Page 1 of 4 1234 LastLast
Results 1 to 20 of 68

Thread: It seems every firewall is slagged as snake oil. So how should it be done?

  1. #1
    Martin C
    Guest

    It seems every firewall is slagged as snake oil. So how should it be done?

    From reading this newsgroup, there seem to be an incredible number of
    postings that basically say that no personal firewall should be used on a PC
    as they are all basically snake oil and don't really do much.

    I am not sure if these responses are just from trolls that like to slag off
    everything, or whether there is truth behind it all.

    This therefore leads to the following question.

    If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor etc
    are no good, then what should be used? Or are these guys saying that we
    should just stick with a normal router and the Windows Firewall? Or are we
    talking about a major investment in hardware?

    This is a genuine question, not a 'light blue touch paper and stand back'
    goad.

    TIA

    Martin.



  2. #2
    Bit Twister
    Guest

    Re: It seems every firewall is slagged as snake oil. So how shouldit be done?

    On Fri, 13 Mar 2009 08:38:53 -0000, Martin C wrote:
    > From reading this newsgroup, there seem to be an incredible number of
    > postings that basically say that no personal firewall should be used on a PC
    > as they are all basically snake oil and don't really do much.
    >
    > This therefore leads to the following question.
    >
    > If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor etc
    > are no good, then what should be used? Or are these guys saying that we
    > should just stick with a normal router and the Windows Firewall? Or are we
    > talking about a major investment in hardware?


    It is going to depend on your OS and your home setup.

    If you have no services which respond to inbound connections then the
    firewall is not needed. If running Micro$oft, we know there are a few
    open services. :)
    Therefore you need a firewall.

    We know malware either disables the firewall or poke holes in the OS firewall.
    Therefore, it is better to have a router or dedicated hardware
    firewall as first line of defense.

    If you have two or more M$ systems on the same network, then each system
    needs a firewall for protection from the other M$ system. :(
    Latest example, Conficker malware is now on version 3.
    It is even crawling into embedded OS devices. :(
    http://isc.sans.org/diary.html?storyid=5752

    Except for dialup users, most people windup with a home router from their ISP.
    If it does Network Address Translation, then you have your hardware
    firewall, Assuming you have closed any pass through ports in the router.

    Since the above became the norm, and/or everyone was putting in
    software firewalls, the crackers moved to getting access from inside
    the system. They do that by finding exploits in the software that
    plays/read files from the Internet (flash, pdf, gif, MP3, WMA, WMV, MP2,...).

    Last time I looked there was a new piece of malware created about
    every 20 seconds. Some of that malware calls home.
    To help throttle that problem, software firewalls started blocking
    outbound connections. Windows Firewall does not block outbound connections.

    When you get a firewall popup about some application wanting to get
    out you can start worrying/wondering if you have an infection or was
    it an official windows update. Even then you have no protection there
    if malware attaches it's self to an application you have already
    authorized outbound access. :(

    General stats seem to indicate the Anti-Virus vendors will get you an
    update to find it about 6 weeks later. :-(

    Check out what is currently running around
    http://www.commtouch.com/Site/Resear...t_activity.asp

  3. #3
    Rick
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    "Martin C" <martinC@invalid.com> wrote in
    news:49ba16d9$1_1@glkas0286.greenlnk.net:
    >
    > From reading this newsgroup, there seem to be an incredible number of
    > postings that basically say that no personal firewall should be used
    > on a PC as they are all basically snake oil and don't really do much.



    Personal firewalls are one of those things that people love to argue back
    and forth. Both sides have some validity to their views so the argument
    goes on ad infinitum. Sort of like asking "which auto brand is better,
    Ford, Chevy or Chrysler?"


    > This therefore leads to the following question.
    >
    > If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor
    > etc are no good, then what should be used? Or are these guys saying
    > that we should just stick with a normal router and the Windows
    > Firewall? Or are we talking about a major investment in hardware?



    IMHO - Security cannot be guaranteed by any single thing or even any
    combination of things, whether they be hardware, software or both. That's
    what makes it difficult for many people. They come in here or other
    newsgroups/forums and ask whether "this product" or "that software" will
    keep them safe. More often than not, someone will jump in and give you
    their recommendation and someone else will jump in and tell you that
    recommendation isn't effective.

    For what little it is worth, here are my recommendations for home users
    with moderate needs for security:

    #1) use an NAT router. while these are NOT the same as a real firewall,
    they do tend to block a number of avenues of attack. Make sure you change
    any default passwords that the router uses to control access to its
    configuration menus and turn off UPnP unless you really need it (the vast
    majority of home users will not need it).

    #2) make sure you have all available Windows security updates installed,
    including IE7 if you use Internet Explorer as a browser (you might want to
    consider using a different browser such as Firefox).

    #3) make sure you have the latest updates for Java, Acrobat Reader, Firefox
    (if you use it) and Flash since they are popular avenues of attack. Be
    aware that when Java updates are installed, the older versions are not
    removed. Unless you have a real need for the older versions, it is usually
    best to remove them and only run the latest version.

    #4) run a decent quality antivirus program with background scanning. For
    home users on a tight budget and with modest security needs, the free AV
    software from Antivir (has an annoying nag screen), Avast (the one I
    usually recommend for home users) or AVG are available. For a reasonable
    (IMHO) cost, Antivir, NOD32, or Kaspersky are good choices for an AV
    program (the latest version of Norton may move into that category but I
    haven't seen any good reviews of its effectiveness yet). For what it's
    worth, I'm not fond of "Internet Security Suites" regardless of the
    manufacturer. I find them to mostly be bloated hogs that really drag down
    system performance without adding much in the way of real security. Use the
    built-in Windows firewall instead.

