Re: Windows 98 box is 'owned'; Re:

From: GuidoZ (uberguidoz_at_gmail.com)
Date: 10/06/04

  • Next message: Barrie Dempster: "Re: forensics tools - preserving data?" 
    Date: Tue, 5 Oct 2004 15:46:38 -0700
To: Glenn Sieb <ges@wingfoot.org>

    Sending this to the list as well - it seems the topic is still hot in debate. =)

    > *nodnod* I'm new on the list, I may have missed some of the original
    > commentary.... Since I'm no longer at Lumeta, I wanted to keep my
    > 'fingers in' what the communities are looking at for security products &
    > discussion--I mean I can still bounce things off of Ches and Tal, but
    > still--it's good to read other perspectives too! :)

    I'm fairly new to this list myself (just this year). I've been around
    others (BugTraq, FD, etc) for quite some time. (I'd imagine the late
    90's, but to be honest I don't remember exactly.) This list seems like
    a very good place to not only help out those new to the industry, but
    also learn new things. Very intelligent people ready and reply here. I
    look forward to it!

    > *nodnodnod* I fully agree. At least some of them put out things
    > resembling them :) I'm much happier with the Netgear than I was with the
    > DLink, personally.

    Same here. I prefer LinkSys over them all - mostly to brand loyalty.
    (It's never lead me wrong yet...) I consider NetGear and LinkSys to be
    about equals with D-Link being the "value conscious" buy. I shy away
    from it unless the customer is serious about saving small amounts of
    $$$. I've never been fond of D-Links web interface and options, though
    frequently impressed with LinkSys. (NetGear has gone both ways -
    sometimes I've been frustrated at the interface and options while
    other times I've been relieved.) Google "linux on linksys" for some
    interesting adventures.

    > Yeah--I've been doing over-ICQ troubleshooting with a friend who has DSL
    > and one of the Netgears. Finally I told him he needed to just call
    > Netgear--they'd get the router to log into the DSL accounts, and then
    > everything would be hunky-dory--he had "a friend" come over--and though
    > everything's plugged into the right ports (thank the gods), the guy
    > never did anything about having the *router* do the log-in to the
    > service. *sigh*

    Unfortunately I've found that "friends" of clients/customers have
    proved to bring me one of two things, in most cases: Frustration
    and/or more business. They either mess something up so I have to come
    over and fix it, or they mess something up to badly that I have to
    spend a large amount of time finding the problem, then fixing it. I
    shouldn't complain though - I got my start as one of those "friends"
    to many as well, then watching how the professionals fixed what I
    broke. =) Good call on the NetGear doing as much work as possible.
    Less for the end-user to break.

    > *nod* I just know that one of the guys at Lumeta (Karl Siil) swore by
    > it. *shrug*--I've always had ZoneAlarm, personally. I haven't heard
    > of/played with Kerio yet--or Sygate. I fully agree with Norton &
    > McAfee--however, a lot of people buy them because of the name.

    It's a common misconception, made by many that should know better.
    It's possible they've changed their product since it was drilled into
    my head, however I've never found a reason to go back to it. ZA was my
    #1 choice for a long time running as well. I liked Sygate over it
    because it offered some more advanced features (packet contents,
    advanced rules, etc) that I liked. ZA is still perfect for the average
    home user who would only have the new Windows Firewall (or nothing)
    instead. Kerio seems pretty reliable. I'm not sure how much I like the
    difference between their "simple" and "advanced" operation modes. I
    wish they included an "Intermediate" as well. (The simple does
    basically everything for you. I can see how this could be exploited.
    The Advanced gets anoying, prompting for EVERYTHING - even when an MSI
    install calls on the setup.exe file, etc.)

    Norton and McAfee are popular for the same reason AOL "is #1". They
    are recognized and included with many, many things as OEM or "free
    trials". Just like AOL, it certainly doesn't mean it's the best just
    because it's popular.

    > Hear Hear!!!! Unfortunately, people don't "get" that it's so damn evil :-/

    Very unfortunate indeed. Many of the current problems (spyware being
    one of the biggest) wouldn't be such an issue if it wasn't for
    ActiveX. The most popular choices for installation (besides
    piggy-backing on an install) is deception with an ActiveX prompt.
    Though, I guess if ActiveX wasn't around, they would of found another
    way to abuse the system.
     
    > Hmm. So they're looking to run an applet on the client side via a
    > webpage? Java/script would be less evil than ActiveX....(not by much but...)
    >
    > Whenever I wanted to run stuff client-side, I just used a WSH script--if
    > it's all internal-stuff, then the WSH script can be run off of a domain
    > controller, and the output (if any) could be saved on whatever internal
    > server it would have access to.... At least it's *not* ActiveX...
    > (granted, it can still be evil, however.. My point is, I'd rather trust
    > *my* evil to do the right thing, than trust an ActiveX applet to do the
    > right thing...)

    I like it. I'm not up on my scripting host (VB) programming, though I
    understand some basic concepts. I'll talk to the company who is
    currently supporting the ActiveX and see what can be done. Thanks. =)

    Hope all is well. 

