Re: Advanced Rules/Advanced Application Configuration

From: Duane Arnold (notme_at_notme.com)
Date: 10/13/05 

Date: Thu, 13 Oct 2005 01:51:08 GMT

Michael_jd@hotNOSPAMmail.com (Michael_jd) wrote in
news:434d8b47@news2.actrix.gen.nz:

> In article <Xns96ECCE6DAD63Enotmenotmecom@207.217.125.201>, Duane
> Arnold <notme@notme.com> wrote:
>>Michael_jd@hotNOSPAMmail.com (Michael_jd) wrote in
>>news:434b4688@news2.actrix.gen.nz:
>>
>>> In the Advanced Application Configuration tab you have the option to
>>> choose whether a application can act as a server or client(client
>>> meaning that the application is allowed to listen, server connect).
>>> The advanced rules don't seem to allow you to do this; what it does
>>> allow you to do is choose to block/allow traffic depending on it
>>> being outgoing or incoming. Is the former and latter different
>>> names for the same thing; or are they totally different?
>>>
>>> Thanks...
>>
>>Don't use Application Control like the worthless crutch that it is
>>that can easily be beaten by malware.
>
> What about the IDS and all the other advanced security options, like
> anti IP spoofing?

What about it? You think any of that is going to protect you from malware
if it reaches that machine and can execute? The buck stops with the O/S
and not Sygate and it doesn't stop anywhere else. You should use the
proper tools and look for yourself from time to time and don't depend
upon Sygste to tell you what is happening, because malware can circumvent
and defeat the solution.

Long version

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.htmlShort version

Short version

http://tinyurl.com/klw1

You should try to secure the O/S for a machine that has a direct
connection to the Internet as much as possible. There is a link for Win
2K too. If you're using Win 9'x or ME, you are out of luck.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

Relevant Pages

  • Re: blocking MS ports from WAN access
    ... malware can get to the TCP/IP connection first before the O/S can even ... start the PFW to protect it, since no 3rd party PFW is an integrated ... TCP/IP connection available. ...
    (alt.internet.wireless)
  • Re: best software firewall?
    ... with the XP FW, if malware can get there and can be executed, it can easily make the registry change to disable the XP FW. ... Granted, all the solutions can be taken out, but this one on the XP O/S with XP's FW is too simple to do. ... The point is with me wanting to write malware if I choose to do that to knock out that XP FW, if I could get the program there and it was executed. ... This doesn't seem to be that hard with most home users with the happy fingers that click on everything under the Sun, while running with Admin rights. ...
    (comp.security.firewalls)
  • Re: sent more than received
    ... The svchost.exe like I said before is the messenger for the O/S and its ... program that needs a host program to provide the communications link ... So a malware program can use svchost.exe just ... the system32 directory, because it's always in use and the O/S is ...
    (comp.security.firewalls)
  • Re: Configuring program access in Norton Internet Security 2007
    ... M$ slightly more than the malware goons;-) and to keep unnecessary ... If the machine has a direct connection to the modem, then harden the O/S ... s direct connection to the Internet. ...
    (comp.security.firewalls)
  • Re: Is complete home security possible?
    ... > machine with the O/S, there is always going to be a chance that a personal ... > FW/host based FW solution is going to be taken down. ... > the protection and can be easily be circumvented and defeated by malware ...
    (comp.security.firewalls)