Re: Tips on blocking 'difficult' services..

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in news:4tom56F14q07iU1
@mid.dfncis.de:

Bogwitch wrote:

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in
news:4toe9oF14jqhqU1@xxxxxxxxxxxxx:

Bogwitch wrote:

The way I have AtGuard configured on this machine, it WILL ask me
about EVERY connection attempt.

If the malware has admin rights, it can trivially bypass AtGuard. You
WON'T get ANY connection attempt to see.

Bring it back to the _REAL_ world, Sebastian, please name ONE piece of
malware that is AtGuard aware.

Agobot. Nuff said.

Fair enough, if I was running AtGuard using it's default installation
executable name, I might be worried. Since 'iamapp.exe' isn't descriptive
enough for me, it is renamed to something more to my liking. Nor are my
network shares open, nor am I getting files via IRC or p2p. Not
concerned.

BTW, security is about something called *reliability*.

Might I suggest you actually understand the software before you tell
me what it can and what it can't do?

May I suggest you doing the same?

I *DO* understand the software.

But you don't understand Windows. AtGuard might do what it wants, the
Windows kernel remains the ultimate authority in the system, and if the
malware runs with admin rights, it has full access to the kernel. This
is
cat-and-mouse game, whereas AtGuard is always the loser on the long
run.

What can I say? It must be magic that has allowed me to use AtGuard in
such a way, and without doing any damage. Gosh, aren't I lucky? And with
me being a complete biff when it comes to Windows.

Bogwitch.

.

Relevant Pages

  • Re: Tips on blocking difficult services..
    ... It's interesting to see what connection attempts are made after ... if malware is hijacking the ... Using AtGuard I can point my browser at a ... It detects outbound connections, ...
    (comp.security.firewalls)
  • Re: Tips on blocking difficult services..
    ... Using AtGuard I can point my browser at ... If the browser then requests a page from a different ... And the malware will silently insert an image load request into about ... And after the reboot the DoS will keep going on... ...
    (comp.security.firewalls)
  • AtGuard, ShieldsUp & Implicit Blocking
    ... discovered that if an inbound connection is made that has no rule ... setup to cover it, then AtGuard will "implicitly" block it. ... Rule "Block SMTP" blocked. ...
    (comp.security.firewalls)
  • Re: AtGuard-style personal firewall, and idiotic behavior of Norton PFW
    ... I am runing ATGuard on Win2K/SP4 without any problems ... >i decided to switch to some other firewall. ... >E.g. something attmepts to make a connection, and I get a pop-up window that ... I created the rule for OE to block communications via ...
    (comp.security.firewalls)