Re: OT Antivirus / firewall

Moog brought next idea :
Pope Pompous XVIII illuminated uk.sport.football.clubs.liverpool by typing:
After serious thinking Strawberry wrote :
In article <1194362259.745505.123960@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, franco_spencer@xxxxxxxxx says...
fucking geek

lol

I don't know why he replies to me as he knows he is on my killfile. He has a point that some firewalls such as Zonealarm do phone home but it's been proven it's nothing malicious. However I think it's only the free ones that do this. In other words you get what you pay for.
As for blocking ports it's nonsense as any good trojan could just Port 80 and still get through your hardware firewall.

and the software firewall will stop this?

Yes. It blocks access to processes and apps that you haven't given internet access to.

*Some* software firewalls do. Care to look at Matousec's leak tests showing how "leaky" most of these so-called firewalls really are?

http://tinyurl.com/yzuw9a

Your PCTools firewall rates very poorly, allowing some of the most malicious trojans through without as much as a whimper. The protection offered by the AVG firewall is completely non-existent. AVG have admitted themselves their software firewall offers inbound-only protection. As does the Windows XP SP2 software firewall.

Thus you can't just blithely state that a software firewall will give you protection against malicious outbound traffic. I would rely on just two software firewalls to do this reliably -- Agnitum Outpost Pro and Jetico 2.

The rest do not implement it or fail to implement it properly.

do you create a unique rule for every single process and every single browser request requiring access to port 80 then?

No. You create a rule to *allow* unknown process access. If you don't,
it simply doesn't get through a software firewall.

Unless of course it piggy-backs on traffic going through port 443

or port 22

Or it takes advantage of a loophole in the firewall's design

Or the software firewall hasn't been designed to protect you against malicious outbound traffic.

Browser requests through both ActiveX and BHO's (for instance) may be allowed at browser level rather than firewall level. Hence why you
need to use secure browsing tips and perhaps even "add-ons". Generally
though, any change to any .exe's file size, version number or write
date will prompt a software firewall to block external access. The
changed process won't be allowed through, unless you specifically allow
it.

See above.

Anyway, your dubious warning about ZoneAlarm "phoning home" has been
commented on by Zonelabs and you either believe their explanation or
not. BTW. I've yet to see it try and access the outside world via my
VPN/Firewall/Unix appliance.

As I told you before, ZoneAlarm Free will go out on port 80 to a Checkpoint/Zonelabs server. Unless you block HTTP traffic to the various servers they use, by IP address, I don't think you're outer appliance actually does block ZA phoning home. Don't take my word for it; stick the Wireshark Packet Sniffer on your Unix box and watch it phone home. Same for Comodo Free. A real threat to privacy that one. If you can't rely on your software firewall then it's time to stick in a hardware firewall and boot up your packet sniffer, coz these bastards are up to everything.


If that worries you. There is always PCtools firewall plus as a decent
alternative. I would reccomend home users using one or the other even
if they do have a router and know how to set it up. Denying
application/process access is a must unless you're behind well set up corporate level security appliances.

PCTools gives negligible protection against outbound attacks.

Anti-Virus? AVG free edition. While you're there, also get AVG Spyware
free edition. Free programs that do as good a job as most professional
software. NOD32 for instance. If you really must pay, then Kaspersky
is probably the best, but why on earth bother? If you are running in a
business environment, you are obliged to pay BTW.

If people don't care about having keyloggers and rootkits on their systems then I agree wholeheartedly. Why bother paying for an excellent security solution when you can have a mixed bag of free alternatives to do a reasonable job instead?

OK. So my suggestions for a home windows box are as follows.

1) AVG Ant-virus free
2) AVG Anti-spyware free
3) PCTools Firewall Plus
4) Windows Defender (this requires a wga check)

You won't run into many problems other than ActiveX threats and
Browser Helper Objects with the above protection. As alway be careful
whith applications and processes. When your firewall pops up asking if
you want to allow access to a specific app/process then do a little
research on it via google to see if others have been haivng issues
with it.

So what do you say about the court case taken by one purveyor of spyware against Microsoft to prevent them from identifying their software as spyware? Microsoft quickly pulled this spyware from their Windows Defender database and it can now happily reside on the user's system, safe in the knowledge Microsoft will readily bow to pressure from the spyware companies to avoid a court battle.

yes good thinking Moog.

Alternatively. Ditch windows completely and learn about Linux in
conjunction with IPTables and hosts files. As those that can read
headers will see, this is what I use quite successfully.

Or OpenBSD, which has even fewer holes than any Linux flavour.


.