Which Firewall?

Archived from groups: comp.security.firewalls (More info?)

I am interested to know which type of firewall is adequate for a home
PC, I have been recommended to use either Norton Personal Firewall
2004 or McAfee Personal Firewall, are these appropriate or can anybody
recommend suitable alternatives.

Thanks for any help.

Neil
65 answers Last reply
More about which firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    Neil Mort wrote:

    > I am interested to know which type of firewall is adequate for a home
    > PC,

    Simply configure your system properly and you don't need any suspisious
    third party so called 'firewall' software.

    http://www.ntsvcfg.de/ntsvcfg_eng.html

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  2. Archived from groups: comp.security.firewalls (More info?)

    In article <c9kf6j$3o9$1@news.shlink.de>, wolfgang@shconnect.de says...
    > Neil Mort wrote:
    >
    > > I am interested to know which type of firewall is adequate for a home
    > > PC,
    >
    > Simply configure your system properly and you don't need any suspisious
    > third party so called 'firewall' software.
    >
    > http://www.ntsvcfg.de/ntsvcfg_eng.html

    Which doesn't happen in the real world for most users - most of them can
    barely follow instructions let alone configure their machines to work
    properly.

    Anyone with a home PC should get a border device, a NAT router, and then
    run quality Anti-Virus software on their machine. These two things alone
    will prevent more problems that most of the other solutions combined.

    One more thing, if you set the internet explorer "Internet" security
    settings to HIGH you are less likely to have problems while browsing
    sites that may contain malicious code. Setting the security setting for
    the internet zone to HIGH has it's own issues, but it's easy to work
    with.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  3. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    news:c9kf6j$3o9$1@news.shlink.de...
    > Neil Mort wrote:
    >
    > > I am interested to know which type of firewall is adequate for a home
    > > PC,
    >
    > Simply configure your system properly and you don't need any suspisious
    > third party so called 'firewall' software.

    I'm sorry but that is complete bollocks. The vast majority of computers
    users can hardly configure their computers to print let alone configure the
    operating system to make it secure. Even if they could they would be unable
    to maintain it in the correct state.

    Your advice is bad, wrong and downright unhelpful.

    If you think your system really is secure, post your public IP address :-)
  4. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 2 Jun 2004 13:54:57 +0100, "Mike" <nospam@notherematey.com> wrote:


    >> Simply configure your system properly and you don't need any suspisious
    >> third party so called 'firewall' software.
    >
    >I'm sorry but that is complete bollocks.

    You're being charitable Mike.

    >The vast majority of computers
    >users can hardly configure their computers to print let alone configure the
    >operating system to make it secure. Even if they could they would be unable
    >to maintain it in the correct state.

    Quite, to assume that they would just 'know' how to lock down a system
    properly is nonsense.

    >
    >Your advice is bad, wrong and downright unhelpful.


    Quite, his assertions in

    Message-ID: <c9kin6$480$1@news.shlink.de>


    w.r.t the sage advice of implementing defence in depth using a dedicated
    router and host based measures are utterly ridiculous.


    greg


    >
    --
    "vying with Platt for the largest gap
    between capability and self perception"
  5. Archived from groups: comp.security.firewalls (More info?)

    "Mike" <nospam@notherematey.com> wrote in
    news:c9kin1$c81$1@thorium.cix.co.uk:

    >
    > "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    > news:c9kf6j$3o9$1@news.shlink.de...
    >> Neil Mort wrote:
    >>
    >> > I am interested to know which type of firewall is adequate for a
    >> > home PC,
    >>
    >> Simply configure your system properly and you don't need any
    >> suspisious third party so called 'firewall' software.
    >
    > I'm sorry but that is complete bollocks. The vast majority of
    > computers users can hardly configure their computers to print let
    > alone configure the operating system to make it secure. Even if they
    > could they would be unable to maintain it in the correct state.
    >
    > Your advice is bad, wrong and downright unhelpful.


    I work in customer support and can confirm that! Not only do most
    users not know how to configure their computers for security, so many
    of them don't want to learn how to get "under the hood" and do anything
    but use the program(s) they purchase! They complain "you don't need to
    know how to repair your car in order to drive, why should you need to
    know how to <name just about anything necessary to update, configure,
    etc> your computer to use it?"

