Win xp sp2 firewall

I've not ignored anything, I've taken into account the REAL world of people and ignorance, which accounts for the vast majority of computer users.

A root-kit is not bad unless it's being used to do something bad - and since it's part of the "protection" scheme, I can't see it being bad.

Calling a root-kit bad is like calling Halon bad - in one way it protects you, in another it may be bad for you, it's all in how YOU use it.

It would be nice if we could say that all root-kit technology is bad, but, as you've mentioned it in ZA/ZAP as protecting the user from themselves, you've not show how that is bad.

Reply to
Leythos
Loading thread data ...

This may come as a shock to you, but yes, EVERY rootkit IS bad. As Mark Russinovich has put it so nicely:

"If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution."

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

No other firewall is different. If you are administrator you can change the settings of any firewall running on your system. No firewall running on the computer can prevent that. Thus, if a program wants to open a port it can do so if it is running as administrator. Maybe the installer of the program does not care about opening the port on a 3rd party firewall but still it could do so. It is usually not necessary anyway because people running personal firewalls tend to turn off the whole firewall whenever there is a networking issue, anyway.

Moreover, the firewall does not "default" to allow file sharing. The default is to block sharing. However, if you want to share files and run the file sharing wizard the necessary ports are opened. This is very reasonable as it helps people to achieve what they want to achieve: share files in their network. With other personal firewalls people have a much harder time to figure out how to get it working. Many file sharing problems are due to 3rd party firewalls.

Gerald

Reply to
Gerald Vogt

This may come as a shock to you, but, not everything is bad just because you or others think it's bad.

You've already said that the RK used in ZA is designed to protect the user from themselves, but you've not show how the RK in ZA is bad.

Reply to
Leythos

But you seem to have little experience with other firewalls - as most NON XP SP2 firewalls will alert/ask the user for permission to create the rule. Win XP SP2 doesn't alert you, it just blindly lets it happen.

How is it that you guys miss the holes in XP Sp2 firewall while missing that anything that makes it harder to put holes in a firewall is good?

Reply to
Leythos

Yeah, what does Mark Russinovich know about computers, Windows, or security, after all... Right.

No. I said it's a misguided attempt at protecting the users from themselves.

I did explain it, but since you are either reluctant or incapable to understand the reason I won't waste any more time on you.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

I see two fundamentally different viewpoints or ways of thinking here.

The XP SP2 firewall approach builds on the idea that an admin is supposed to know what he is doing.

The ZA firewall approach builds on the idea that since in real life most windows users are in fact running as admins it makes sense to put some kind of further control in place in order to protect the admin from himself.

So

Is it fair to assume that an admin is supposed to know what he is doing? - I think so.

Is it true that most windows users are running as admins? - Sure.

Is it fair to assume that most users running as admins don't know what they are doing? - I think so.

So the root cause seems to be the fact that users are running as admins. Therefore also this is what needs to change.

Reply to
B. Nice

And so you blindly follow, without question, and you just assume that everything is always right...

That's exactly how I thought you would end it - instead of showing why the method is actually bad, since you can't, you just rattle off nonsense and hope that people with just blindly follow.

You have only shown that the idea behind RK's is bad, not that all RK's are bad, and you've not shown how the one used by ZA is bad at all.

Reply to
Leythos

This is incorrect. The Windows XP SP2 firewall gets automatically configured while you run the sharing wizard to enable file sharing. The firewall ports will be closed again if you shut down sharing completely. Moreover, if you have a closer look that the wizard you will notice that it mentions the configuration of the firewall as part of the process. Thus, there is nothing blindly happening.

And again: 3rd party firewalls can also be configured in the process of some software installation. When this is done the user is not asked either. If it does not happen during installation the user will be asked regardless if it is the XP firewall or a different one...

You miss the holes in any firewall if a software running as administrator reconfigures the firewall to open a port. But most 3rd party firewalls allow the user to open ports and to grant access to programs while with the XP firewall this is only possible to the administrator.

Gerald

Reply to
Gerald Vogt

I agree so far.

No, as most users of Windows computers don't know there is an Admin or Limited account.

Yes, and those are the people that need protection in most all cases.

Yep, we agree.

And the problem is that many applications under Windows won't run as a limited user, websites can't install their active-x as a limited user, etc... Even QuickBooks won't run as a limited user without additional setup beyond the scope of the type of users we talking about.

So, while we all agree that the root cause is ignorance and running as Admins, what we need to change is way more than just people running as admins.

1) ZA and others protect the ignorant and Admins far better than Windows XP SP2 firewall. 2) Program developers need to write code that runs well, without changes/hacks for limited user level accounts. 3) Websites need to be coded to NOT use active-x.

