Re: Recurrent question

Ric <me@xxxxxxxxxxx> wrote:
> >An Anti-Virus program DOES NOT PROTECT FROM EVERY VIRUS infection. But it
> >does help to filter out the annoying trials of so many malwares, which are
> >in the wild.
> PFW, anti-virus, spam filter. They all seem similar in this respect.
> Each one can only be partially effective.

The difference is:

If an Anti-Virus program knows how to detect a specific virus, this virus
loses.

It does not matter, that virus programmers know how Anti-Virus products
work. It does not matter, what the virus code looks like. If an Anti-Virus
program scans all incoming data, _before_ code out of this data can be
executed, the Anti-Virus program wins. It makes your computer secure
against well-known viruses. There is no way, how viruses could circumvent
this, if the Anti-Virus software is well designed.

The opposite is true for "Personal Firewalls" and their attempt to
control malware, which already is running.

If the malware is not written too dumb, the malware wins. The "Personal
Firewall" has no chance to win that battle, and it does not matter, if
the malware programmer knows, how exactly a "Personal Firewall" looks
like (as I proofed with http://www.dingens.org/breakout-en.c). There is
no way to implement this securely, because of the design of Microsoft
Windows. No "Personal Firewall" provider can change this fact. It only
can be changed by Microsoft by dropping the core Windows concepts.

These are the reasons why I'm saying, that Anti-Virus programs can help
with security, if they're well designed and are used to scan any incoming
data before code out of this data can be executed, while "Personal Firewalls"
and "controlling outbound traffic" is a useless attempt.

> So you agree in the right situation, and in the right hands, a PFW can
> prevent _some_ malware, and therefore be useful?

No. A security system cannot be designed for "can control everything,
which let itself being controlled". This has nothing to do with security.

A security system has to control _especially_ those, who do not want
to be controlled.

> I thought PFW's stopped most trojans connecting out.

You're wrong. Only very dumb designed or old malware can be controlled,
because it lets itself being controlled.

> >Teaching users by alerting "The process svchost.exe tries to open port 53,
> >do you want to allow this?" - IBTD.
> >Even an IT professional cannot answer this question correctly, and
> >%USERNAME% cannot understand what's going on here at all.
> I can answer it for my situation. Deny it.

Yes, I do. Hint: I just offered the worst example a "Personal Firewall"
can alert - nobody can find out useful information of this special alert,
because there is nothing like that in it ;-)

I believe you, that with better and more useful alerts you can deal with ;-)

> I don't use any Microsoft
> network protocols (except TCP/IP)

TCP/IP is not a network protocol. It's a family of many network protocols.
And it's not from Microsoft. Not even Windows' implementation of the TCP/IP
network protocol stack originally is from Microsoft - it's a modified BSD
stack.

> The alerts could be a lot more helpful instead of spreading FUD. It
> doesn't help when they say you have just been attacked by 3 echo
> request packets or some UDP packets to port 1026. They always seem to
> think messenger spam is a port scan.

Yes. For an experienced user, who knows about network protocols. Or, to
say this another way: for a very small group of users.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
.

Relevant Pages

  • Re: How to tell if a firewall alert is suspicious or not
    ... > Control), what would Windows Firewall do differently from what Sygate, ... "Personal Firewall" is able to control. ... the malware, which is programmed as dumb as the ...
    (comp.security.firewalls)
  • Re: BBC-TV Computer Security Video For Non-Techies
    ... travelers too. ... Malware can control any Personal Firewall Application ...
    (comp.security.firewalls)
  • Re: control folders / Folders Options
    ... Spyware is not interested in limitations of your admin account. ... anti-virus but be aware that the malware has already taken control of ... When running under your admin account, malware has the same ...
    (microsoft.public.windowsxp.general)
  • Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning
    ... abandoning some of the old DOS anti-virus security model may ... So far I have not found a exact list of what is needed by AV or Malware ... You use it to monitor actions another use it to do harm like steal data. ...
    (Linux-Kernel)
  • Re: Recurrent question
    ... >> PFW, anti-virus, spam filter. ... Some people have installed a PFW which has ... >If the malware is not written too dumb, ... how exactly a "Personal Firewall" looks ...
    (comp.security.firewalls)
Loading