    Ppfflllt is what I'd like to say to them!

    Sherry
  6. Archived from groups: comp.security.firewalls (More info?)

    Neil Mort wrote:
    > I am interested to know which type of firewall is adequate for a home
    > PC, I have been recommended to use either Norton Personal Firewall
    > 2004 or McAfee Personal Firewall, are these appropriate or can anybody
    > recommend suitable alternatives.
    >
    > Thanks for any help.
    >
    > Neil

    Despite what the others are arguing about. It is wise to configure a
    firewall for your system. You have doubtless spent a good deal of time
    and money on it.

    I assume here that you are focusing on a host-base software solution, So
    I will answer that question, and ALSO suggest that you look at getting a
    hardware firewall too. The principle for doing so is sound and ancient,
    defence-in-depth. If you were to have only a single line of defence then
    once it is comprimised so are your assets. Two or more levels of
    defence, perferably of different technologies will provide additional
    levels of protection. On my home systems I run a hardware firewall AND
    different software firewalls on different systems.

    I use ZoneAlarm, but and very impressed with sygate. ZoneAlarm does a
    good job byt the sygate systems seems to be more configurable and
    responsive. Both are good tools.

    Personally I don't like the Norton products anymore. If you were to try
    to uninstall them it is likely that the uninstall will mess up the
    entire system and not work correctly in the first place. Granted this
    experience comes from my use of Norton Anti-Virus. But, I happened
    multiple times, over many years, and on many systems. This is enough of
    a reason for me to avoid Norton labeled products.

    I would also suggest strongly that you enhance your 'defence-in-depth'
    with other tools, like Antivirus, Spyware tools and refrain from using
    MS IE and outlook.

    Good luck
    bk
  7. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > Anyone with a home PC should get a border device, a NAT router,

    Unneccessary, as long as the sytem does not offer any services.

    > and then run quality Anti-Virus software on their machine.

    What for? To realize that this 'quality Anti-Virus software' will either
    produce false positives and that a certain period exists, during which the
    system is vulnerable due to the fact, that the scanner lacks the virus
    pattern?

    > These two things alone
    > will prevent more problems that most of the other solutions combined.

    One thing prevents them all: a secure configuration of the OS and a skilled
    user.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  8. Archived from groups: comp.security.firewalls (More info?)

    In article <c9kin6$480$1@news.shlink.de>, wolfgang@shconnect.de says...
    > Leythos wrote:
    >
    > > Anyone with a home PC should get a border device, a NAT router,
    >
    > Unneccessary, as long as the sytem does not offer any services.

    If you feel that your advice is sound, then post a link that clearly
    shows how to "fully secure" a Windows 98, Windows XP Home and Windows XP
    Professional system against all viruses and exploits.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  9. Archived from groups: comp.security.firewalls (More info?)

    Mike wrote:

    >> Simply configure your system properly and you don't need any suspisious
    >> third party so called 'firewall' software.
    >
    > I'm sorry but that is complete bollocks.

    It is not.

    > The vast majority of computers
    > users can hardly configure their computers to print let alone configure
    > the operating system to make it secure.

    The place for complaining about that is the manufacturer of the OS in
    question.

    > Even if they could they would be
    > unable to maintain it in the correct state.

    see above.

    > Your advice is bad, wrong and downright unhelpful.

    You can't secure a system by adding code. Esspecially you can't secure a
    system by adding code from third party vendors if you don't have access to
    the kernel sources. Mode code means more complexity, thus more
    possibilities for errors.

    > If you think your system really is secure, post your public IP address :-)

    Have you ever looked into the headers of my postings?

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  10. Archived from groups: comp.security.firewalls (More info?)

    Neil Mort wrote:
    > I am interested to know which type of firewall is adequate for a home
    > PC, I have been recommended to use either Norton Personal Firewall
    > 2004 or McAfee Personal Firewall, are these appropriate or can anybody
    > recommend suitable alternatives.
    >
    > Thanks for any help.
    >
    > Neil

    software based firewalls are garbage IMO.
    Take a look at the hardware based alternatives.
    Can't go wrong with either soinicwall, watchguard or cisco PIX series.