Until the time we can force the above 3 items, and until people stop using Admin level by default, applications like ZA and others will provide more protection than XP SP2 firewall does.

Reply to
Leythos

Yes, because this is not possible.

All "Personal Firewalls" I know are completely ridiculous.

Yours, VB.

Reply to
Volker Birk

This is ridiculous.

I personally know which programs I have on my computer. So I don't need to be asked by one of those programs about others. I'm just configuring them all.

With a typical home user, this may be different. But she/he will not be able to answer such questions correctly.

So already the basic idea of "application control" is completely nonsense.

If you don't know what you're doing, try to see yourself as home user. Maybe it's better for you to buy a Macintosh and let Apple do the job, if Windows is too complicated for you.

No. And because of this, Windows-Firewall is behaving like designed and documented.

Why?

You just don't understand, that when you're configuring a program as network listener, it's a good idea not to filter that away again. Or just don't configure this.

Yours, VB.

Reply to
Volker Birk

I only had some few minutes with Vista yet, so I just tried this one.

You're not right.

What do you talking about?

Yours, VB.

Reply to
Volker Birk

My fault, it was 'schtasks'.

schtasks /create /?: | [...] | /RU username Specifies the "run as" user account | (user context) under which the task | runs. For the system account, valid | values are "", "NT AUTHORITY\\SYSTEM" | or "SYSTEM". |

See above. In Windows 2000 SP3 and Windows XP SP1 it was common to use the 'AT' utility to spawn a SYSTEM shell. This was removed and rather incorporated into the 'schtasks' utility.

Reply to
Sebastian Gottschalk

Yes. It's common since Windows NT 3.1.

Yours, VB.

Reply to
Volker Birk

So do I. I know what's running on my machines both MS and Linux, which are setting behind a Watchguard running no PFW/personal packet filters on the MS platforms or host based FW on Linux platform. I do have one running on the laptop when it's not on my network, otherwise, it's disabled.

Yeah, I agree.

You tell it to someone that doesn't know. But the fact is that at least some kind or warning flag is raised to them. While in the meantime, the XP FW is doing nothing.

Well it's not a problem for me, period. I have been in the IT field since 1971 and coming to this NG since 2000. I absolutely know what's happening, believe it.

A designed and documented program doesn't mean a thing, when the over all design concepts of the XP FW as a program/PFW doesn't fit the bill in some areas.

That's because the buck stops with me and not the PFW or XP's FW.

I make the decisions as to what is going to happen on my machines, period. For those that do know what they are doing, that's not a problem. You prompt me PFW and if I don't want it to happen, then PFW don't you do it. If I want it to happen, then I'll let you do it PFW, if I have that feature enabled.

If someone doesn't know what's happening, then they don't know prompt or no prompt, period. But again, don't you PFW start doing something in setting rules that I don't know about. I want to be informed about what you're doing or have a chance of being informed, if that's enabled.

The XP FW has none of it, period. And again, the buck stops with me not the XP FW, if I happen to be using it.

Oh, I more than understand and you can count on it.

BTW, the one PFW/personal packet filter I do use, which is on my laptop and is enabled when it's not on my network, has Application Control disabled, because I absolutely know how to go and look for myself as to what's running on them and happening with my machines, with the proper tools.

Reply to
Mr. Arnold

You think I don't know this, since I was the one who mentioned it.

That also includes the XP FW.

Reply to
Mr. Arnold

If the malware adds itself to the list of trusted applications in a PFW, where exactly is the warning flag?

Since you can't do anything meaningful, it's rather reasonable to not waste code (and therefore complexity) on useless trials.

Since the contrary can't find any such bill at all, where exactly is the problem?

Wrong again. It writes everything to a log file and sends notification to the policy manager as well as the IpHelper-API.

We already had the discussion of disabled vs. deactivated. You're sure that all the hooks are removed and the associated code is not loaded?

Reply to
Sebastian Gottschalk

It's worse, unfortunately: the home user is being asked, if he want's to lose protection, and in a way, that he doesn't understand: when the "Personal Firewall" is asking for online software updates, "No" means losing protection, when the "Personal Firewall" is asking for a network service, "Yes" means losing protection.

The home user cannot decide this, but she/he is forced to decide => wrong decision => losing protection.

Fortunately, the Windows-Firewall is not harming the home user that way.

Yours, VB.

Reply to
Volker Birk

I'd not call the Windows-Firewall a "Personal Firewall". It's just a host based packet filter, unfortenately necessary, because of the design flaw in Windows to offer network services as a default.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.