ArtDent schrieb:
In this case I think yes.
but a pf is somebody else=B4s wisdom....or somebody else=B4s stupidity, depending on the implementation.
AFAIK no. At least I don=B4t know any that support analogue dial-up. Here in Europe we do have several that support ISDN (mostly as a backup in case the dsl line dies).
Got it :-)
Regards Thomas
How could a virus scanner be sure it was clean? How do I know that the scanner knows about the virus? What stops a virus modifying the scanner so that the virus is no longer detected? What stops a virus modifying the operating system so the scanner no longer sees the virus?
There are many ways to be confident that it's clean and most of them can be done by non-technical home users. Home users can easily recognise many kinds of unusual activity such as unexpected popups or some other sudden change in behaviour. Unexpected network traffic can also be detected by being familiar with what the lights on a network switch mean. A sudden unexpected increase in light flashing, particularly when the computer is not in use, will need to be investigated. It's also not too difficult to use a site like
They have no technical interest in computers and would not be able to correctly explain what's inside the box. They could also not be expected to understand popups like "Do you want najort.exe to connect?" or "Should this network be in the trusted zone?" This is one reason why I consider personal firewalls to be nonsense. They are however way ahead of me when it comes to arty looking Word or Power Point documents.
If they are more knowledgeable than most then it's only because they are aware of why it's a very bad idea to allow everyone to use an administrator account and to download and install anything they like whenever they like.
I do try to get people to use an alternative browser when possible. I use Firefox myself. Unfortunately I have found that Firefox is sometimes incompatible with teenage home users for one reason or another so I decided that because their computers are easy to restore from an image and because I think it's very unlikely that the users will be affected by unpatched holes and because they have user not administrator accounts I decided to allow use of Internet Explorer on these particular PCs. I'm still waiting for Microsoft to finish fixing Internet Explorer though. It's only taken them what? 11 years? so far.
The user shouldn't matter, but in the case of a home Windows PC at present it is advisable to have some knowledge of why it's a good idea to delete unexpected email from people you don't know and why it's a bad idea to accept or click on anything you're offered without thinking about what the motive of the site offering it might be. These things are Microsoft's problem not the user's problem. You can't expect users to have any technical knowledge at all. Most people won't do it if the computer explains the possible consequences of installing untrusted unknown software.
Well there's only been one incident so far which required it. About six months ago one of the users was convinced the computer had a virus, and not unreasonably because it was behaving very strangely. This turned out to be because the drive had failed and Windows was in serious trouble trying to find parts of itself. You can decide for yourself whether that's re-active or pro-active. How many times has your personal firewall bothered you with popups in the last 6 months?
None at all, although I'm sure it would have tried. I would rather the computer doesn't get any zombies, spam or otherwise, but even if it did, and if it was able to send spam outside, would it really matter very much if it only existed for a few hours before the drive was restored from an image?
Ok :) Obviously they must have technically aware users who know how to answer the personal firewall's popups. Either that or they forgot to consider use of the personal firewall in the real world.
Jason
I didn't think so either, I haven't heard or read about such a thing, and I read quite a bit.
In this scenario at least - on dial-up, single machine - would you recommend a pf? I KNOW I would and do.
Jason, don't you hear your own contradictions?
Non-technical indeed. Anybody would obviously know something was 'wrong' if there were multiple pop-ups, but lights on a network switch? Come on! If people did notice them, they would probably say "Oh, how pretty".
This you say you want from people that you say can't google? More contradiction. Call for assistance? Not everone has you for a relative / friend, but even if they do have their very own IT expert, you just want to get something (help) for nothing then.
Which is a little different from the people I thought we were talking about, you snipped my Joe six pack and Freddy the lawyer out so nice.
Total Contradiction. BUT? Yes. No. What is it?
Excuse me? I thought we were talking about the user. This is the bias I was talking about earlier, you don't seem to like Windows. That is totally understandable. However, we are trying to go beyond that now, ok? We are supposed to be discussing the user here and what they should or should not do, not whine about things we don't like.
A line I can agree with (even if I do wish for that 'test' I was talking about, way back when), if only you hadn't said earlier that they _should_ know at least some rudimentary 'rules' (don't open unknown email, don't download everything, etc.)
That is what a personal firewall does! You just want it built into the operating system. Well, IT AIN'T, so we add it ourselves.
It's true that most people will fail to take note of this as a problem. Many will have a look when they suspect something unusual may be happening. They shouldn't have to do this, it's just that Windows PCs in their present form make it a good idea.