    -Sean Weintz

    --
    Copyright 2004 T. Sean Weintz
    This post may be copied freely without
    the express permission of T. Sean Weintz.
    T. Sean Weintz could care less.
    T. Sean Weintz is in no way responsible for
    the accuracy of any information contained in
    any usenet postings claiming to be from
    T. Sean Weintz. Users reading postings from
    T. Sean Weintz do so at their own risk.
    T. Sean Weintz will in no way be liable for
    premature hair loss, divorce, insanity,
    world hunger, or any other adverse relults
    that may arise from reading any usenet
    posting attributed to T. Sean Weintz

    ALSO - FWIW, The following WHOIS Record is years out of date:
    Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    Sean Weintz
    462 Sixth Street , #A
    Brooklyn, NY 11215
  11. Archived from groups: comp.security.firewalls (More info?)

    Mike wrote:

    >
    > "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    > news:c9kf6j$3o9$1@news.shlink.de...
    >> Neil Mort wrote:
    >>
    >> > I am interested to know which type of firewall is adequate for a home
    >> > PC,
    >>
    >> Simply configure your system properly and you don't need any suspisious
    >> third party so called 'firewall' software.
    >
    > I'm sorry but that is complete bollocks. The vast majority of computers
    > users can hardly configure their computers to print let alone configure
    > the operating system to make it secure. Even if they could they would be
    > unable to maintain it in the correct state.

    You most definitely should not be sorry. Politeness is fine but there are
    limits...

    > Your advice is bad, wrong and downright unhelpful.

    I second that.
    --
    Mailman
  12. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > In article <c9kf6j$3o9$1@news.shlink.de>, wolfgang@shconnect.de says...
    >> Neil Mort wrote:
    >>
    >> > I am interested to know which type of firewall is adequate for a home
    >> > PC,
    >>
    >> Simply configure your system properly and you don't need any suspisious
    >> third party so called 'firewall' software.
    >>
    >> http://www.ntsvcfg.de/ntsvcfg_eng.html
    >
    > Which doesn't happen in the real world for most users - most of them can
    > barely follow instructions let alone configure their machines to work
    > properly.

    True.

    > Anyone with a home PC should get a border device, a NAT router, and then
    > run quality Anti-Virus software on their machine. These two things alone
    > will prevent more problems that most of the other solutions combined.

    False. Most (home) users do not need a high-end separate device - a good
    software firewall (both Kerio and ZA are free and seem to do a reasonably
    good job) is sufficient to keep out various worms and prevent most attacks
    against known weaknesses. In any case if you use XP do not rely on the
    built-in firewall - it will keep out bad stuff, but not alert you to things
    already on your machine.

    Good AV is important but not enough. Anti-spyware is at least as important.

    > One more thing, if you set the internet explorer "Internet" security
    > settings to HIGH you are less likely to have problems while browsing
    > sites that may contain malicious code. Setting the security setting for
    > the internet zone to HIGH has it's own issues, but it's easy to work
    > with.

    Good advice. In any case disable ActiveX (assuming you use IE - which is a
    BAD idea). Java is optional.
    --
    Mailman
  13. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    news:c9kk29$4dr$1@news.shlink.de...
    > Mike wrote:
    >
    > >> Simply configure your system properly and you don't need any suspisious
    > >> third party so called 'firewall' software.
    > >
    > > I'm sorry but that is complete bollocks.
    >
    > It is not.
    >
    > > The vast majority of computers
    > > users can hardly configure their computers to print let alone configure
    > > the operating system to make it secure.
    >
    > The place for complaining about that is the manufacturer of the OS in
    > question.
    >
    > > Even if they could they would be
    > > unable to maintain it in the correct state.
    >
    > see above.
    >
    > > Your advice is bad, wrong and downright unhelpful.
    >
    > You can't secure a system by adding code. Esspecially you can't secure a
    > system by adding code from third party vendors if you don't have access to
    > the kernel sources. Mode code means more complexity, thus more
    > possibilities for errors.
    >
    > > If you think your system really is secure, post your public IP address
    :-)
    >
    > Have you ever looked into the headers of my postings?