    #5) use a dedicated antimalware program as a "second opinion" security
    scanner just in case. Since no single AV scanner is 100% effective, it is a
    good idea to run one of these on occasion. I tend to recommend the free
    version of either SuperAntispyware or Malware Byte's AntiMalware for home
    users on a tight budget. They have to be run manually but that should be
    sufficient. The for-pay versions of those programs offer real-time scanning
    for those who don't want to deal with remembering to run the manual scans.

    #6) if you use Outlook Express, Outlook or one of their derivatives (such
    as Incredimail) for your email, I recommend turning off the preview pane.

    #7) consider additional software/configuration changes such as:

    - running services
    http://www.blackviper.com/WinXP/servicecfg.htm)

    - autoplay/autorun
    http://antivirus.about.com/od/securi...ht/autorun.htm

    - codecs
    http://community.winsupersite.com/bl.../15/finding-a-
    good-and-safe-codec-package.aspx


    Of course, nothing can guarantee security. Regardless of how well the
    system is set up an imaginative idiot can always find a way to circumvent
    things. Using the above guidelines and keeping in mind the maxim of "it it
    sounds too good to be true it probably is" will go a long way towards
    keeping you trouble-free. Avoiding risky behavior also goes without saying.
    Those who cruise a lot of porn sites and/or those who do a lot of file
    sharing without knowing exactly what they are doing tend to be the ones who
    get into trouble the most.

    Just my 2 cents worth.....


    --
    Rick Simon rsimon@cris.com

    Include "spam(trap)key" somewhere in the
    body of any email to avoid spam filters.

  4. #4
    Leythos
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    In article <49ba16d9$1_1@glkas0286.greenlnk.net>, martinC@invalid.com
    says...
    > From reading this newsgroup, there seem to be an incredible number of
    > postings that basically say that no personal firewall should be used on a PC
    > as they are all basically snake oil and don't really do much.
    >


    Not quite, they serve a purpose as long as you understand their
    limitations and their failings.

    As an example, if you remove all Exceptions from the Windows Firewall on
    a XP computer, you can reasonably safely connect to a Wireless network
    at a public hot spot, same for a hotel. If you don't check your
    exceptions then you're most likely exposing something you were unaware
    of.

    When I travel I take a small NAT router with me, using the connection in
    a hotel or at customers sites, to block inbound to my laptop. When I
    need wireless, I use the Win XP firewall, have no exceptions, and ensure
    that my computer is not offering any services I don't know about.

    The problem is that most people don't have a clue and most people don't
    know about all of the exceptions enabled in the XP firewall or other
    firewalls if used.

    So, if you're where you can use one, use a NAT router, at least, and if
    you're out and about, check your Win firewall exceptions FIRST and EACH
    TIME, then connect to the wireless.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  5. #5
    Geoff Smith
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    In article <49ba16d9$1_1@glkas0286.greenlnk.net>, martinC@invalid.com
    says...
    >
    > From reading this newsgroup, there seem to be an incredible number of
    > postings that basically say that no personal firewall should be used on a PC
    > as they are all basically snake oil and don't really do much.
    >
    > I am not sure if these responses are just from trolls that like to slag off
    > everything, or whether there is truth behind it all.
    >
    > This therefore leads to the following question.
    >
    > If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor etc
    > are no good, then what should be used? Or are these guys saying that we
    > should just stick with a normal router and the Windows Firewall? Or are we
    > talking about a major investment in hardware?
    >
    > This is a genuine question, not a 'light blue touch paper and stand back'
    > goad.
    >
    > TIA
    >
    > Martin.


    Definitely use a NAT router. But in addition to that, ALL of the
    firewalls you mention are very good. Anyone claiming they are snakeoil
    is just ignorant. Some work better than others, depending upon your
    situation. At times, they can cause conflicts with other software. So
    try one for a couple weeks. If you don't have any new, unexplainable
    problems with your system, then stick with it.

    Try this. Go to grc.com and run the ShieldsUp! service and download/run
    the leaktest. Note the results. Then install a software firewall and do
    the same. I'm sure you will find a significant difference.

  6. #6
    Ansgar -59cobalt- Wiechers
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Geoff Smith <geoff915@yahoo.com> wrote:
    > Definitely use a NAT router.


    Make sure you disable UPnP on it, though, or malware on a user's
    computer will still be able to poke holes in it. Also this doesn't
    affect tunneling stuff through other protocols.

    > But in addition to that, ALL of the firewalls you mention are very
    > good. Anyone claiming they are snakeoil is just ignorant.


    HAHAHAHAHAHAHAHAHAHAHAHAHAHA!

    - A system that doesn't have any open ports, because it doesn't have any
    services listening on the external interface, doesn't need a personal
    firewall to protect the system from direct inbound attacks.
    - A system that is properly patched isn't vulnerable to attacks
    targeting the already patched bugs.
    - Personal firewalls cannot protect services that are supposed to be
    accessible to begin with.
    - When the user is working with admin privileges, personal firewalls can
    be disabled from the inside, even if they employ rootkit techniques.
    - Malware should be prevented from being run in the first place, not
    from communicating outbound after it's already running. There are
    various measures helping to achieve the former, including, but not
    limited to: disabling autostart on removable media, using Software
    Restriction Policies, setting appropriate "execute" permissions, or
    running (up-to-date) AV software.
    - The popups of personal firewalls are more confusing than anything
    else, because in order to understand these messages, the user would
    have to have a good understanding of both networking and Windows
    internals. Which is quite uncommon with the target group of personal
    firewalls.
    - The logging of personal firewalls usually is laughable, since vital
    information is omitted.