No because this is a procedure which can be learned and written down. It does not require new research or technical knowledge of how it works. And with a little effort Microsoft could have done something similar. Why didn't they do that? It is true that many people will have difficulty with such a procedure even if written down clearly.
You don't need your own IT expert, you just need to be able to call one when required. You don't need a doctor in your home all the time, you just call one when required. Home Windows PCs in their present form are very ill by default and cannot be cured by adding personal firewall software. This should not be the case and it is not the user's fault.
So why aren't Microsoft and PC vendors explaining these things to new users? Why do most users have no clue that user accounts even exist? Why do most users have no clue about the consequences of downloading untrusted unknown software and running it in an administrator account? This does not require technical knowledge. You don't have to know how a car works to know that driving it over a cliff might have serious consequences. You don't have to know how snake venom works to know that you might want to steer clear of poisonous snakes. If you do want to work with poisonous snakes then you're going to have to contain them in such a way that they cannot hurt anyone but can still live as poisonous snakes.
I don't see a contradiction. No technical knowledge is required for the above. You simply need to know that some things may lead to problems. What I see is an explanation of why the average home Windows user is going to quickly get into difficulty. This should not be the case but it will continue to be the case until Microsoft do something about it.
Why should I like a product which expects a non-technical user to be able to set it up and use it safely on an untrusted network with no help or education whatsoever? and I don't mean technical education. Why should I like a product which was never designed for use on an untrusted network but is sold as though even the cat can set it up and use it safely at home. Why should I like a product that my home users have to have because all their friends have it because all their friends have it but which is so badly designed it's not fit for use by non-technical home users without help from someone with technical knowledge. It's not like they get help or advice out of the box. All they get for instructions is how to connect the parts together and turn it on. If you want to supply something like this then it has to be secure without requiring the user to know how to keep it secure. This is Microsoft's problem not the user's problem. Expecting this problem to be solved by adding personal firewall software which asks incomprehensible technical questions is just plain ridiculous.
Ah so I am getting somewhere then. I was beginning to think this was a waste of time.
Ok.
Users can be educated in what they should or should not do without needing to have a clue how the computer works or how networking works. At present they need more education in this than they should need. It's a bit like selling people a car which requires detailed knowledge of how the steering system works or how the engine works in order to be able to keep it safely on the road. Your theory appears to be that this problem can be solved by installing personal firewall software which asks the driver questions like "The left wheel is requesting a 30 degree move to the left, do you want to allow this?" or imagine night driving on the highway. "Incoming lights from another car have been detected. Do you want to let us be seen or use the cloaking device so that no photons are returned? Oh and I've helpfully looked up the license plate and have a name and address for you, I'm sure you'll find this list of 2000 people very useful, after all it makes it look like I'm doing something useful, don't forget to renew your subscription to me."
Tests are not as necessary as education, and I don't mean technical education. Rules about opening unknown email should not be necessary and they were not necesary until Microsoft decided that it would be an excellent idea to allow users to send executable files to each other by email and have the code execute as soon as the user (with an administrator account) reads the message. How many users do you know who need this? I never send executable code by email at all.
Your theory seems to be that a personal firewall should be installed so that when a user with an administrator account who doesn't know about the dangers of accepting any download from anywhere executes untrusted code, the personal firewall will make the user aware that this code is attempting network communication. I say LOL LOL LOL LOL.
Sorry no. In any case the explanation should really be given before the user starts to use the computer. I've yet to see a personal firewall attempt to explain anything in a way that a new user with no technical knowledge can understand. Show me a personal firewall which can be understood with no knowledge of TCP/IP. Personal firewall vendors don't, in my opinion, want their users to have too much real knowledge. A user with real knowledge will fix windows without needing personal firewall software. A user without real knowledge will get into a mess when they install personal firewall software which they can't possibly understand.
Anything built into the operating system should not bother the user with stupid popup technical questions. You seem to have conveniently ignored the point that asking the user technical questions like "do you want kfrhsy32.exe to use internet explorer to send data to the internet" is ridiculous. Would you be impressed if your brain were constantly asking you questions like "The gall bladder is attempting to send bile to the intestine. Do you want to allow this?" You expect your body to deal with this without bothering you and without requiring you to know how the gall bladder works or even why you have one, no?
I was right when I said you would not be able to believe that the two PCs I described have never had any malware problem without personal firewall software and also without anti-virus software. And they have none-technical users. I don't spend my time constantly removing viruses or spyware, I simply set things up so that when combined with a little non-technical user knowledge the computers run for years with no malware trouble. Adding personal firewall software to these PCs would be ridiculous but I do see many people crippling their home PCs by doing this.