    I'm not sure what you are trying to say...

    Is it "Organization: SHLINK Internet Service" and I should be impressed
    because you are from an ISP? If you are from an ISP you should know better.

    Or is it "NNTP-Posting-Host: fw0.shlink.de" because you have hidden your ip
    address? Which resolves to :

    ;; ANSWER SECTION:
    fw0.shlink.de. 3600 IN A 212.60.1.4

    telnet 212.60.1.4 25
    Trying 212.60.1.4...
    Connected to fw0.shlink.de (212.60.1.4).
    Escape character is '^]'.
    220 fw0.shlink.de (RBL/SPF) ESMTP

    But wait! fw0? Could that be a firewall?? Firewall 0?? Nah! You couldn't
    possibly be advocating users not to use a firewall while using one
    yourself??

    If you don't advocate firewalls, what are you doing in this group?

    Your methods may well be correct and acceptable to you, but in the context
    of the original poster who started by asking wether he needed a firewall and
    was by inference a newbie, telling him to dig into the guts of his operating
    system without even finding out what OS he had is; bad, wrong, stupid,
    irresponsible and unhelpful.

    EOT
  14. Archived from groups: comp.security.firewalls (More info?)

    Greg Hennessy wrote:

    > w.r.t the sage advice of implementing defence in depth using a dedicated
    > router and host based measures are utterly ridiculous.

    Well, I could get angry about that, but I keep calm ...

    Of course there is nothing wrong with 'defence in depth' and several 'lines
    of defense', if done properly and operated by skilled staff. However
    telling unskilled users simply to 'set up a NAT device' has hardly anything
    to to with 'defense in depth'. Several people giving this advice over and
    over again do not get tired claiming that most users are unskilled and
    therefore connot set up their systems properly. May I kindly ask those
    people how these unskilled users can operate a proper 'defense in depth'
    setup? If those users are unskilled (I have no doubt that many of them are
    ....) they will neither be able to read or understand the logs nor draw (the
    right) conclusions from the logs.

    Adding complexity to a system is never the solution when complexity itself
    is the problem.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  15. Archived from groups: comp.security.firewalls (More info?)

    In article <c9knub$4uf$1@news.shlink.de>, wolfgang@shconnect.de says...
    > Greg Hennessy wrote:
    >
    > > w.r.t the sage advice of implementing defence in depth using a dedicated
    > > router and host based measures are utterly ridiculous.
    >
    > Well, I could get angry about that, but I keep calm ...
    >
    > Of course there is nothing wrong with 'defence in depth' and several 'lines
    > of defense', if done properly and operated by skilled staff. However
    > telling unskilled users simply to 'set up a NAT device' has hardly anything
    > to to with 'defense in depth'. Several people giving this advice over and
    > over again do not get tired claiming that most users are unskilled and
    > therefore connot set up their systems properly. May I kindly ask those
    > people how these unskilled users can operate a proper 'defense in depth'
    > setup? If those users are unskilled (I have no doubt that many of them are
    > ...) they will neither be able to read or understand the logs nor draw (the
    > right) conclusions from the logs.
    >
    > Adding complexity to a system is never the solution when complexity itself
    > is the problem.

    There is no complexity when adding a router with NAT to the system -
    most of them are unbox, connect, reboot, forget.

    As with your comments, there is no way that simple users are going to be
    able to secure their machines without "simple, clear" instructions.
    Since most users can't even look for the instructions, don't run Windows
    Update, don't really do anything, getting them a NAT device and quality
    AV software is the next best thing to securing their system.

    I don't expect users to be able to setup their systems correctly, and
    you don't either, at least not based on any clear instructions you've
    posted. A user will do as little as possible (or less).

    The lady down the street from my house had a PC for several years, she
    asked about Road Runner and I told her that she should ask them to
    enable NAT or purchase a NAT device from the local computer store BEFORE
    she got RR installed. Her PC is a Dell system that came configured and
    ready to use with XP Home Edition. She didn't do anything, installed RR,
    and was calling me within a couple days as her computer was constantly
    shutting-down each time it booted. Needless to say, she didn't get the
    Router, didn't get the AV software, and the McCrappy AV software on her
    machine was never registered so it was not updating and didn't detect
    the virus..... Do you really expect someone like that person to "stop
    services" or even know what a service is?

