Win xp sp2 firewall

I am going to have to say this. That's your opinion and you are entitled to it, and you're just one man.

If they know what they are doing then they know, if they don't they don't and there are no in-betweens.

And XP FW is not providing the protection either, like the rest of them. It's no better than the rest of them, but that's just my opinion.

I don't think I said that. All I referenced was the XP FW is just as ridiculous as the rest of them, but again, that's just my opinion.

If the malware configures the port in the XP FW then there won't be a warning. If it does not, there will be a warning and if the user is running as limited user at that time he is not even able to open the port.

If the malware configures the port in the PFW then there won't be a warning. If it does not, there will be a warning and very often even a limited user has the opportunity to let the malware open the port.

And they still don't know when they are running a PFW. On the contrary: once they have the PFW running they think they don't have to worry about security anymore because the PFW is doing everything possible to protect the computer... Leaving the user clueless...

Gerald

Well, 99% of them are not running as limited user and those are the facts.

That's with any host based software FW/packet filter that malware can configure a port period.

What is your point?

It's not my problem. If one knows what he or she is doing then they know if they don't they then they don't, there are no in-betweens. You preach to them about it, not me.

If it doesn't work as intended, it's not any different from nothing at all. Actually it's quite worse, since it adds unnecessary complexity.

It's a trivial thing to about anyone who has a reasonable understanding of security. Actually it's simple logic.

Since it didn't even intend to do so, where exactly is your problem? Apples also totally fail on being bananas.

But the apple is not a banana!

Seems like it works as intended.

Seems like it works as intended.

Simple: If it's actually still running, it's still vulnerable to attacks and random errors - thus, makes things worse.

Your opinion as itself is rather worthless in any discussion. You should be able to back it up with facts and conclusions.

Who are you talking to about this? It's just your opinion.

Again who are you talking to? I consider this nonsense.

It's drivel from you. Again, you haven't proved anything here is the bottom line, and it's just more nonsense talking out of you.

It's more nonsense out of you again

Working as intended and being effective are two different things.

Again, this is more drivel and nonsense from you.

It's more nonsense from you I don't have a problem with it.

Now what?

I think you should be able to do the same. And I do consider you to be of no help to anyone and totally worthless 99% of the time, providing nothing but lip service.

And therefore IMHO this is what should be taught. Every time they are taught to protect themselves with a PFW instead of being told about user accounts and about how computer administration is supposed to work, the process is delayed.

Sure. But I believe a restricted user account is the preferred solution to that problem.

And as long as no pressure is put on the software vendors to fix their products it is'nt gonna change, is it?

An ignorant can't be protected by software running as admin.

Yup.

Who needs activeX on websites anyway.

And as long as people continue to just go with the flow that won't happen.

May I add:

I'm glad it seems we agree on all of those points, it's actually nice to chat with someone that's not off-kilter.

The problem that we have is that none of those things are happening, and few of us can reach the masses that are impacted daily by ignorance and by malware.

So, as a general rule, while we can't educate the masses in time to protect them or us from them.

My experience has been that if I suggest ZA/ZAP, that the users tend to fall into two groups - those that don't have a clue and never will and those that start learning and actually question every little pop-up. Those running XP SP2 firewall never question anything as they are almost never asked about anything, never see what is happening, never know about the holes already in their firewall.

So, it boils down to the user continuing to use XP SP2 firewall and being compromised due to the OS defaults and ignorance, or their being asked to install some third party PFW that provides at least a little more protection, provides a chance for them to become motivated, a chance to keep them protected.

In every case where I've visited a person using just the XP firewall, they were compromised unless they also had a NAT/Firewall appliance.

In all but one case where I've visited people using ZA/ZAP or other PFW (not Windows XP SP2 FW), they've all been uncompromised and that includes the people with several computers and no NAT router.

So what is your argument that I'm wrong here?

If the "Personal Firewall" alerts: "Application XXX.Exe is trying to connect to the Internet on port YYY", how could the home user determine, wether this is necessary for an online software update or wether this is a network connection, she/he don't want to have?

How could she/he decide, wether "Yes" means "I want to be protected", because this is a needed online software update, or wether "No" means "I want to be protected", because this is network traffic, which endangers her/him?

Please bring an argument. It's much too easy to say "that's your opinion and you're just one man". Maybe you could do better (I hope for you).

