Re: Do I really need a FW besides WXP


"Me" <me@xxxxxxxxxxxxxxxxx> wrote in message
news:88idnXHYn6O_4kjeRVn-uw@xxxxxxxxxxxxxxx
>> > One of the biggest problem with XP's built-in firewall is it lets all
>> > inside traffic go out. MS weinered out and said that blocking outbound
>> > traffic would be too confusing. Not.
>>
>> That's a problem with any user that is clueless no matter what the
> solution
>> maybe..
>
> Agreed, however "clueless user" is a bit harsh. Interesting that the
> subscription OneCare service from MS will have a firewall that looks at
> outbound traffic. Maybe it was a marketing decision after all, not a
> technical one.

I don't trust any protection at the machine level other than going to the
O/S itself.

Flat-out most are *clueless* and gullible too. If it can be clicked, then it
shall be clicked.

>
>> > Since XP Home doesn't really have good security like XP Pro, if you do
> get
>> > infected with malware or a trojan, the built-in firewall is going to
>> > let
>> > it send all of your passwords to the Motherland without letting you
> know.
>>
>> What are you talking about?
>
> No Restricted User. Restricted User = no malware installs almost no matter
> how the end user tries to allow it to install

Well, most users are not doing that no matter how much it's being preached
so it's moot.

>
>> > A real firewall would pop up a warning that "program xxxxx is trying to
>> > connect to the Internet." You would naturally get paranoid (rightfully
>> > so), deny it access to the Internet and then check your computer over
> very
>> > closely.
>>
>> No a real FW doesn't have such snake-oil in it. :)
>
> Yeah, but I thought we were talking about home solutions here.

My home solution is to have a FW appliance that's protecting the machines.
When I am on the road, then I'll use a PFW solution since it's not
practical to take the FW appliance with me on the road. So when I am at
home, the PFW solution is out of the picture -- no need for one.
>
>> And so can that snake-oil being used in the PFW solution be beaten. As
>> malware can go under, over around and through a PF and that Application
>> Control snake-oil.
>
> Sure, anything can get beaten given enough effort.

Apparently, it don't take much to beat one. See if you can get any PFW other
than XP's FW to stop malware at the boot and login or the boot of a Windows
machine that's non NT based and see if it can stop malware at the point.

I suggest that you install my favorite test tool for this Gator and see if
you can set any PFW solution to get to the TCP/IP connection before Gator
can phone home and stop Gator..

>> That's why one gets a packet filtering FW router or a FW appliance that
>> meets the specs in the link.

>
> Packet-filtering? I think not. Run Metasploit against a Pix that's
> "protecting" a web server. It's root-city in a heartbeat.

Not if one knows what he or she is doing to protect the Web server in the
first place. If one doesn't know how to configure the O/S, files system,
user accounts, register and something like IIS, then he or she has no
business exposing a Web server period MS or not. However, many don't seem to
know how to do it, even the so called professionals. It's not the FW's job
to be stopping some root toolkit. However, if something is phoning home and
I set a rule with a FW appliance or packet filtering FW router to stop
outbound to specified IP(s), then I'll know the traffic will be stopped
until such time I can find the exploit on the machine, which was most likely
pointed out to me by reviewing FW logs and not what some PFW pop-up message
was or was not telling me.

And I'll tell you right-now that I know how to use the proper tools and go
look for myself on the machine

I don't think so with a PFW solution.

One gets a packet filtering FW router or low end FW appliance that cost as
much as the purchase and the annual renewal fee for a 3rd PFW solution,
which in the long run is a much better investment.

Oh, but you'll say you must renew the license for that FW appliance and
I'll say you don't. If it's not broke don't fix it.

>
> The poster asked specifically about XP, which told me he is a home user
> not
> interested in spending a ton of money, just in reducing his risk
> footprint.
>
>> You should learn about FW(s).
>
> <obligatory letters here>
>
> Ray, CCSA, CCSE, CISSP

Should I be impressed with the above letters?

Here is mine MCP working on the MCAD and may not get the MCSD because of
the 30 years of expertise. That's for .NET too BTW.

Duane :)


.