    When you post a clear and concise set of instructions that a typical
    user (like Tracker) could follow, and then see that every home user is
    provided it and follows it, I'll believe that your idea is sound.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  16. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > It's in the details - and most users don't know the details. That's why
    > a NAT device and AV software are so important.

    If they lack knowledge they will not be able to operate the additional
    device/s or software as well.

    If complexity is the problem making a setup more complex is _not_ the
    solution.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  17. Archived from groups: comp.security.firewalls (More info?)

    In article <c9kon2$4uf$3@news.shlink.de>, wolfgang@shconnect.de says...
    > Leythos wrote:
    >
    > > It's in the details - and most users don't know the details. That's why
    > > a NAT device and AV software are so important.
    >
    > If they lack knowledge they will not be able to operate the additional
    > device/s or software as well.
    >
    > If complexity is the problem making a setup more complex is _not_ the
    > solution.

    Um, I don't thing you read the instructions that I posted - Open Box,
    Connect Cables, Turn on Power, Reboot computer. Done. Easier than
    installing a lightbulb.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  18. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > When you post a clear and concise set of instructions that a typical
    > user (like Tracker)

    Come on, though I admit that many users are more or less unskilled,
    comparing them with Tracker is insulting.

    > could follow, and then see that every home user is
    > provided it and follows it, I'll believe that your idea is sound.

    http://www.ntsvcfg.de/ntsvcfg_eng.html

    seems simple enough to me.

    Add :
    1. Use good passwords for _all_ acounts
    2. Never work as administrator unless for sofwtare installation and system
    maintainance tasks. Actually I can't do anything about the fact that the
    vendor of the most widespread operating systems delivers versions of their
    software that allow blank passwords for accounts with administrator
    rights), so could you plaese discuss those topics with Mr. Gates ;-)

    3. and a few more lines what alternative software to use instead of the well
    known virus/worm spreading tools like Outbreak.


    and that is it.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  19. Archived from groups: comp.security.firewalls (More info?)

    In article <c9kpt0$56r$1@news.shlink.de>, wolfgang@shconnect.de says...
    > Leythos wrote:
    >
    > > When you post a clear and concise set of instructions that a typical
    > > user (like Tracker)
    >
    > Come on, though I admit that many users are more or less unskilled,
    > comparing them with Tracker is insulting.
    >
    > > could follow, and then see that every home user is
    > > provided it and follows it, I'll believe that your idea is sound.
    >
    > http://www.ntsvcfg.de/ntsvcfg_eng.html

    Nice site, but there is one problem with it (as quoted from the site):

    Blaster/RPC-Patch:
    Important: don't connect your W2K/XP-PC to the WWW before the RPC patch
    was installed and the security hole in RPC-service (Remote Procedure
    Call, Port 135) was closed. Download this patch on a non-comprommised or
    non-affected system (i.e. Knoppix or Unix/Linux):
    =>http://support.microsoft.com/?kbid=824146
    Which RPC-patch still missed or if it was installed correctly:
    http://support.microsoft.com/?kbid=827363 and
    http://www.pcwelt.de/downloads/system/system-utilities/33185/


    It clearly stats not to connect the computer to the internet until
    "Downloading" the patch - how are home users going to do that?

    If the users were sitting behind a router with NAT they would not have a
    problem being connected, downloading the updates, and staying uninfected
    during the process.

    So, we're back to NAT and AV being the best method to implement at home
    users networks and then getting them to harden their machines second.

    The one thing the site you posted doesn't cover well is users that have
    a laptop and a workstation that want to share files and such between
    their systems - if we followed your idea, they would be hooked to the
    internet via a switch and two public IP, and hacked in a minute.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  20. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:


    >> If they lack knowledge they will not be able to operate the additional
    >> device/s or software as well.
    >>
    >> If complexity is the problem making a setup more complex is _not_ the
    >> solution.
    >
    > Um, I don't thing you read the instructions that I posted - Open Box,
    > Connect Cables, Turn on Power, Reboot computer. Done. Easier than
    > installing a lightbulb.

