at all (but disabling unnnecessary services or at least patching them in time) is quite better Widows Firewall, and there are some good and better alternatives for the clueful users (like Wipfw, Injoy Firewall and CHX-I).
Hm... doesn't "attempt" imply at least a little notion of seriousness? Better call it a "trial", at best with the attribution "useless". :-)
Simple: It seems to works (whereas Joe Average doesn't understand why it won't) and it doesn't break so much. Oh, and since you're already hooking the functions, you can implement dialogue boxes that ask the malware^W user for confirmation.
(After all, security software usually is about economics. Since the user can't judge the quality, he will choose for the lowest price, and vendors are draining quality.)
Then you've not installed XP ever or at least not looked - every XP Professional SP2 system that I've installed has File/Printer sharing Exception.
And it still goes back to the simple statement that apps can put exceptions in the XP SP2 firewall without the user knowing - just look at AOL Port Magic...
Take any big box machine and look at the exceptions (and I know, those are there because of the vendor/software and were not installed by XP), but that more than anything shows the point - there are HOLES in the XP SP2 firewall that users don't see/know about, put there by apps that didn't alert the user, can be put there by malware without the user approving them, and that makes it a worthless piece of crap.
You do realize that you just proved my point - that ZAP DOES provide more protection than Windows XP SP2 firewall when it comes to opening holes.
This just goes to show your lack of real experience - by default, and you know this also, the first account on a XP box is an administrator and most users are running as administrators - if you can't see the need to protect them from adding holes in the firewall, without possibly breaking the other apps/hardware/etc... then your not playing in the real world.
So, you've confirmed that apps (any) could and do install holes (exceptions) in the XP SP2 firewall. You've confirmed that ZAP tries to protect users running as a local admin from their own apps/mistakes. That confirms that XP SP2 firewall is all but useless in untrained hands.
And now you confirm what I've said about Win XP Sp2 firewall all along, that it's useless in the hands of most and ZAP is a better product for doing that same protection.
Every XP Pro SP2 I ever installed (for example the one I just had a look at before posting) has only the Remote Support exception, and nothing else. Now what?
That was never put into question. And to re-iterate for the ten-millionth time: you cannot protect a computer from its administrator.
So basically you're trying to tell me that the Windows-Firewall is at fault when some idiot vendor changed the default configuration? o_O Please tell me you're joking.
Nope. I told you - though I didn't expect you to understand - that ZA is basically incorporating a rootkit, which is something most people in their right mind would prefer NOT to have installed on their computer.
It is an attempt to achieve something like LUA without actually using LUA. Which is of course utterly braindead.
M-hm, I see. Could you now answer the question, please? Why would any sane person want to install a rootkit rather than create and use a limited user account?
No. I've confirmed that any user/software with administrative privileges can add exceptions to the Windows-Firewall. You may show me a single occurrence where I have claimed anything different.
LUA is the solution to this problem.
No. I've confirmed that ZA does an incredibly stupid thing by installing a rootkit rather than pushing the users towards using LUA.
Not at all, because you conveniently ignore (not that I'm surprised) all the popups that ZA generates with questions no untrained user could even dream of answering sensibly.
No, you've complained that ZA does something you don't like, but you also claim that the function you complain about DOES protect users. You can keep complaining, but, by your own words, it works as intended.
People that know what a RK is are also smart enough to not need ZA.
Nope. I said it is a (plain stupid) ATTEMPT to protect admin users from themselves. But even though it MIGHT protect users there may still be ways for someone with administrative privileges to bypass even kernel hooks, so it just as well MIGHT NOT protect users with admin accounts.
Neither did I say, nor did I intend to say anything like that. And you still haven't answered my question why any sane person would prefer a rootkit over LUA.
You seem to imply that rootkits are okay as long as people don't know what they are. You're wrong.
So, it's an attempt, that does work in many cases, to protect the default user from stupid mistakes - you've said it again. That makes it a LOT better than the Windows XP SP2 firewall, which makes NO attempt to protect the user from their or malwares actions.
But you've stated why this example is GOOD, not bad, and why it works better than Windows XP SP2 firewall.
If you are installing a Firewall application you are allowing that application some control over your machine - if you know it has a RK then you have no problems with it.
I would rather have a PFW solution that has some hope of protection over one that has no hope of protection. What part of that doesn't make sense to you?
I'm done when you stop claiming that Windows XP Sp2 firewall is a good product and nothing is better at protecting users. In fact, I'm done when you stop contradicting yourself.
Yes. But unlike yourself I am also taking the (grave) downsides into consideration:
a) Any rootkit weakens the administrator's control over the system, which is a REALLY BAD THING(tm). b) How is the user supposed to distignuish between a "good" and a "bad" rootkit?
Not at all, because the correct and sensible way to protect the user is to have him use a limited user account and leave the administrative account for administrative tasks.
No, despite your persistent attempts to twist my words I did not state anything like that. And that's your third strike.
The (very simple) answer to my question is: there is no reason at all why a sane person would prefer a rootkit over using a limited user account.
Right.
Wrong, because a rootkit is not aimed at exerting control over the machine, but over administrative users. That is a no-go.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.