Re: free firewall and anti-virus software

From: Stefan Kanthak (postmaster_at_1.0.0.127.in-addr.arpa)
Date: 08/09/05

Next message: Georgia: "Security Center stopped recognizing firewall & antivirus"
Previous message: Cindy: "Re: NT User A/C Lock"
In reply to: Bruce Chambers: "Re: free firewall and anti-virus software"
Next in thread: R. McCarty: "Re: free firewall and anti-virus software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 9 Aug 2005 18:01:20 +0200

"Bruce Chambers" <bchambers@cable0ne.n3t> wrote:

Your addresses are invalid!

> dh wrote:
> > what u mean by hardware firewall?
> > Is linksys router a hardware firewall?
>
> No, not really. It's a router with NAT (Network Address Translation.)
>
> If you use a router with NAT, it's still a very good idea to use a
> 3rd party software firewall. Like WinXP's built-in firewall,
> NAT-capable routers do *nothing* to protect the user from him/herself
> (or any "curious," over-confident teenagers in the home). Again --
> and I cannot emphasize this enough -- almost all spyware and many
> Trojans and worms are downloaded and installed deliberately (albeit
> unknowingly) by the user.

Correct. And this can simply be avoided by NOT running as "Administrator"
and setting up the preconfigured "Software Restrictions Policies" to
disable execution of files except from %SystemRoot% and beyond and
%ProgramFiles% and beyond.

> So a software firewall, such as Sygate or ZoneAlarm, that can detect
> and warn the user of unauthorized out-going traffic is an important
> element of protecting one's privacy and security.

Not correct: NONE of these firewalls is able to detect more than the
most direct and "dumbest" attempts to "phone home".

Proof of concept: http://www.dingens.org/breakout.c

http://www.ulm.ccc.de/chaos-seminar/personal-firewalls/
http://copton.net/vortraege/pfw/
http://www.dingens.org/pf-bericht/

And, what's worse: most of these toys open ports and open windows on
the users desktop. Since they run under SYSTEM account this makes them
vulnerable to shatter attacks!

http://security.tombom.co.uk/shatter.html
http://security.tombom.co.uk/moreshatter.html

Running under SYSTEM account and opening Windows on the users desktop
is a no-no: Microsoft STRONGLY discourages service writers from doing so!

> (Remember: Most antivirus applications do not even scan for
> or protect you from adware/spyware, because, after all, you've
> installed them yourself, so you must want them there, right?)

Correct. But why should someone care AFTER the fact, when it's possible
to take care of BEFORE the fact? Running as restricted user, with SAFER
in place will defend all the malware!

> I use both a router with NAT and Sygate Personal Firewall, even
> though I generally know better than to install scumware. When it
> comes to computer security and protecting my privacy, I prefer the old
> "belt and suspenders" approach. In the professional IT community,
> this is also known as a "layered defense." Basically, it comes down
> to never, ever "putting all of your eggs in one basket."

Correct. But it's also true that every piece of code might contain errors.
Removing as many pieces of code as possible will therefore raise security.

Apropos "layered defense" and beeing consequent:
| User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
has known security holes, an updated version was released two weeks ago.

What you've not mentioned here is:
* remove all system components you don't need.
  For the home user without LAN the "Microsoft Network" etc. is superfluous,
  s/he only needs TCP/IP.
* remove (or disable) all services you don't need.
  DCOM and RPC need not listen on any interfaces in a home environment.

When you perform all these steps thoroughly you'll end up with a system
not exposing a single open port on it's internet connection.
See http://home.arcor.de/skanthak/harden2k.html or http://www.ntsvcfg.de
You won't even NEED the Windows Firewall then, because: what should it
protect?

Stefan
fup2 microsoft.public.security

Next message: Georgia: "Security Center stopped recognizing firewall & antivirus"
Previous message: Cindy: "Re: NT User A/C Lock"
In reply to: Bruce Chambers: "Re: free firewall and anti-virus software"
Next in thread: R. McCarty: "Re: free firewall and anti-virus software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security
... router does this automatically; they only permit traffic that's in reply to some previous outbound request. ... What security protection should I expect from: ... a software firewall ... The reason I ask this is that I have a Linksys wireless hub with a WEP ...
(microsoft.public.windows.vista.security)
RE: Home Security.
... Subject: Home Security. ... I would suggest using linux as your router. ... Other than that, as long as you set your firewall up right, you ...
(Security-Basics)
Re: CIV4 Continued crashes
... > If you're running behind a router, ... > extra firewall security you're running is redundant with a router. ... Haven't had a single virus or malware or infection. ...
(comp.sys.ibm.pc.games.strategic)
Re: web server + router on the same box
... It's hardly uncommon - many users put everything (router, firewall, ... Antenna on a cable is often bad news. ... Just pay attention to the security aspects. ...
(alt.os.linux)
Re: Just venting (totally OT)
... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
(uk.people.support.depression)