    On top of that, more often than not personal firewalls introduce
    additional vulnerabilities on the system they're supposed to protect:

    - Automatic network shunning (default with various personal firewalls)
    can be abused by an attacker for a DoS attack.
    - Some personal firewalls run interactive services with elevated
    privileges, making them susceptible to shatter attacks.
    - Exploitable bugs in personal firewalls can be used to compromise the
    system. This has already happened ITW (W32/Witty.worm).

    And you dare calling the critics of personal firewalls ignorant?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  7. #7
    Geoff Smith
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    In article <gpdj3fUndsL1@news.in-ulm.de>, usenet-2009@planetcobalt.net
    says...
    >
    > Geoff Smith <geoff915@yahoo.com> wrote:
    > > Definitely use a NAT router.

    >
    > Make sure you disable UPnP on it, though, or malware on a user's
    > computer will still be able to poke holes in it. Also this doesn't
    > affect tunneling stuff through other protocols.
    >
    > > But in addition to that, ALL of the firewalls you mention are very
    > > good. Anyone claiming they are snakeoil is just ignorant.

    >
    > HAHAHAHAHAHAHAHAHAHAHAHAHAHA!
    >
    > - A system that doesn't have any open ports, because it doesn't have any
    > services listening on the external interface, doesn't need a personal
    > firewall to protect the system from direct inbound attacks.
    > - A system that is properly patched isn't vulnerable to attacks
    > targeting the already patched bugs.
    > - Personal firewalls cannot protect services that are supposed to be
    > accessible to begin with.
    > - When the user is working with admin privileges, personal firewalls can
    > be disabled from the inside, even if they employ rootkit techniques.
    > - Malware should be prevented from being run in the first place, not
    > from communicating outbound after it's already running. There are
    > various measures helping to achieve the former, including, but not
    > limited to: disabling autostart on removable media, using Software
    > Restriction Policies, setting appropriate "execute" permissions, or
    > running (up-to-date) AV software.
    > - The popups of personal firewalls are more confusing than anything
    > else, because in order to understand these messages, the user would
    > have to have a good understanding of both networking and Windows
    > internals. Which is quite uncommon with the target group of personal
    > firewalls.
    > - The logging of personal firewalls usually is laughable, since vital
    > information is omitted.
    >
    > On top of that, more often than not personal firewalls introduce
    > additional vulnerabilities on the system they're supposed to protect:
    >
    > - Automatic network shunning (default with various personal firewalls)
    > can be abused by an attacker for a DoS attack.
    > - Some personal firewalls run interactive services with elevated
    > privileges, making them susceptible to shatter attacks.
    > - Exploitable bugs in personal firewalls can be used to compromise the
    > system. This has already happened ITW (W32/Witty.worm).
    >
    > And you dare calling the critics of personal firewalls ignorant?
    >
    > cu
    > 59cobalt


    Anyone who claims they are snakeoil (i.e. They offer no added protection
    whatsoever) is ignorant. Of course there are valid criticisms. Are they
    perfect? No. Are they helpful as an additional layer of protection? For
    most people, yes.

    Is it possible that they can include bugs that compromise a system? Yes.
    But you could say that about ANY piece of software. It's a red herring.
    If a person wanted to be totally locked down against any possible
    security vulnerabilities from bugs in software, he/she would have to
    remove every single piece of software from the computer, including the
    OS.

  8. #8
    Lie Ryan
    Guest

    Re: It seems every firewall is slagged as snake oil. So how shouldit be done?

    Rick wrote:
    > #2) make sure you have all available Windows security updates installed,
    > including IE7 if you use Internet Explorer as a browser (you might want to
    > consider using a different browser such as Firefox).


    I'd rather change that to:
    #2) make sure you have all available Windows security updates installed,
    including IE7, even though you don't use Internet Explorer as a
    browser. It is not recommended to use IE as your daily browser. As long
    as IE doesn't close one of its most outstanding bug: "Remove ActiveX
    support" I would not consider it for any purpose.

  9. #9
    Lie Ryan
    Guest

    Re: It seems every firewall is slagged as snake oil. So how shouldit be done?

    Ansgar -59cobalt- Wiechers wrote:
    > Geoff Smith <geoff915@yahoo.com> wrote:
    >> Definitely use a NAT router.

    >
    > Make sure you disable UPnP on it, though, or malware on a user's
    > computer will still be able to poke holes in it. Also this doesn't
    > affect tunneling stuff through other protocols.
    >
    >> But in addition to that, ALL of the firewalls you mention are very
    >> good. Anyone claiming they are snakeoil is just ignorant.

    >
    > HAHAHAHAHAHAHAHAHAHAHAHAHAHA!


    Laughable, there is no fully valid points in your post.

    >
    > - A system that doesn't have any open ports, because it doesn't have any
    > services listening on the external interface, doesn't need a personal
    > firewall to protect the system from direct inbound attacks.


    A system is always vulnerable to ICMP DOS unless the firewall is
    instructed to ignore and ignore ICMP packets.

