Re: Stealth vs. Blocked

From: \ (dvader@deathstar.mil)
Date: 04/10/03


From: "\"Crash\" Dummy" <dvader@deathstar.mil>
Date: Thu, 10 Apr 2003 12:47:42 -0400


>If stealth is of no value (or even detrimental) then what's the point
>of using a software firewall for single PC users who have file sharing
>disabled (and who aren't running a server of any kind)?

None, if no services are exposed. On W9x/ME systems, this is pretty easy. On NT
type systems, some (like RPC) can't be closed, or are not closed by default,
like Windows Messenger. For many users, using a firewall is easier than fiddling
with services. Then there is the matter of logging traffic.

A software firewall is also useful for controlling outbound requests, like
blocking HTTP requests from OE.

IMHO, Stealth is silly, as is "leaktest" signature checking. Stealth is silly
for the reasons already cited and signature checking because it really serves no
purpose. I have never heard of a trojan that replaces a known app, and trojans
that piggyback on known apps are never checked.

-- 
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com
http://lists.gpick.com