Re: Identity P/W and Security question

From: mto (nobody_at_dontsendmeanyspam.thanks)
Date: 08/29/03 

Date: Fri, 29 Aug 2003 08:06:20 -0400

"Frode" <news@mascot.REMOVETOREPLY.dyndns.org> wrote in message
news:3f4f0d05@news.broadpark.no...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> mto wrote:
> > One of the nicer features that is included in the XP version of
> > Outlook/OE is the ability to block all attachments from executing.
>
> I am aware of that. But, like I said, I don't trust them. Thus my
> recommendation.

That is one feature my inbox says you can trust - and I get more attachments
& html mail than you can shake sticks at :) One of the few things XP has
really improved on. Note, though, that if you leave html mail enabled
blocking attachments will not prevent nasty scripts from running.

<SNIP> And, of course, also lacks the ability to configure for more
> complex uses than just "block everything". It's very simple, no arguing
> that. But for simple use that's all that's needed.

But IS there such a thing as "simple use" anymore? Or a "simple" home
system these days? 24/7 always on cable/DSL connections, home networks,
etc.

> > There
> > is no method to block ports either collectively or individually.
>
> That's because they're all blocked as far as incoming traffic is
concerned.
> As far as blocking outgoing traffic that's not really in the scope of a
> simple home firewall package (although, technically, it can be argued you
> can't call it a firewall unless it can filter in both directions). That's
> the domain of spyware busters and virus scanners.

Spyware busters ie Spybot Search & Destroy and AdAware block or remove
incoming malware but do nothing whatever to prevent outgoing communications
from extant programming between runs.

Far too many antivirus programs operate strictly on known virus definition
patterns - spyware is not a "virus" thus no definitions are included. Even
if you are using an antivirus program that utilizes decent heuristic
scanning, malware nearly always escapes notice. And again, antivirus
programs do not block the communication.

But it's a nice added
> feature packaged with many of the desktop firewalls because it is
> convenient and handy. And, of course, it's added security if you should
> manage to get a virus through email before your virus definitions got
> updated to handle it.

It is also a very nice way sometimes to prevent infection in the first
place. Example - MBlaster. (Remember, your antivirus program will not have
a definition available for a new virus until enough infections have been
reported to ID the pattern.) It takes only a minute or so to pick through
the info for a new virus that hasn't reached you yet and proactively combat
it by blocking the port it uses or writing a message rule to deliver it to
the trash.

> I repeat, it's a very simple firewall. But for people just running around
> the net surfing news sites or whatever it does the job.

I have to *strongly* disagree with you on this one. The larger & higher
traffic the website the more likely you are to get an unwanted delivery -
advertisers like to maximize their exposure (biggest bang for the buck!) and
most of the crap comes with the ads that a site delivers. Just about every
nasty I've seen in the last year or so has come from a "safe" news site -
msnbc, cnet, download.com, foxnews - all the places one would least expect.
Some of these particular sites are so bad that I won't even visit them
without everything disabled - no java, no scripts, no activeX, no nothing.

> > Further, there
> > are no logs at all - and no notification whatever if someone is trying
to
> > access your machine.
>
> That's not really a weakness. It's just a preference. If the firewall
> blocks all incoming there's no need to know what it's blocking unless
> you're of the curious nature and/or really enjoy looking at 200 daily
> attempts at connection to port 80 to try to deposit some IIS worm.

Whether or not you want to see the notification is a preference. When your
machine no longer functions normally because you were innocent & trusting
enough to think a "firewall" was keeping it safe (as it surely will sooner
rather than later if you are just a "simple" user visiting news sites) then
it can be a whole lot of work to trace a problem that a firewall log might
have revealed almost immediately.

> >> When you start getting into adblocking et al I'd consider that a
> >> separate item. The google toolbar or any other popup killer will
> >> accomplish the same.
> > Not by a long shot - having tried many of them. The ZA ad control
> > features are not available in any program I've tried - lets you choose
to
> > block ads on a site by site basis,
>
> Granted, I don't ever want to see popups so I have google's popup killer
> active at all times. The same with Opera when I use that. However popups
> can be allowed on a site basis easily enough. But why on earth would I
want
> to. :)

No, no - ZAP doesn't just block pop-ups. It blocks ALL the ads. I
literally never see an ad for anything except those rare few that are text
ads. Once in a great while I *do* want the popup - sometimes sites put
things that aren't ads in a small popup.

> > along with scripts, cookies and much more.
>
> You can even set that in IE's security settings I believe.

IE's cookie control is lousy. Very limited settings - accept all, reject
all, ask (PITA in real short order) - no way to expire them sooner than 99
years, no way to set them more adequately on a site-by-site basis.

>Anyways, back to
> my point. If a person wants to be safe from msblaster and similar, the XP
> firewall will do fine, and a simple tool like the google toolbar will
> prevent popups just fine. If you want something real fancy then yeah,
sure,
> other products is the way to go. Neither the XP firewall nor the google
> tool are bloatware filled with features. If you need more features than
> they provide then use other programs. However, for most casual users, the
> XP firewall and toolbar popup blocking will suffice imo.

If you access the Internet, you need more features than these two programs
provide. If cost is a consideration, there are several decent firewalls
available that are free to home users, ranging from user-friendly Zone Alarm
to fairly complex programs that you can write your own rules for. And you
might want to investigate that Google toolbar popup blocking - there are a
number of reports that it in itself is spyware.

Relevant Pages

  • Re: Identity P/W and Security question
    ... As far as a firewall is concerned it seems to do what it's ... > features are not available in any program I've tried - lets you choose to ... I don't ever want to see popups so I have google's popup killer ... can be allowed on a site basis easily enough. ...
    (alt.computer.security)
  • Re: Nightmare
    ... McAfee's firewall was installed, ... downloading and attempting install, ... Furthermose, McAfee's firewall popup ... Went to Pandasoftware.com for its online virus scanner. ...
    (microsoft.public.windowsxp.general)
  • Re: Nightmare
    ... >> McAfee's firewall was installed, ... There were many shortcuts on the desktop to online virus ... >> downloading and attempting install, ... Furthermose, McAfee's firewall popup ...
    (microsoft.public.windowsxp.general)
  • Re: Cisco PIX 515E vs. Fortinet Fortigate-300
    ... I m getting one Fortigate box soon. ... > Firewall Evaluation ... > Cisco 515E: Cisco is a good company that stands behind its products. ... > advanced intrusion-protection features, including DNSGuard, ...
    (comp.security.firewalls)
  • WARNING - Long Reply Re: Pop ups keep getting through - and they are driving me NUTS
    ... need to block these with a firewall as a general protection measure. ... Messenger Service Window That Contains an Internet Advertisement ... provide popup messages to users. ... Make sure that you are up-to-date on ALL critical Windows ...
    (microsoft.public.windows.inetexplorer.ie6.browser)