    And this has what effect? OK, assuming that the NAT implementation of the
    device is functioning correctly (there has been quite some buggy firmware
    in those devices around) this strategy should prohibit all external
    connection attempts. No doubt that this is an important thing to have it is
    but nothing more than a system offering no services.

    And that is all that the NAT device running default configuration will do.
    Nothing more, nothing less. Operating an 'in depth security system' means a
    bit more, you know, I know, the unskilled user doesn't, that is the point.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  21. Archived from groups: comp.security.firewalls (More info?)

    On 2 Jun 2004 03:49:32 -0700, neil_shetland@hotmail.com (Neil Mort)
    wrote:
    >
    >I am interested to know which type of firewall is adequate for a home
    >PC, I have been recommended to use either Norton Personal Firewall
    >2004 or McAfee Personal Firewall, are these appropriate or can anybody
    >recommend suitable alternatives.
    >

    Buy a hardware firewall. It will allow you to connect as many PC's as
    you want to share the same Internet connection while providing true
    firewalling services.

    http://shopping.nowthor.com/0760559110178.html
  22. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    news:c9kpt0$56r$1@news.shlink.de...
    > Leythos wrote:
    >
    > > When you post a clear and concise set of instructions that a typical
    > > user (like Tracker)
    >
    > Come on, though I admit that many users are more or less unskilled,
    > comparing them with Tracker is insulting.
    >
    > > could follow, and then see that every home user is
    > > provided it and follows it, I'll believe that your idea is sound.
    >
    > http://www.ntsvcfg.de/ntsvcfg_eng.html
    >
    > seems simple enough to me.
    >
    > Add :
    > 1. Use good passwords for _all_ acounts
    > 2. Never work as administrator unless for sofwtare installation and system
    > maintainance tasks. Actually I can't do anything about the fact that the
    > vendor of the most widespread operating systems delivers versions of their
    > software that allow blank passwords for accounts with administrator
    > rights), so could you plaese discuss those topics with Mr. Gates ;-)

    More bollocks and misinformation. It is possible to have a blank root
    password in *nix. Stupid, but possible.

    Baseline. A badly configured system, regardless of the OS involved is a
    badly configured system.

    In addition you have amplified the point that you cannot trust users to
    correctly configure their own computers. As Leythos has pointed out several
    times and you seem to be unable to comprehend, with at least a NAT router,
    insecure admin passwords are less of a problem and the solution requires
    zero user input.


    > 3. and a few more lines what alternative software to use instead of the
    well
    > known virus/worm spreading tools like Outbreak.

    So what client should the corporate user use to connect to Exchange server?

    Your view of the world is so narrow.
  23. Archived from groups: comp.security.firewalls (More info?)

    Hi,

    Leythos <void@nowhere.com> wrote:
    >> non-affected system (i.e. Knoppix or Unix/Linux):
    > It clearly stats not to connect the computer to the internet until
    > "Downloading" the patch - how are home users going to do that?

    Knoppix is an excellent piece of software, directly running from a cd.
    Have a look at it.

    Greetings,
    Jens
  24. Archived from groups: comp.security.firewalls (More info?)

    Wolfgang is quite correct. Please a DOS 6.2 machine on the net
    with no services running and guess what ... no problems

    this is the base theory for any hardware firewall. take the OS
    make sure all services are stopped then add the right IP / kernel
    rules to allow forwarding / blocking / inspection etc.

    However To answer the original Question. For you home box I suggest
    ZoneAlarm Pro ... easy to install, your systems knowledge does not need
    to be fantastic and it does the job well. Also better idea to get a
    hardware solution which will give a more effective protection overall

    Cheers

    Graham


    On Wed, 02 Jun 2004 13:54:58 +0200, Wolfgang Kueter wrote:

    > Neil Mort wrote:
    >
    >> I am interested to know which type of firewall is adequate for a home
    >> PC,
    >
    > Simply configure your system properly and you don't need any suspisious
    > third party so called 'firewall' software.
    >
    > http://www.ntsvcfg.de/ntsvcfg_eng.html
    >
    > Wolfgang
  25. Archived from groups: comp.security.firewalls (More info?)

