Re: Trend Micro Internet Security 2004 - can it pass Leaktest?
From: Duane Arnold (notme_at_notme.com)
Date: 05/05/04
- Next message: Lars M. Hansen: "Re: Would a firewall prevent Sasser worm?"
- Previous message: GJ: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- In reply to: GJ: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- Next in thread: optikl: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 05 May 2004 10:33:04 GMT
"GJ" <no@mail.invalid> wrote in
news:c7ab0g$qvb$1@netlx020.civ.utwente.nl:
> <quote who="Duane Arnold">
>
>> The Leaktest is worthless in determining the true affective ness of
>> the FW. FW(s) that cost $1,000(s) will not pass that stupid Leaktest
>> either.
>
> A free firewall like kerio 2.1.5 or the new 4 versions will stop it.
> As you mention later on, that's due to application control and not
> part of the "true" firewalling concepts. The Leaktest is in that
> matter more a test of the application control part of your PFW, and
> not a true firewall test.
Well, BlackIce will do that and more as far as Application Control is
concerned and is active on my machines. But Application Control is just
there and I don't depend upon it to tell me what's happening on the
machines. I find the whole application control concept for the most part
useless in the hands of most as they use it as a crutch thinking
everything is OK.
>
>>> My question is, how do I configure the firewall to pass the test?
>>> Thus making outgoing connection more secure?
>
>>> I saw an article on www.apcmag.com that said it is easy to "add a
>>> block-all default rule, then configure the firewall to prompt you
>>> when an app wants to access the internet". However, it doesn't
>>> explain how to do this.
>
>> Yeah, you can do that. That's called Application Control that's in
>> the PFW(s) and is 99% worthless along with a lot of other junk in
>> them that is flat-out worthless, IMHO.
>
> That depends on what the user espects from a "firewall". Christopher
> is talking about a home PC firewall, and there are products with
> application control that work ok. There are some products with other
> junk, but you can switch that off. Look and try before you buy can
> save a lot of money and worthless junk.
I think that most look at App Control as their stop all solution. If it's
not altering on something then everything must be OK. In the meantime,
the malware has done its thing and went on about its business, because
for the most part, users never take the time to look around for them self
as to just what is communicating on the machine and why.
I'll say this again as I see it all the time. They stop something like
svchost from communicating for whatever reason with the App Control not
knowing that it's never svchost that wants to communicate as it's only
the messenger for the O/S. Then they turn around and let svchost
communicate for some other reason. What happened to the reason that they
stopped svchost? It never went anywhere. I stopped something but I know
not the reason why.
>
>> You see when you depend upon technology such as that to protect you,
>> that's when the mistakes and confusion start when you think you
>> should be stopping something you should not be stopping and let
>> something go that you should have stopped.
>
> You have to know what you are doing, that's also neccesary for
> products without apllication control. Also, the cheap NAT routers you
> mentionend need to be configured, and you know there are many that are
> wide open. I get your point in saying that some of these PFW's give a
> false sense of security, when spawning pop-ups all the time about
> "intrusions" and "hack attempts" being discoverd when there is
> probably nothing wrong. But then again, it is the owner/maintainer of
> the firewall that needs to understand/search/ask what he is doing and
> what is happening. In my opinion some of these PFW's do a nice job.
I contend that App Control is not doing its job affectively on most of
these PFW products as it doesn't expose what is really trying to
communicate out. It's just superficial dressing that gives a false sense
of security for the most part.
>
>> And besides, malware can hit the machine and circumvent and defeat it
>> anyway. It can even take down the PFW as well.
>
> True, but that's also the case with other products (like non-App-Ctrl
> FW's, virusscanners etc). Probably hardware FW and NAT routers are not
> affected that fast by malware, but the have to be configured properly
> too.
Malware is never going to affect an appliance as that is not its job to
control malware. And I contend that it's not the job of these PFW(s) to
be doing it either. The job of the host based FW, router, FW appliances
is to protect the ports. That's it protect the ports. The personal FW
solutions have gone out of control with too many little bells and
whistles like App Control, Privacy Control and other crap etc, etc that
only leads to confusion for the user.
>
>>> If I had to buy a more secure home PC firewall, what would be a
>>> recommended antivirus and firewall combination for roughly the same
>>> price as Trend Micro Internet Security 2004?
>
> Why are you looking for a combination? You can use the virusscan util
> of Trend Micro and use an other device/progam/OS-setting to control
> your internet connection.
>
>> The NAT router may be of use that cost as much as any PFW solution
>> that you're looking to buy.
>
> It's also a possibility to try a free PFW like kerio 2.1.5, kerio 4.x
> (with some of the bloated non-sense things in it, that can be turned
> off), and sygate. There are more.
> Kerio doesn't need a license for home use. Sygate too, but the pro
> version of it does, but you can try it free first.
>
>> BTW, it's all secondary to the O/S and you should look into securing
>> it from attack a little bit.
>
> I agree with that :-)
>
>> It talks about some free utilities you can use like putting a
>> short-cut for Active Ports in the Start folder.
>
> One nice thing about the kerio 2 firewall is that a "progam" like
> Active Ports is available when double clicking the icon in the
> taskbar. That's very handy and you van see what is happening. I miss
> it in some other personall firewall products, but then you can use
> Active Ports instead. But here again, Active Ports needs some basic
> knowledge of TCP/UDP connections, ports and what programs should
> normally run on your computer and what not.
I saw what was happing with Kerio when I tried it. You can put the short-
cut for Active Ports in the Quick Start trey and fire it quickly. I like
it better than what Kerio was showing me.
>
>> That Gibson hooks them every time. :)
>
> It would have been nice and save a lot of time and stress to some
> users as he explained on his site the difference between
> application-aware (personal) FW's and just a FW. It's in my opinion
> not clear on his site that what he sees as a FW is an
> apllication-aware-FW.
Gibson is the one who sent all of this overboard in the first place and
should be hanged. :)
Duane :)
- Next message: Lars M. Hansen: "Re: Would a firewall prevent Sasser worm?"
- Previous message: GJ: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- In reply to: GJ: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- Next in thread: optikl: "Re: Trend Micro Internet Security 2004 - can it pass Leaktest?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
