Re: Sunbelt-Kerio issues / Need new desktop firewall advise



"Mr. Arnold" wrote:

Maybe and maybe not that you have spyware. The only way to know for sure
is to start looking for yourself with other tools, because malware can and
they do circumvent every last bit of software to detect it.

You do know that malware can circumvent all of it, set its own rules,
punch through the PFW and you wouldn't even know it.

They suppose to run locally, that's it!

Yes a program runs local on the machine. The program is locally running
on the computer. But that doesn't mean that the program will not have a
valid reson to access the Internet.

Taking into account what I have learned so far, the fact that it connects
to the Internet implies that it opens a port on my system that can be
attacked (can I say that?). Then I see it as a security matter.

No, you can't say that. There are two types of inbound traffic that a FW
even a PFW/packet filter deals with when opening ports to traffic.

1) Solicted inbound traffic -- is inbound traffic that
............................
2) Unsolicted inbound traffic -- is any inbound
............................
There is a third condition that is there too where unsolicited inbound
traffic must reach a program that is listening that has not sent outbound
traffic.

That would be a case where a Web server behind a FW mist allow your
browser to make contact with the Web Server. It's called port forwarding,
where as a port is opened on the FW to let unsolicited inbound traffic
past the FW.

http://www.homenethelp.com/web/explain/port-forwarding-dmz.asp


Most of the freeware and shareware connect to the Internet to check for
updates, log the number of runs, collect and transmit users' system
information, etc. Some actually allow the users to change this behavior
during the setup or under menu\options. I try to avoid these
applications.

I think that should be the least of your concerns.

What you should be concerned about is someone hacking the machine with
software that has compromised the machine and using the information
against you to do serious damage, like identity theft. And it circumvented
and defeated all the snake-oil solutions and snake-oil solutions in
software running on the machine that you and they never saw it coming,
because you're leaning on the snake-oil like a crutch. Sorry, I hate to be
blunt but sometimes it's needed.

Here is another link about FW solutions, and a PFW is not a FW solution.
It's only a machine level packet filter protecting the machine at the
machine level, which is doing way too much in trying to protect you from
*you* that it cannot do that well.

http://www.more.net/technical/netserv/tcpip/firewalls/

Thanks Mr. Arnold! It is going to take a while to read and exercise all the
valuable information. Thanks for your assistance. I think I'm on the right
track now. The links will also help a lot. This is dark but cool stuff.
Hopefully I'll eventually learn to protect myself correctly, and maybe (one
day) I can build firewall equipment. :)


.



Relevant Pages

  • Re: any way to confirm break-in?
    ... Welcome to the world of 'dictionary attacks' on SSH daemons - VERY common ... which is why the rootkit detectors are also likely to fail to find a ... and are EASY to circumvent. ... ssh port and only allow access from IP ranges you may expect you will ...
    (comp.os.linux.security)
  • Re: win32-codecs-3.1.0.r1,1 marjed FORBIDDEN
    ... I would really like to get this port installed. ... circumvent this 'FORBIDDEN' problem? ... Mail Q&A for great tips from Yahoo! ... To unsubscribe, ...
    (freebsd-questions)
  • Re: win32-codecs-3.1.0.r1,1 marked FORBIDDEN
    ... I would really like to get this port installed. ... circumvent this 'FORBIDDEN' problem? ... Need Mail bonding? ... Mail Q&A for great tips from Yahoo! ...
    (freebsd-questions)
  • win32-codecs-3.1.0.r1,1 marjed FORBIDDEN
    ... White Hat writes: ... win32-codecs-3.1.0.r1,1 port. ... Is there any way to circumvent this 'FORBIDDEN' ... Check the archives, ...
    (freebsd-questions)
  • Re: win32-codecs-3.1.0.r1,1 marjed FORBIDDEN
    ... On Tue, 13 Mar 2007, White Hat wrote: ... I would really like to get this port installed. ... circumvent this 'FORBIDDEN' problem? ... Lars Eighner ...
    (freebsd-questions)