    Graham wrote:
    > Wolfgang is quite correct. Please a DOS 6.2 machine on the net
    > with no services running and guess what ... no problems

    What about the situation where the is a vulnerability in the OS itself?
    In the TCP stack, or the kernel. It does happen, buffer overruns or
    jumping into a stack loaded w/ opcodes (shell coding). Then there are
    various DoS attacks that don't even attempt to gain entry, just to
    render your system/network useless.

    Then there are man-in-the-middle attacks on open, outgoing connections.
    A firewall may or may not help in this situation tho.

    Clearly there does not have to be a service open/active to be
    vulnerable, and a firewall (one or more) can help to mitigate many of
    the effects of these attacks.

    bk
  26. Archived from groups: comp.security.firewalls (More info?)

    In article <10bsac28cmoo83@corp.supernews.com>, sean@snerts-r-us.org
    says...
    > -Sean Weintz

    Usenet standards for Sig's is 4 lines - your sig is WAY longer than 4
    lines. Please trim it.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  27. Archived from groups: comp.security.firewalls (More info?)

    In article <pan.2004.06.02.08.15.32.766527@removethis.thebayleys.com>,
    graham@removethis.thebayleys.com says...
    > Wolfgang is quite correct. Please a DOS 6.2 machine on the net
    > with no services running and guess what ... no problems

    And therein lies the flaw - any OS that connects to the internet and
    provides users with any ability to do anything on the internet is going
    to be open to flaws and security issues. There isn't a single installed
    OS, with applications, that is completely free of security issues.

    Now, with that being said, for your typical home users, a $40 router to
    protect their investment and resources is about as cheap and fool-proof
    as it gets.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  28. Archived from groups: comp.security.firewalls (More info?)

    On 2 Jun 2004 03:49:32 -0700, Neil Mort wrote:

    >I am interested to know which type of firewall is adequate for a home
    >PC, I have been recommended to use either Norton Personal Firewall
    >2004 or McAfee Personal Firewall, are these appropriate or can anybody
    >recommend suitable alternatives.

    I use ZoneAlarm Pro Ver 4.5.594.000 there is also a free version.
    ZA Ver 5 has just been released and has received a mixed reception.
    http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
    --

    Chris Bee
  29. Archived from groups: comp.security.firewalls (More info?)

    Bumblebee wrote:
    ^^^^^^^^^

    Who?

    > I use ZoneAlarm Pro [...]

    I don't. And you don't need either. But besides obtaining a real name you
    need to read: http://www.ntsvcfg.de/ntsvcfg_eng.html

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  30. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    news:c9kfbh$3o9$2@news.shlink.de...
    > Bumblebee wrote:
    > ^^^^^^^^^
    >
    > Who?
    >
    > > I use ZoneAlarm Pro [...]
    >
    > I don't. And you don't need either. But besides obtaining a real name you

    Why do you think there is a problem with him using that name? Its not
    unusual or wrong.
    Anyone who posts to newsgroups with a real email address in their headers
    gets all the spam they deserve.
  31. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 02 Jun 2004 15:24:49 -0400, "T. Sean Weintz"
    <sean@snerts-r-us.org> wrote:
    >
    >Can't go wrong with either soinicwall, watchguard or cisco PIX series.
    >

    Or, let me add, a ZyXEL ZyWALL, which is both Firewall and IPsec
    ICSA-certified.

    http://shopping.nowthor.com/0760559110178.html
  32. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 02 Jun 2004 19:15:41 -0700, Purl Gurl <purlgurl@purlgurl.net> wrote:

    >Chuck wrote:
    <SNIP>

    >> Windows is insecure
    >
    >Unix is insecure.
    >Linux is insecure.
    >BSD is insecure.
    >MAC is insecure.

    They're all insecure, because the internet infrastructure designed years ago is
    insecure. Nobody then imagined how innovative the bad guys would be in using
    the internet, and computers in general, to their advantage. So they can make
    money from us.