    > - A system that is properly patched isn't vulnerable to attacks
    > targeting the already patched bugs.


    There is always zero days vulnerability. Having a firewall can help to
    prevent these vulnerability, since most vulnerability assumed a vanilla
    system.

    > - Personal firewalls cannot protect services that are supposed to be
    > accessible to begin with.


    Personal firewalls should not be used for web server in the first place.

    > - When the user is working with admin privileges, personal firewalls can
    > be disabled from the inside, even if they employ rootkit techniques.


    That is true even for hardware firewall, and it is true for any kind of
    protection. Even a moderately security conscious people would not be as
    foolish to run as Administrator nowadays.

    > - Malware should be prevented from being run in the first place, not
    > from communicating outbound after it's already running. There are
    > various measures helping to achieve the former, including, but not
    > limited to: disabling autostart on removable media, using Software
    > Restriction Policies, setting appropriate "execute" permissions, or
    > running (up-to-date) AV software.


    HAHAHAHAHAHAHAHAHAHA!!

    What a laugh... I'm sure in your unfirewalled system there is a worm
    that is currently contacting home, and you are CLUELESS about its
    existence because your firewall didn't tell you (OOOOPSS I forgot you
    don't have firewall).

    Fully updated antivirus? Do you think a "fully updated antivirus" stand
    a chance to zero day vulnerability? A firewall has a much better chance
    against zero days since it does not rely on signatures.

    > - The popups of personal firewalls are more confusing than anything
    > else, because in order to understand these messages, the user would
    > have to have a good understanding of both networking and Windows
    > internals. Which is quite uncommon with the target group of personal
    > firewalls.


    I doubt that. If there is a program named autorun.exe trying to get
    access to Internet, I'm sure anyone moderately computer literate will be
    suspicious.

    > - The logging of personal firewalls usually is laughable, since vital
    > information is omitted.


    How is no logging compared to some logging?

    > On top of that, more often than not personal firewalls introduce
    > additional vulnerabilities on the system they're supposed to protect:
    >
    > - Automatic network shunning (default with various personal firewalls)
    > can be abused by an attacker for a DoS attack.


    Which is better than compromised system. Anyway, most personal firewall
    can selectively block the attacker's IP address without blocking the
    whole network.

    > - Some personal firewalls run interactive services with elevated
    > privileges, making them susceptible to shatter attacks.


    Better than an unfirewalled system, which can be easily turned to a
    zombie without any effort to do shattering.

    > - Exploitable bugs in personal firewalls can be used to compromise the
    > system. This has already happened ITW (W32/Witty.worm).


    A worm can only target a very small and specific set of firewall. In the
    case of Witty worm, it can only break through ISS firewall, it won't be
    able to break my Comodo's firewall or my Kerio's firewall. By adding
    diversity, it makes it harder for worm to have widespread impact. By
    having uniform configuration (i.e. all no firewall) it is only a matter
    of time before the worm makes the next hops.

    > And you dare calling the critics of personal firewalls ignorant?


    And you dare calling yourself know anything about security?

  10. #10
    Frank Merlott
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    After serious thinking Martin C wrote :
    > From reading this newsgroup, there seem to be an incredible number of
    > postings that basically say that no personal firewall should be used on a PC
    > as they are all basically snake oil and don't really do much.
    >
    > I am not sure if these responses are just from trolls that like to slag off
    > everything, or whether there is truth behind it all.
    >
    > This therefore leads to the following question.
    >
    > If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor etc
    > are no good, then what should be used? Or are these guys saying that we
    > should just stick with a normal router and the Windows Firewall? Or are we
    > talking about a major investment in hardware?
    >
    > This is a genuine question, not a 'light blue touch paper and stand back'
    > goad.
    >
    > TIA
    >
    > Martin.


    You could get an old machine and use some linux distribution as a
    firewall, but you will need to know what you are doing.

    The best firewall is the one you build yourself and on its own
    dedicated box.

    IPCop is a great Linux Firewall if you have a spare computer to install
    it. And your main computer can still run Windows or anything else you
    like.

    http://www.ipcop.org/

    --
    Privacylover: http://www.privacylover.com



  11. #11
    Gary
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    I think this sums it up rather well for Windows firewalls:

    "Instead of reducing the number of network-aware services, a personal
    firewall is an additional service that consumes system resources and can
    also be the target of an attack as exemplified by the Witty worm.

    If the system has been compromised by malware, spyware or similar
    software these programs can also manipulate the firewall because both
    are running on the same system. It may be possible to bypass or even
    completely shut down software firewalls in such a manner.

    The high number of alerts generated by such applications can possibly
    desensitize users to alerts by warning the user of actions that may not be
    malicious (e.g. ICMP requests).

    Software firewalls that interface with the operating system at the kernel
    mode level may potentially cause instability and/or introduce security
    flaws and other software bugs."

    http://en.wikipedia.org/wiki/Persona...all#Criticisms

  12. #12
    Kayman
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On 13 Mar 2009 10:57:02 GMT, Rick wrote:

    > "Martin C" <martinC@invalid.com> wrote in
    > news:49ba16d9$1_1@glkas0286.greenlnk.net:
    >>
    >> From reading this newsgroup, there seem to be an incredible number of
    >> postings that basically say that no personal firewall should be used
    >> on a PC as they are all basically snake oil and don't really do much.

