Re: Agnitum Outpost blocking everything
- From: Art <null@xxxxxxxxx>
- Date: Wed, 31 Aug 2005 12:21:33 GMT
On Wed, 31 Aug 2005 02:26:29 GMT, "Beauregard T. Shagnasty"
<a.nony.mous@xxxxxxxxxxxxxxx> wrote:
>>>> Malware can easily defeat sw firewalls.
>>>
>>> Regarding that, do you know if said malwares generally target
>>> only the prominent firewalls (Norton, McAfee, ZoneAlarm..) or do
>>> they look for all the others (Kerio, Sygate, etc), too?
>>
>> I wasn't speaking of any particular malware. I was pointing out the
>> faulty logic of trusting sw firewalls to alert to Trojans.
>
>Well, I thought you could provide some kind of example. Y'know, cite
>and defend your statement? :-)
Since when does logic need to be defended? And don't rely on security
by obscurity. Kerio, Sygate and Outpost are just as likely to be
disabled by malware as ZA and the others you mentioned.
>>>> A sw firewall isn't particulaly demanding of RAM and other
>>>> system resources nowdays, so if it gives users the warm fuzzies
>>>> to use one, by all means use one. But it's unnecesary ... just
>>>> as realtime av is unnecessary.
>>>
>>> Probably still better than nothing, as certainly all malware
>>> won't be disabling them.
>>
>> If it gives you the warm fuzzies :) It doesn't do anything for me.
>> I have Sygate installed and rarely use it.
>
>I don't need the warm fuzzies, either. <g> I'm suggesting it for
>those with small amount of clue.
Just don't place too much confidence in having just one method of
finding malware/spyware infestations.
The latest av offering from KAV, for example, offers multiple methods
of detection, including a intrusion detection module for the clueless.
Their version 6 KIS (Kaspersky Internet Security) requires the fastest
PC available so as to not choke it to death.
Since that's the direction things are going, it's more important than
ever to address prevention and safe hex alternatives.
Those who don't have a clue and refuse to learn prevention are
hopeless. They don't even know enough to stay off the internet
when hit by a worm or RAT. Telling them to use a sw firewall to
alert them to the inevitable infestation is actually just a lot of
arm waving :)
>> The point is that if your realtime av or your sw fireall go "ding",
>> you're doing something wrong. So fix _that_ problem rather than
>> screwing around.
>
>You can use them for other pertinent reasons too, such as alerting you
>each time Internet Exploder starts up. I never use the thing, but some
>years ago I was testing a piece of trialware and had forgotten about
>it. A few days after the 30-day period, I started the app, and it
>immediately opened IE, and went to a web page with my OE default email
>address attached to the URL. Since that day, IE is on "the list."
>Now, I don't use OE either, so the default address was a mung. But
>newbies don't know to do that.
Any app that starts IE is a Trojan. What app was it? I'm sure you
didn't have IE as your default browser.
If I ever found such a Trojan, I'd submit it to Kaspersky and others
so they could offer detection.
BTW, if you never use OE, how could it have your email addy?
Art
http://home.epix.net/~artnpeg
.
- References:
- Agnitum Outpost blocking everything
- From: Jim Scott
- Re: Agnitum Outpost blocking everything
- From: Tom J
- Re: Agnitum Outpost blocking everything
- From: Beauregard T. Shagnasty
- Re: Agnitum Outpost blocking everything
- From: Tom J
- Re: Agnitum Outpost blocking everything
- From: Beauregard T. Shagnasty
- Re: Agnitum Outpost blocking everything
- From: Art
- Re: Agnitum Outpost blocking everything
- From: Beauregard T. Shagnasty
- Re: Agnitum Outpost blocking everything
- From: Art
- Re: Agnitum Outpost blocking everything
- From: Beauregard T. Shagnasty
- Agnitum Outpost blocking everything
- Prev by Date: Mcafee virus alert messages
- Next by Date: Re: activate
- Previous by thread: Re: Agnitum Outpost blocking everything
- Next by thread: Re: Agnitum Outpost blocking everything
- Index(es):
Relevant Pages
|
