Re: Windows - Malwares best friend
From: E. (bellyup_at_thebar.now)
Date: 06/28/04
- Next message: Anon: "Sygate Personal Firewall Pro update broken"
- Previous message: E.: "Re: Browser hijack"
- In reply to: Melvin Klassen: "Re: Windows - Malwares best friend"
- Next in thread: ·: "Re: Windows - Malwares best friend"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 10:30:19 GMT
Melvin Klassen wrote:
> On Fri, 25 Jun 2004 18:34:39, "news" <geerge@yahoo.com> wrote:
>
>
>>Subject: Flawed outbound packet filtering in various personal firewalls
>>=====================================================
>>
>>Issue: Outbound filtering in personal firewalls does
>>not block packets that are generated by protocol stacks
>>other than the default Microsoft stack.
>
>
> Issue: You're fishing this newsgroup, aren't you?
>
> Non-issue: Unless a computer-cracker "owns" your system,
> the only TCP/IP stack that is installed is the default stack, from
> Microsoft.
not always true: one example is the newdotnet LSP hijacker (basically
adds a layer to WSOCK2) that comes bundled with early versions of Kazaa
and iMesh, among other things. It *can* easily happen, even if it starts
with something relatively innocuous like a the google toolbar, Kodak
camera updater software or any of the Wildtangent games and other stuff
(that comes preloaded) on many HP home-model machines. Updates which
pull in progerssively worse malware can lead to this.
Unfortunately I've seen this happen many times. google toolbar has =
hotwetteens.exe pron dialler.
>
> So, keep your anti-virus software updated, run a firewall (software or
> hardware),
And take the other *very*, unbelieveably simple action of searching on
[program you want to install] +spyware and see what is returned.
> and never use Internet Explorer nor Outlook nor Outlook Express,
This threat can be mitigated to a certain extent by running a softwware
firewall that you can lock down by both port and destination. Many SW
firealls basically allow everything, everywhere if the app is allowed.
Case in point is ZA allowing HTTP from email clients.
> and don't allow strangers to physically access your computer,
> and you will never have to worry about non-default stacks ever
> appearing on your computer.
> QED
*groan* Set up a remote access VPN between 5 sites the other day. Locked
it down with a bastardly nasty ruleset and multiple layers of pretty
much everything.
Owner of biz was extermely worried about people jumping on PC (Pc's are
in a very public business with high traffic) so set lock times low and
advised staff training on walk-away= lock PC. Owner then writes down
password and post-it notes it to the screen. Bang Head Here.
E.
So is anybody gonna use MS's antivirus when it comes out? I hear the tag
-name for is not Whistler or Longhorn but...... Woody.
- Next message: Anon: "Sygate Personal Firewall Pro update broken"
- Previous message: E.: "Re: Browser hijack"
- In reply to: Melvin Klassen: "Re: Windows - Malwares best friend"
- Next in thread: ·: "Re: Windows - Malwares best friend"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