    >
    >
    > Personal firewalls are one of those things that people love to argue back
    > and forth. Both sides have some validity to their views so the argument
    > goes on ad infinitum. Sort of like asking "which auto brand is better,
    > Ford, Chevy or Chrysler?"
    >
    >
    >> This therefore leads to the following question.
    >>
    >> If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor
    >> etc are no good, then what should be used? Or are these guys saying
    >> that we should just stick with a normal router and the Windows
    >> Firewall? Or are we talking about a major investment in hardware?

    >
    >
    > IMHO - Security cannot be guaranteed by any single thing or even any
    > combination of things, whether they be hardware, software or both. That's
    > what makes it difficult for many people. They come in here or other
    > newsgroups/forums and ask whether "this product" or "that software" will
    > keep them safe. More often than not, someone will jump in and give you
    > their recommendation and someone else will jump in and tell you that
    > recommendation isn't effective.
    >
    > For what little it is worth, here are my recommendations for home users
    > with moderate needs for security:
    >
    > #1) use an NAT router. while these are NOT the same as a real firewall,
    > they do tend to block a number of avenues of attack. Make sure you change
    > any default passwords that the router uses to control access to its
    > configuration menus and turn off UPnP unless you really need it (the vast
    > majority of home users will not need it).
    >
    > #2) make sure you have all available Windows security updates installed,
    > including IE7 if you use Internet Explorer as a browser (you might want to
    > consider using a different browser such as Firefox).
    >
    > #3) make sure you have the latest updates for Java, Acrobat Reader, Firefox
    > (if you use it) and Flash since they are popular avenues of attack. Be
    > aware that when Java updates are installed, the older versions are not
    > removed. Unless you have a real need for the older versions, it is usually
    > best to remove them and only run the latest version.
    >
    > #4) run a decent quality antivirus program with background scanning. For
    > home users on a tight budget and with modest security needs, the free AV
    > software from Antivir (has an annoying nag screen), Avast (the one I
    > usually recommend for home users) or AVG are available. For a reasonable
    > (IMHO) cost, Antivir, NOD32, or Kaspersky are good choices for an AV
    > program (the latest version of Norton may move into that category but I
    > haven't seen any good reviews of its effectiveness yet). For what it's
    > worth, I'm not fond of "Internet Security Suites" regardless of the
    > manufacturer. I find them to mostly be bloated hogs that really drag down
    > system performance without adding much in the way of real security. Use the
    > built-in Windows firewall instead.
    >
    > #5) use a dedicated antimalware program as a "second opinion" security
    > scanner just in case. Since no single AV scanner is 100% effective, it is a
    > good idea to run one of these on occasion. I tend to recommend the free
    > version of either SuperAntispyware or Malware Byte's AntiMalware for home
    > users on a tight budget. They have to be run manually but that should be
    > sufficient. The for-pay versions of those programs offer real-time scanning
    > for those who don't want to deal with remembering to run the manual scans.
    >
    > #6) if you use Outlook Express, Outlook or one of their derivatives (such
    > as Incredimail) for your email, I recommend turning off the preview pane.
    >
    > #7) consider additional software/configuration changes such as:
    >
    > - running services
    > http://www.blackviper.com/WinXP/servicecfg.htm)
    >
    > - autoplay/autorun
    > http://antivirus.about.com/od/securi...ht/autorun.htm
    >
    > - codecs
    > http://community.winsupersite.com/bl.../15/finding-a-
    > good-and-safe-codec-package.aspx
    >
    >
    > Of course, nothing can guarantee security. Regardless of how well the
    > system is set up an imaginative idiot can always find a way to circumvent
    > things. Using the above guidelines and keeping in mind the maxim of "it it
    > sounds too good to be true it probably is" will go a long way towards
    > keeping you trouble-free. Avoiding risky behavior also goes without saying.
    > Those who cruise a lot of porn sites and/or those who do a lot of file
    > sharing without knowing exactly what they are doing tend to be the ones who
    > get into trouble the most.
    >
    > Just my 2 cents worth.....


    Deconstructing Common Security Myths.
    http://www.microsoft.com/technet/tec...s/default.aspx
    Scroll down to:
    "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

    Exploring the Windows Firewall.
    http://www.microsoft.com/technet/tec...l/default.aspx
    "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
    impression of improving your security without doing anything that actually
    does improve your security."

    Managing the Windows Vista Firewall
    http://technet.microsoft.com/en-us/m.../cc510323.aspx
    *(read twice!)*

  13. #13
    Kayman
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Fri, 13 Mar 2009 15:52:40 +0200, Geoff Smith wrote:

    > In article <gpdj3fUndsL1@news.in-ulm.de>, usenet-2009@planetcobalt.net
    > says...
    >>
    >> Geoff Smith <geoff915@yahoo.com> wrote:
    >>> Definitely use a NAT router.

    >>
    >> Make sure you disable UPnP on it, though, or malware on a user's
    >> computer will still be able to poke holes in it. Also this doesn't
    >> affect tunneling stuff through other protocols.
    >>
    >>> But in addition to that, ALL of the firewalls you mention are very
    >>> good. Anyone claiming they are snakeoil is just ignorant.

