Re: Stealth vs. Blocked

From: \ (dvader@deathstar.mil)
Date: 04/10/03


From: "\"Crash\" Dummy" <dvader@deathstar.mil>
Date: Thu, 10 Apr 2003 12:47:42 -0400


>If stealth is of no value (or even detrimental) then what's the point
>of using a software firewall for single PC users who have file sharing
>disabled (and who aren't running a server of any kind)?

None, if no services are exposed. On W9x/ME systems, this is pretty easy. On NT
type systems, some (like RPC) can't be closed, or are not closed by default,
like Windows Messenger. For many users, using a firewall is easier than fiddling
with services. Then there is the matter of logging traffic.

A software firewall is also useful for controlling outbound requests, like
blocking HTTP requests from OE.

IMHO, Stealth is silly, as is "leaktest" signature checking. Stealth is silly
for the reasons already cited and signature checking because it really serves no
purpose. I have never heard of a trojan that replaces a known app, and trojans
that piggyback on known apps are never checked.

-- 
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com
http://lists.gpick.com


Relevant Pages

  • Re: Stealth vs. Blocked
    ... why would anyone have port 7 UDP open? ... don't have any choice about being 'stealthed', I'm running NIS and it hasn't ... running AG and can't use AG to stealth at all. ... between overwhelming a software firewall and DOSing or DDOSing the Internet ...
    (alt.computer.security)
  • No Longer "Stealthed".
    ... Sorry to sound like such a wuss,but I am finding it hard ... Stealth" analysis..Please read the following bearing in ... trojan/dialler software known to mankind.I also ran the ... greatest software firewall on the planet,but since Beta ...
    (microsoft.public.windowsxp.network_web)
  • Re: Stealth vs. Blocked
    ... On Thu, 10 Apr 2003 15:59:02 GMT, Art Kopp spoketh ... >If stealth is of no value then what's the point ... >of using a software firewall for single PC users who have file sharing ... netstat -an), then a desktop firewall has no value other than being a ...
    (alt.computer.security)
  • Re: Stealth vs. Blocked
    ... >> If stealth is of no value then what's the point ... >> of using a software firewall for single PC users who have file sharing ... This could be of use in a multi-user, single PC environment. ...
    (alt.computer.security)
  • Re: Computer appears to be controlled by someone else
    ... My guess it the trojan. ... you have installed some software firewall such as zonealarm and/or some ... good Internet security software such as Norton or whatever. ...
    (microsoft.public.security.virus)