If you wish to install personal firewall software then go ahead, I'm not going to tell you what you should do with your own computer. I will however give advice if requested and that advice won't include software which expects users to answer technical questions.
Jason
And you say you are not contradicting yourself? No knowledge is required BUT you simply need to know...? If that is not a contradiction then the moon is made of green cheese. This is _exactly_ what I am trying to say, you seem to want it both ways at once, and that is just not possible. And don't give me your complaint 'It should be', it is _not possible_. If one, then can not be the other. Logic.
Sigh. Yes. But, in the cases I am _trying_ to talk about this is not happening, for _whatever_ reason(s). Quit bashing MS and come down to the real world. Wait, I got it, I will do it for you! Yes, MS sucks when it comes to security. You want people to know this. I want people to know this. We both _want_ people to know more about the proper 'procedures' when online. However, I am trying to deal with / help the people that don't or won't. Can _you_ understand _that_?
Yes, yes, pf pop-up questions can be esoteric to say the least. But, it is better than if it was not there at all. Yes, I seem to perhaps be contradicting myself here, talking about unknowledgeable people trying to deal with such things. But, I must repeat myself here, it is better than if it was not there at all.
You seem to have missed the word "technical". No knowledge of the engine is required to drive a car and you do not need to supervise engine operation as you go. You do however need to understand what may happen if you go the wrong way down a one-way street. Personal firewalls require the user to have knowledge of engine operation. This is one (but not the only) reason why they are useless.
Personal firewalls will do nothing here because they require technical knowledge which the user doesn't have.
I don't see anything wrong with that but personal firewalls aren't going to help them. If I thought that personal firewalls would help users I'd have them on my own computers. If you want to help users then set them up in such a way that they won't be bothered with technical questions they can't respond to.
You're back to the technical knowledge problem again. Because they have no technical knowledge (and we seem to agree that they can't be expected to have any) users get into a mess with personal firewalls. This is what started this thread. Why is it better that the OP should be denied network access because he doesn't have the technical skill to figure out how to get ZA to allow it? Why is that better??
Well then just accept that you'll never get unknowledgeable people to cope with personal firewall software and quit insisting that they use it.
In that case you are repeating that the OP is better off with no network access because he didn't have the technical skill required to configure ZA to allow it.
Jason
They don't. They click here click there, that is what I am saying.
No, they don't. To _truly_ understand some of their messages it may, but that is when they come here or go to google or the pf's forums for answers. Or call you. But to install and run in default mode does not require any more 'technical' knowledge than installing most other programs.
Which is why the OP came here, to get 'help'. That is a 'good' thing. And people that just go off and talk about 'other' things, like how he shouldn't be needing / using it in the first place are certainly not 'helping' him with his current problem. Now, suggestions how to learn enough to _eventually_ know that he/she does not need one are fine, but that should be in addition to at least trying to help with the problem they have _now_. I don't think we shall ever agree on this, this seems to be an issue that people's opinions are set in cement and can / will never change. All I can say in my defense is that I have been using computers for over
30 years, (yes, since the early 1970's) and have watched them and their software evolve over all this time. Along with the maliciousness of the criminal element. And my belief is that an extra layer of protection is 'good'.
It does give a false sense of security though. Malware which is evil enough will simply walk over the personal firewall without the user knowing anything about it.
Sure they are because if he hadn't installed it then he wouldn't have his current problem. He has come here to get help for a problem he inflicted on himself by installing software he doesn't understand.
Yes that does happen. Also if you've spent years advising people to use personal firewall software it's not going to be easy to suddenly start telling them why they don't need it.
It may be good for you because you have 30 years experience to draw on and so if a personal firewall said something like dfgoshsd.exe is trying to access the internet you would instantly take the computer off the network and deal with it. Put yourself in the position of the new Windows user with 0 years experience.
It is my belief that this extra layer of protection would be good if it worked but I believe it is imaginary and leads non-technical users into a false sense of security. I don't like to see computers taken over by criminals either but that isn't going to stop until an operating system is in widespread use at home which doesn't lend itself to easy take-over by criminals. I have never seen a personal firewall help an unknowledgeable user. I have seen many cases where it caused problems which were not there before it was installed. I _have_ seen virus scanners help an unknowledgeable user by preventing download of malware but this is not a completely reliable solution because the scanner may not know about the malware.
I believe that the problem of malware on home Windows PCs is Microsoft's problem and cannot be solved by adding personal firewall software.
Until Microsoft fix these problems home users would be well advised to install a virus scanner.
Jason
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.