    >>
    >> HAHAHAHAHAHAHAHAHAHAHAHAHAHA!
    >>
    >> - A system that doesn't have any open ports, because it doesn't have any
    >> services listening on the external interface, doesn't need a personal
    >> firewall to protect the system from direct inbound attacks.
    >> - A system that is properly patched isn't vulnerable to attacks
    >> targeting the already patched bugs.
    >> - Personal firewalls cannot protect services that are supposed to be
    >> accessible to begin with.
    >> - When the user is working with admin privileges, personal firewalls can
    >> be disabled from the inside, even if they employ rootkit techniques.
    >> - Malware should be prevented from being run in the first place, not
    >> from communicating outbound after it's already running. There are
    >> various measures helping to achieve the former, including, but not
    >> limited to: disabling autostart on removable media, using Software
    >> Restriction Policies, setting appropriate "execute" permissions, or
    >> running (up-to-date) AV software.
    >> - The popups of personal firewalls are more confusing than anything
    >> else, because in order to understand these messages, the user would
    >> have to have a good understanding of both networking and Windows
    >> internals. Which is quite uncommon with the target group of personal
    >> firewalls.
    >> - The logging of personal firewalls usually is laughable, since vital
    >> information is omitted.
    >>
    >> On top of that, more often than not personal firewalls introduce
    >> additional vulnerabilities on the system they're supposed to protect:
    >>
    >> - Automatic network shunning (default with various personal firewalls)
    >> can be abused by an attacker for a DoS attack.
    >> - Some personal firewalls run interactive services with elevated
    >> privileges, making them susceptible to shatter attacks.
    >> - Exploitable bugs in personal firewalls can be used to compromise the
    >> system. This has already happened ITW (W32/Witty.worm).
    >>
    >> And you dare calling the critics of personal firewalls ignorant?
    >>
    >> cu
    >> 59cobalt

    >
    > Anyone who claims they are snakeoil (i.e. They offer no added protection
    > whatsoever) is ignorant. Of course there are valid criticisms. Are they
    > perfect? No. Are they helpful as an additional layer of protection? For
    > most people, yes.


    Only for the ignorant. Ignorance is not a defensible position.

    > Is it possible that they can include bugs that compromise a system? Yes.
    > But you could say that about ANY piece of software. It's a red herring.
    > If a person wanted to be totally locked down against any possible
    > security vulnerabilities from bugs in software, he/she would have to
    > remove every single piece of software from the computer, including the
    > OS.


    I agree entirely, a lot of people would be far safer with a sheet of paper
    and a pencil, providing the pencil wasn't too sharp.

  14. #14
    Lie Ryan
    Guest

    Re: It seems every firewall is slagged as snake oil. So how shouldit be done?

    Kayman wrote:
    > On 13 Mar 2009 10:57:02 GMT, Rick wrote:
    >
    >> "Martin C" <martinC@invalid.com> wrote in
    >> news:49ba16d9$1_1@glkas0286.greenlnk.net:
    >>> From reading this newsgroup, there seem to be an incredible number of
    >>> postings that basically say that no personal firewall should be used
    >>> on a PC as they are all basically snake oil and don't really do much.

    >>
    >> Personal firewalls are one of those things that people love to argue back
    >> and forth. Both sides have some validity to their views so the argument
    >> goes on ad infinitum. Sort of like asking "which auto brand is better,
    >> Ford, Chevy or Chrysler?"
    >>
    >>
    >>> This therefore leads to the following question.
    >>>
    >>> If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor
    >>> etc are no good, then what should be used? Or are these guys saying
    >>> that we should just stick with a normal router and the Windows
    >>> Firewall? Or are we talking about a major investment in hardware?

    >>
    >> IMHO - Security cannot be guaranteed by any single thing or even any
    >> combination of things, whether they be hardware, software or both. That's
    >> what makes it difficult for many people. They come in here or other
    >> newsgroups/forums and ask whether "this product" or "that software" will
    >> keep them safe. More often than not, someone will jump in and give you
    >> their recommendation and someone else will jump in and tell you that
    >> recommendation isn't effective.
    >>
    >> For what little it is worth, here are my recommendations for home users
    >> with moderate needs for security:
    >>
    >> #1) use an NAT router. while these are NOT the same as a real firewall,
    >> they do tend to block a number of avenues of attack. Make sure you change
    >> any default passwords that the router uses to control access to its
    >> configuration menus and turn off UPnP unless you really need it (the vast
    >> majority of home users will not need it).
    >>
    >> #2) make sure you have all available Windows security updates installed,
    >> including IE7 if you use Internet Explorer as a browser (you might want to
    >> consider using a different browser such as Firefox).
    >>
    >> #3) make sure you have the latest updates for Java, Acrobat Reader, Firefox
    >> (if you use it) and Flash since they are popular avenues of attack. Be
    >> aware that when Java updates are installed, the older versions are not
    >> removed. Unless you have a real need for the older versions, it is usually
    >> best to remove them and only run the latest version.
    >>
    >> #4) run a decent quality antivirus program with background scanning. For
    >> home users on a tight budget and with modest security needs, the free AV
    >> software from Antivir (has an annoying nag screen), Avast (the one I
    >> usually recommend for home users) or AVG are available. For a reasonable
    >> (IMHO) cost, Antivir, NOD32, or Kaspersky are good choices for an AV
    >> program (the latest version of Norton may move into that category but I
    >> haven't seen any good reviews of its effectiveness yet). For what it's
    >> worth, I'm not fond of "Internet Security Suites" regardless of the
    >> manufacturer. I find them to mostly be bloated hogs that really drag down
    >> system performance without adding much in the way of real security. Use the
    >> built-in Windows firewall instead.
    >>
    >> #5) use a dedicated antimalware program as a "second opinion" security
    >> scanner just in case. Since no single AV scanner is 100% effective, it is a
    >> good idea to run one of these on occasion. I tend to recommend the free
    >> version of either SuperAntispyware or Malware Byte's AntiMalware for home
    >> users on a tight budget. They have to be run manually but that should be
    >> sufficient. The for-pay versions of those programs offer real-time scanning
    >> for those who don't want to deal with remembering to run the manual scans.
    >>
    >> #6) if you use Outlook Express, Outlook or one of their derivatives (such
    >> as Incredimail) for your email, I recommend turning off the preview pane.
    >>
    >> #7) consider additional software/configuration changes such as:
    >>
    >> - running services
    >> http://www.blackviper.com/WinXP/servicecfg.htm)
    >>
    >> - autoplay/autorun
    >> http://antivirus.about.com/od/securi...ht/autorun.htm
    >>
    >> - codecs
    >> http://community.winsupersite.com/bl.../15/finding-a-
    >> good-and-safe-codec-package.aspx
    >>
    >>
    >> Of course, nothing can guarantee security. Regardless of how well the
    >> system is set up an imaginative idiot can always find a way to circumvent
    >> things. Using the above guidelines and keeping in mind the maxim of "it it
    >> sounds too good to be true it probably is" will go a long way towards
    >> keeping you trouble-free. Avoiding risky behavior also goes without saying.
    >> Those who cruise a lot of porn sites and/or those who do a lot of file
    >> sharing without knowing exactly what they are doing tend to be the ones who
    >> get into trouble the most.
    >>
    >> Just my 2 cents worth.....

