Re: Avast or Zone Alarm using proxy server?
From: Gerald Vogt (vogt_at_spamcop.net)
Date: Wed, 16 Feb 2005 08:48:33 +0900
> In article <firstname.lastname@example.org>,
> Much freeware here and seems a respected site.Howver that particualr
> programme is loaded with windropper small.Using jottis online virus
You don't just install a software because it "seems a respected site".
This is just the problem. If you want to install freeware you check
forums, usenet groups other places and look for people that are using it
and confirm where they have it from. If you read the comments for that
software you will see that it contains a trojan.
Only because you see a "respected house" even in a "respected
neigborhood" does not mean that there is nothing illegal or dangerous
behind the doors. But with your PFW and AV software you just get
careless because you think you are invulnerable against anything.
> detect it).I know it works because the firewall stops the application.Yes
No. You have seen a pop-up and you hope that the firewall did actually
stopped it. You don't know what it actually did to your system. You
don't know if it, while you were reading the pop-up, actually tunneled
information out through Internet Explorer. You don't know what it
actually modified on your system and where it might have changed
something. You don't know if there is something waiting in the
background for the moment when you even turn off your PFW because some
other program you use does not work together with your PFW. You don't
know. That is the point: your computer is compromised because of you
downloading software. The pop-up makes you think that "you know" and
that you prevented something bad. You prevented something, maybe, but
you don't know anything. And that is the problem: you think you know
although you don't. If, in a month from now, your ISP gives you an angry
call and has disconnected you from its network because you were relaying
spam mails you just wonder, why and how, because you PFW did stop the
trojan from talking to the outside while in reality it may have made a
few other changes for later...
The outgoing pop-ups may be nice to learn but as part of security
software people quickly depend on it and believe it completely. If you
really want to know what is going over the wire, get a network sniffer.
That gives you the truth about what is going on. If you just want to
know what application does send data out, there are other non-intrusive
programs available that log you with outgoing connections and you can
learn that way...