Re: Password vault software

Vanguard wrote:


So you expect malware to kill every process hoping to hit those for the firewall?


No. It doesn't need to deactivate it at all.

You think all firewalls respond to a common method called via API or CLI so they can all be asked to disable or unload?


No. But the OS does.

Yes, malware can target multiple firewalls to terminate them but they are still targeting specific firewalls based on vulnerabilities of each.


There is a trivial vulnerability: You're running with admin rights.

Most malware doesn't even check for a firewall. They just try to connect.
No. They just hook a trusted process like iexplore.exe or firefox.exe.

Not if you use a firewall that checks who is the caller process.


Caller? We're talking about IPC.

That a process can connect before the firewall loads? So it can connect before any rules from the firewall can be applied against that process? If it is so trivial, why don't all firewalls provide this function?


So, you can name some counterexamples?

I was suggesting personal software firewalls based on the OP's question. He certainly doesn't look to be searching for an enterprise-level solution or a firewall appliance (which is still separate and doesn't have app control on the host).


Well, and I was simply talking about firewalls. You know, packet filters you can build routing firewalls from.

DiamondCS has their tool to attempt several different methods to kill a process. The testing mentioned used it and some other kill tools. So what are YOUR *specific* tools that go beyond these recognized tools? Apparently you think there is a long list of other kill methods not touched by these tools.


Right. And that's a triviality for anyone who has a clue about how operating systems work.

Did I say that Comodo passed every kill test? You actually saw me say that somewhere? It's a *software* firewall so obviously it is not absolutely impervious to every attack. The idea was to provide some level of app control that a separate firewall appliance cannot provide.


The idea obviously was to try something useless and furtile.

Oh, I see. If I had recommended Outpost then the results for Outpost are somehow obvious in showing Outpost is defective software. Since a large number of personal software firewalls are listed, they must all be defective, uh huh.


Correct.

Did you miss the part that they are *software* firewalls which means they are also running on the SAME host as the malware?


See? That's why they're defective.

I wasn't discussing separate firewall appliances.


Me not either. But hooking APi functions doesn't belong to a packet filter, since it's useless.

This from someone claiming "Even further, there's no need for running Windows Firewall with a proper network configuration" but never addresses application control.


Application control cannot be addressed at all.

The Windows firewall does nothing regarding outbound control for any apps.


Because it would be useless anyway.

So beyond all this hoopla over malware, has anyone yet declared that the vault software mentioned by the OP is actually malware? If not, it's just another normal application that could easily be controlled by a software firewall with app rules.


If it's not malware, that it doesn't require any such control.

For the mediocre leak protection, I rely on a layered approach to prevent
malware getting on my host in the first place,
<img src="https:// www. malware. org/ malware. exe">

Did you have a point here? That there is no such file to download from there? That even this guy recommends using a firewall (http://www.malware.org/faq/faq.htm#how_protect)?

Argh. Now will you get a clue that malware.org was a generic example for hosts hosting malware and that the real point is the IMG tag and the HTTPS protocol? It will load the file into memory and also into the browser's cache.
.

Relevant Pages

  • Re: How to tell if a firewall alert is suspicious or not
    ... > Control), what would Windows Firewall do differently from what Sygate, ... "Personal Firewall" is able to control. ... the malware, which is programmed as dumb as the ...
    (comp.security.firewalls)
  • Re: I need a decent firewall
    ... >> and neither will let me have the control I need. ... I need a firewall that will ... > (This site has two parts: Sygate Basics and Sygate Basics ... but I am really suspicious of any kind of security ...
    (comp.security.firewalls)
  • Re: Cant find Internet Connection Firewall
    ... back to Control Panel/Network Connections and setup a second connection ... The advanced tab will disappear if you choose to let Windows manage your ... Is there perhaps a way of getting at the firewall through the Administrative ... Tools icon in the Control Panel? ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Cant find Internet Connection Firewall
    ... back to Control Panel/Network Connections and setup a second connection ... The advanced tab will disappear if you choose to let Windows manage your ... Is there perhaps a way of getting at the firewall through the Administrative ... Tools icon in the Control Panel? ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Cant find Internet Connection Firewall
    ... back to Control Panel/Network Connections and setup a second connection ... The advanced tab will disappear if you choose to let Windows manage your ... Is there perhaps a way of getting at the firewall through the Administrative ... Tools icon in the Control Panel? ...
    (microsoft.public.windowsxp.general)