    >
    > Deconstructing Common Security Myths.
    > http://www.microsoft.com/technet/tec...s/default.aspx
    > Scroll down to:
    > "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
    >
    > Exploring the Windows Firewall.
    > http://www.microsoft.com/technet/tec...l/default.aspx
    > "Outbound protection is security theater—it’s a gimmick that only gives the
    > impression of improving your security without doing anything that actually
    > does improve your security."
    >
    > Managing the Windows Vista Firewall
    > http://technet.microsoft.com/en-us/m.../cc510323.aspx
    > *(read twice!)*


    Of course it must be THE TRUTH, it is written by a Firewall vendor that
    are not competent enough to provide two-way filtering.

  15. #15
    Lie Ryan
    Guest

    Re: It seems every firewall is slagged as snake oil. So how shouldit be done?

    Gary wrote:
    > I think this sums it up rather well for Windows firewalls:
    >
    > "Instead of reducing the number of network-aware services, a personal
    > firewall is an additional service that consumes system resources and can
    > also be the target of an attack as exemplified by the Witty worm.


    Witty worms only targets specific firewall from specific vendor, not
    something to be bothered.

    > If the system has been compromised by malware, spyware or similar
    > software these programs can also manipulate the firewall because both
    > are running on the same system. It may be possible to bypass or even
    > completely shut down software firewalls in such a manner.


    Yeah, it is possible but for such thing to happen the malware has to
    bring a payload to disable it. That means the malware writer must write
    codes to bypass all firewall in existence. That means the malware writer
    must be a real genius to know how to bypass all firewall.

    > The high number of alerts generated by such applications can possibly
    > desensitize users to alerts by warning the user of actions that may not be
    > malicious (e.g. ICMP requests).
    >
    > Software firewalls that interface with the operating system at the kernel
    > mode level may potentially cause instability and/or introduce security
    > flaws and other software bugs."


    That is actually fine. Each system would have different security flaws,
    which means there is no single malware that could disable them all.

  16. #16
    Root Kit
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Sat, 14 Mar 2009 04:33:43 GMT, Lie Ryan <lie.1296@gmail.com> wrote:

    >Gary wrote:
    >> I think this sums it up rather well for Windows firewalls:
    >>
    >> "Instead of reducing the number of network-aware services, a personal
    >> firewall is an additional service that consumes system resources and can
    >> also be the target of an attack as exemplified by the Witty worm.

    >
    >Witty worms only targets specific firewall from specific vendor, not
    >something to be bothered.


    Following your logic, instead of securing the systems we use, fill
    them with vulnerable software of various flavors in order to confuse
    malware writers.....

    >> If the system has been compromised by malware, spyware or similar
    >> software these programs can also manipulate the firewall because both
    >> are running on the same system. It may be possible to bypass or even
    >> completely shut down software firewalls in such a manner.

    >
    >Yeah, it is possible but for such thing to happen the malware has to
    >bring a payload to disable it. That means the malware writer must write
    >codes to bypass all firewall in existence. That means the malware writer
    >must be a real genius to know how to bypass all firewall.


    You don't know what you're talking about. Bypassing all firewalls have
    been done already by normally skilled programmers with the necessary
    understanding of windows.

    >> The high number of alerts generated by such applications can possibly
    >> desensitize users to alerts by warning the user of actions that may not be
    >> malicious (e.g. ICMP requests).
    > >
    >> Software firewalls that interface with the operating system at the kernel
    >> mode level may potentially cause instability and/or introduce security
    >> flaws and other software bugs."

    >
    >That is actually fine. Each system would have different security flaws,
    >which means there is no single malware that could disable them all.


    How exactly do you think today's malware writers who write malware for
    money are spending their time?

  17. #17
    Root Kit
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Fri, 13 Mar 2009 10:24:31 +0000 (UTC), Bit Twister
    <BitTwister@mouse-potato.com> wrote:

    >If you have no services which respond to inbound connections then the
    >firewall is not needed. If running Micro$oft, we know there are a few
    >open services. :)


    >Therefore you need a firewall.