Yes. And this is the reason, why "application control" is a flawed concept, and one should never implement flawed concepts in any way. They're counter- productive.

People who know don't need "application control" or "controlling outbound traffic" at all. People who don't, may not use it, because it's counter-productive.

Which "protection" are you talking about after all?

Yours, VB.

Putting you back into the killfile. I really don't need to listen to your argument lacking flamebaits.

Well, even though I don't need it, I'd still like it - if it actually worked reliably. One may discuss why this is not possible except for some corner cases.

We don't agree that much, I'm afraid. We heavily disagree on what is the proper approach.

I advocate encouraging people to run as restricted users and mail-bomb the vendors of products that fail to work like that for no good reason. And if that does'nt help - switch to something that works.

Well, since you seem to prefer to deal with the symptom instead of the problem, I don't see how you are actually interrested in changing it.

No excuse.

The problem being that you suggest ZA/ZAP in the first place.

It seems you did'nt teach them much about what running a program as an administrator means and also not about how networking works, how to monitor it and why that is important.

That's definately not my experience.

I question that. Simply because I have seen many users with lots of crap on their machines despite of running a PFW, anti-virus and other anti-stuff.

And one final question: Why even encourage people to allow malware to run making them believe that it's controllable. I think it's a more honest approach to tell them that if they allow malware to run, all bets are off.

Well, I agree that we should teach, but MB is a violation of most TOS for people.

I am, but I'm not willing to wait for the world to change, I want to protect people right now.

Not an excuse, but it is a reality - do you just let them keep consuming bandwidth, getting private info exposed, probing others systems, complaining about their systems running slow, while doing nothing productive. You can educate and also prevent at the same time.

But I've not been show how it's a problem, sure there have been people claiming it has a root kit, that it's not teaching anyone anything, that it can be subverted, but it works better than XP SP2 firewall and certainly better than nothing at all, in most cases.

No, they never contacted me before the problem. That's where you are missing it - from the start they don't have much of a chance, unless they get something better then SP2 firewall.

I never leave a compromised user or a friend without telling them about security at all levels. You can't reach people you've not been too or that don't know to see out information.

I don't encourage people to allow malware to run, not at all.

Since running a PFW has already been proven to "HELP" protect people from all sorts of malware and other attacks, why are you and VB/SG so against something that's already proven to work better than XP SP2 Firewall.

That's the real question in this thread - since ZA/ZAP works better than XP SP2 firewall, why are you against using it?

Really? It's as expected when someone won't listen to you about your beloved, I guess you have it in the bed with you, the XP FW. You want to jump into peoples faces on a routine basis about anything.

You really are a pathetic Human Being and a so called man. People are tired of you. I am sure it's not the first time that has been said to you not only on the Internet, but I suspect, in your personal life as well.

You need to put yourself in your own killfile and basically keep your liver lip and lip service mouth shut, as you will foam at the mouth about the Sun coming up at the drop of a hat.

You are no help to anyone and you are a paluge in this NG.

What about that above statement didn't you understand?

I am going to tell you once again. I don't believe in App Control myself and I was stating my reasons about it long before you came to this NG.

I don't have to explain anything to you about anything. Who do you think you are here?

You continuously go off about this, that and the other about the XP FW, when anyone one goes against the XP FW.

Why do you keep harping on things when it comes to the XP FW? You're not much better than SG and he's a lunatic that can't stop posting about anything.

Once again, you continuously go off about your position on app control.

What difference does it make?

You think the XP FW is the best thing since hot and cold running water anytime someone takes a differnt view of it.

I use to have some kind of respect for you, but have blown that to Hell, because of your obsession with the XP FW.

Well check again. I have just done it. Remove my sip phone from the XP SP2 firewall. Started the program as limited user. It pops up a warning that traffic is blocked and that an administrator is able to unblock it. No way to change that without being administrator.

If the malware configures a port there won't be a warning. Neither with the XP FW nor with any other PFW. It is also not true that the XP FW never shows a warning while the PFW does.

Gerald

What does this have to do with the fact that 99% of Windows home users on the NT based O/S are NOT running with admen rights?

What, you think you're the only one that has ever investigated and tested the XP FW on the XP O/S? Well lordly be. Tell me something I don't know.