    --
Peace. ~G
On Tue, 05 Oct 2004 13:38:23 -0400, Glenn Sieb <ges@wingfoot.org> wrote:
> GuidoZ said the following on 10/5/2004 1:56 AM:
> 
> >  Hello again. =)
> 
> :)
> 
> >  Completely agree, 100%. I'd never expect a home user to have a need
> >  for a true hardware firewall. (I also noted in my original reply to
> >  the list that a router like those mentioned would be plenty for his
> >  mother.) The NetGear is a good choice. I'm usually one to recommend a
> >  LinkSys, however NetGear is my 2nd choice. =)
> 
> *nodnod* I'm new on the list, I may have missed some of the original
> commentary.... Since I'm no longer at Lumeta, I wanted to keep my
> 'fingers in' what the communities are looking at for security products &
> discussion--I mean I can still bounce things off of Ches and Tal, but
> still--it's good to read other perspectives too! :)
> 
> >  My argument wasn't that home users needed a true hardware firewall.
> >  It was that LinkSys, NetGear and D-link don't make true hardware
> >  firewalls. Terminology, nothing more. ;) I've been in this industry
> >  far to long to let something like that get by. Too many people
> >  already have it confused.
> 
> *nodnodnod* I fully agree. At least some of them put out things
> resembling them :) I'm much happier with the Netgear than I was with the
> DLink, personally.
> 
> >  I would also like to emphasize a point you made - if it's not
> >  possible for them to use correctly (even if it is just a router),
> >  then having it is a waste. You could have the best tools in the world
> >  at your disposal, but if you have no clue how to use them, it's
> >  meaningless. Very good point.
> 
> Yeah--I've been doing over-ICQ troubleshooting with a friend who has DSL
> and one of the Netgears. Finally I told him he needed to just call
> Netgear--they'd get the router to log into the DSL accounts, and then
> everything would be hunky-dory--he had "a friend" come over--and though
> everything's plugged into the right ports (thank the gods), the guy
> never did anything about having the *router* do the log-in to the
> service. *sigh*
> 
> >  Don't get me started on BlackICE! =) It's an IDS, not a true software
> >  firewall. (Google it for more info - Steve Gibson has a good write
> >  up on it.) ZoneAlarm is a good choice. So is Kerio. Both are free,
> >  easy to use, and work. Aside from the freebie class, I'm a big fan of
> >  Sygate. I do NOT like Norton Internet Security and McAfee anything.
> >  Both are resource hogs and frankly are unnecessary. Why pay so much
> >  for something you can get for free?
> 
> *nod* I just know that one of the guys at Lumeta (Karl Siil) swore by
> it. *shrug*--I've always had ZoneAlarm, personally. I haven't heard
> of/played with Kerio yet--or Sygate. I fully agree with Norton &
> McAfee--however, a lot of people buy them because of the name.
> 
> >  Amen. I swear by FireFox/Mozilla products and have since the old
> >  Netscape days. Luckily, I started converting those whom I had
> >  influence over years before IE started having all the recent
> >  problems. (Just back when it was having the other problems. =P )
> 
> LOL! :)
> 
> >  When the time came that it simply wasn't safe to use IE anymore, they
> >  switched without much fuss. The only thing missing when it comes to
> >  functionality is something no one should of started relying on in the
> >  first place - ActiveX.
> 
> Hear Hear!!!! Unfortunately, people don't "get" that it's so damn evil :-/
> 
> >  One of the organizations I support based an
> >  application on the .NET framework and was using an ActiveX applet to
> >  do some client side scripting. Unfortunately nothing but IE will work
> >  for them. If you have any suggestions, I'm quite willing to listen.
> >  ;)
> 
> Hmm. So they're looking to run an applet on the client side via a
> webpage? Java/script would be less evil than ActiveX....(not by much but...)
> 
> Whenever I wanted to run stuff client-side, I just used a WSH script--if
> it's all internal-stuff, then the WSH script can be run off of a domain
> controller, and the output (if any) could be saved on whatever internal
> server it would have access to.... At least it's *not* ActiveX...
> (granted, it can still be evil, however..  My point is, I'd rather trust
> *my* evil to do the right thing, than trust an ActiveX applet to do the
> right thing...)
> 
> >  Again, see my first paragraph. I wasn't trying to convince Tom, ***,
> >  and Harry to go out and get a SonicWall. I was only stating that
> >  there is a big difference between NAT and a hardware firewall. Not
> >  only would it be way overkill, but it would also be a waste as they
> >  coudl never figure out how to use it properly. A poorly configured
> >  firewall is worse then none at all - it gives a false sense of
> >  security. A problem often overlooked by too many that should know
> >  better!
> 
> *nodnodnod* We eventually gave up on the Nokia (couldn't get some things
> to work like DHCP forwarding--long story), and ended up building a
> FreeBSD/ipf solution which (to my knowledge) is still serving them to
> this day.
> 
> >  One firewall that could be considered both a hardware and software
> >  firewall (and even an enterprise class one at that) is the Linux
> >  based Smoothwall. It's free to download and only needs two NICs
> <snip>
> >  Defanitely check it out if you haven't already:
> >  http://www.smoothwall.org (Google it for myraids of configuration
> >  tips, scripts and tweaks.)
> 
> Nice! I'll have to look into it :)
> 
> >  Likewise. =) I always appreciate intelligent conversation.
> 
> Ditto :))
> 
> Best,
> G.
> 
> 
> --
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
>           ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
> 
>
  • Next message: Barrie Dempster: "Re: forensics tools - preserving data?"