    Or the better option: shut them down. Why have potentially vulnerable
    network services running if you don't need them?

    >We know malware either disables the firewall or poke holes in the OS firewall.
    >Therefore, it is better to have a router or dedicated hardware
    >firewall as first line of defense.
    >
    >If you have two or more M$ systems on the same network, then each system
    >needs a firewall for protection from the other M$ system. :(
    >Latest example, Conficker malware is now on version 3.


    You either need or don't need to provide network services to others in
    the same network. A firewall is not the most obvious solution to that.

    >When you get a firewall popup about some application wanting to get
    >out you can start worrying/wondering if you have an infection or was
    >it an official windows update.


    The main security related issue here is that you actually expect to
    get a pop-up.

    Another issue is that the vast majority of warnings you get are false
    positives which lowers your awareness.

    >Even then you have no protection there
    >if malware attaches it's self to an application you have already
    >authorized outbound access. :(
    >
    >General stats seem to indicate the Anti-Virus vendors will get you an
    >update to find it about 6 weeks later. :-(


    Which is why your main focus should be to prevent unauthorized code to
    run.

  18. #18
    Root Kit
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Sat, 14 Mar 2009 04:26:48 GMT, Lie Ryan <lie.1296@gmail.com> wrote:

    >Of course it must be THE TRUTH, it is written by a Firewall vendor that
    >are not competent enough to provide two-way filtering.


    Correction: They are competent enough to realize and honest enough to
    admit that their system does not provide the base for reliable
    outbound filtering.

  19. #19
    G
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    In article <1nsu8drso2vu7$.1qew4l4obuwn2$.dlg@40tude.net>, kayhkay-
    nospam-@operamail.com says...
    >
    > On 13 Mar 2009 10:57:02 GMT, Rick wrote:
    >
    > > "Martin C" <martinC@invalid.com> wrote in
    > > news:49ba16d9$1_1@glkas0286.greenlnk.net:
    > >>
    > >> From reading this newsgroup, there seem to be an incredible number of
    > >> postings that basically say that no personal firewall should be used
    > >> on a PC as they are all basically snake oil and don't really do much.

    > >
    > >
    > > Personal firewalls are one of those things that people love to argue back
    > > and forth. Both sides have some validity to their views so the argument
    > > goes on ad infinitum. Sort of like asking "which auto brand is better,
    > > Ford, Chevy or Chrysler?"
    > >
    > >
    > >> This therefore leads to the following question.
    > >>
    > >> If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor
    > >> etc are no good, then what should be used? Or are these guys saying
    > >> that we should just stick with a normal router and the Windows
    > >> Firewall? Or are we talking about a major investment in hardware?

    > >
    > >
    > > IMHO - Security cannot be guaranteed by any single thing or even any
    > > combination of things, whether they be hardware, software or both. That's
    > > what makes it difficult for many people. They come in here or other
    > > newsgroups/forums and ask whether "this product" or "that software" will
    > > keep them safe. More often than not, someone will jump in and give you
    > > their recommendation and someone else will jump in and tell you that
    > > recommendation isn't effective.
    > >
    > > For what little it is worth, here are my recommendations for home users
    > > with moderate needs for security:
    > >
    > > #1) use an NAT router. while these are NOT the same as a real firewall,
    > > they do tend to block a number of avenues of attack. Make sure you change
    > > any default passwords that the router uses to control access to its
    > > configuration menus and turn off UPnP unless you really need it (the vast
    > > majority of home users will not need it).
    > >
    > > #2) make sure you have all available Windows security updates installed,
    > > including IE7 if you use Internet Explorer as a browser (you might want to
    > > consider using a different browser such as Firefox).
    > >
    > > #3) make sure you have the latest updates for Java, Acrobat Reader, Firefox
    > > (if you use it) and Flash since they are popular avenues of attack. Be
    > > aware that when Java updates are installed, the older versions are not
    > > removed. Unless you have a real need for the older versions, it is usually


    All the links you point to are from Microsoft itself. I'm not
    comfortable putting 100% faith in what they have to say. The holes and
    flaws in their OS is what has allowed the security issues to become so
    significant today. And the arguments I read are always filled with
    "might", "could", "possibly" and things like that.

    If you don't want to use a software firewall, fine. Many people find
    them useful. To call them "snakeoil" is to imply that they do absolutely
    nothing. And that just isn't true.

  20. #20
    Root Kit
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Fri, 13 Mar 2009 15:52:40 +0200, Geoff Smith <geoff915@yahoo.com>
    wrote:

    >Anyone who claims they are snakeoil (i.e. They offer no added protection
    >whatsoever) is ignorant. Of course there are valid criticisms. Are they
    >perfect? No. Are they helpful as an additional layer of protection? For
    >most people, yes.


    You sound just like a marketing guy being hit by technical facts.

Similar Threads

  1. Gas Prices
    By Sava700 in forum General Discussion Board
    Replies: 1252
    Last Post: 01-20-15, 04:20 PM
  2. Bush to Congress: Embrace energy exploration now
    By Debbie in forum General Discussion Board
    Replies: 64
    Last Post: 06-20-08, 02:55 PM
  3. Oil exec: Prices driven by 'fundamentals'
    By Roody in forum General Discussion Board
    Replies: 66
    Last Post: 05-21-08, 08:57 PM
  4. Replies: 22
    Last Post: 12-20-06, 04:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •