Re: outbound filtering

On 12/26/2006 2:46 PM, something possessed Sebastian Gottschalk to write:
badgolferman wrote:

Jim Ford, 12/26/2006,3:32:22 PM, wrote:

He obviously knows a lot about security
Maybe not. If he really knew a lot about security he would be willing
to offer advise. I'd say he knows a lot about arrogance.

Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept and
knowledge. Offering concrete advise won't solve this more fundamental

What problem? He didn't give an abstract or concrete problem, the OP just asked for some advise, and instead received the rantings of a mere child who thinks he knows more than the rest of the Internet users and uses that arrogant belief to pompously attack any others showing any sign of ignorance (by asking for advise) in order to boost and inflate your undeveloped ego.

And I've pointed out some concrete consequences of this problem:

- NAT routers aren't firewall or security devices.
Depends on the router, but most NAT routers act as hardware firewalls, blocking unsolicited inbound connections.
- Monitoring connections doesn't require extensive packet filters with
state machines, but just standard operating system tools requesting such
information directly from the OS.
Well, that will tell you where your remote endpoint connections are and what programs are making the connection, but not much more than that. On that note, these are snapshots, not real-time displays of connection activity. For a real time display of remote connections I'd recommend Kerio Personal Firewall, or if the OP doesn't want a firewall, than TCPMon.
- Outbound filtering doesn't work.
It doesn't?
Never did, never will, beside the wishes
because it would be nice if it actually worked.
Well, granted it's not perfect, but neither are AVs. However, I have found program baddies that AVs and other anti-malware proggies missed solely from being alerted of their outbound connections (which I believe is the added security that the OP wishes), so yes, they do work. They may be allowed to be circumnavigated, but in the world with Windows and Gates nothing is perfect.
And the reason is
inter-process communication, some feature that you wouldn't like to miss
Elaborate on this please. Are you referring to rootkits, bad modules hooking into legit processes, or just processes communicating with eachother via localhost port communications.