    And as soon as *nix et al gain market share, so will the spyware, viruses, and
    other attacks on those systems.

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
  33. Archived from groups: comp.security.firewalls (More info?)

    In article <40BE89CD.479A37AD@purlgurl.net>, purlgurl@purlgurl.net
    says...
    > You only enjoy that security you create and maintain. Even
    > then, all bets are off, thanks to Murphy.

    And the entire point in this thread is that Users = Murphy.

    Another story form my recent past: While I was out of state installing a
    network, my mother inlaw got a Dell (Good for her). I asked her to leave
    it in the box until I got back (1 week). Her son (Mac user, 40+,
    somewhat technical) installed the system directly on her Road Runner
    cable connection.

    In the one weeks time I was gone her machine was infected with 380+
    different spyware apps, and more than 40 virus's/trojans. Needless to
    say, they didn't do anything other than turn it on, get through the
    basic startup config, and start using it. This is your classic user,
    your classic level of users on home systems.

    Had they installed the Linksys router they would have been a LOT better
    off and I would not have had to wipe/reinstall from scratch. I installed
    XP Prof, NAV 2004, Spybot Search & Destroy, set the "Internet" zone to
    "HIGH" and the Trusted Zone to medium, then showed her how to add
    trusted sites to the trusted zone. I also installed her Office XP and
    Outlook XP. She's been running for a couple months now and not one
    problem.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  34. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > Purl Gurl wrote:

    (snipped)

    > > You only enjoy that security you create and maintain. Even
    > > then, all bets are off, thanks to Murphy.

    > And the entire point in this thread is that Users = Murphy.

    "Little pink houses for you and me."


    > In the one weeks time I was gone her machine was infected with 380+
    > different spyware apps, and more than 40 virus's/trojans.

    That's all? She was lucky.


    > Had they installed the Linksys router

    Isn't it amazing how much security is added by a router?

    We use a programmable Linksys for our servers and are
    very pleased, exceptionally pleased. Nothing like
    forwarding jerks to La La Land.

    Yes, the real problem is us, the Murphy people. Most of
    our problems are not based in ignorance nor in being naive.

    Most of our problems, here and out there, are based upon
    our good nature, based upon our trusting nature. Almost
    all of us are decent respectful people who treat others
    well, and inherently view others as decent moral people.

    In walks the internet and the world wide web, just a short
    couple of decades back. Our internet is safe haven for those
    who would do all of us harm. No need to exemplify this, we
    all know of the extreme dangers presented by the net.

    Our "Murphy" is being good and decent people, perhaps even
    endearingly innocent. This prides almost all of us.


    Purl Gurl
  35. Archived from groups: comp.security.firewalls (More info?)

    Purl Gurl wrote:

    > Leythos wrote:
    > > Purl Gurl wrote:

    (snipped)

    > > In the one weeks time I was gone her machine was infected with 380+
    > > different spyware apps, and more than 40 virus's/trojans.

    > That's all? She was lucky.

    For those readers interesting in statistical graphs, you may
    visit our family server here,

    http://www.purlgurl.net/attacks.html/

    On that page you will discover nice graphical charts of actual
    attacks on our server, all serious and currently averaging
    forty to fifty per day. This is not quite an accurate picture,
    for two reasons. The first is obvious; our graphs group and
    display only the top percentage attacks. Results for May 25
    well displays another reason for our graphs not being accurate.

    If you look at our last graph, you will note on May 25 the
    number of attacks spiked to over two-hundred per day, which
    is realistic. As a test of our firmware firewall, on May 25
    I set our external firewall to not firewall at all, set it
    to be a simple transparent gateway, then noted how many "hacks"
    were passed through without our firmware firewall. This afforded
    a good test and affirms our firewall works well.

    Our logging system only logs those hacks which pass through
    our external firewall, so our graphical charts are truly
    well below what is really happening.

    Keep in mind, these are only those hack attempts coming
    in on our static ip address. For a true picture, consider
    how many "internet connections" are out there, at any
    given moment. All connections suffer hack attempts, all.

    For June 1, yesterday, you will note a slight increase in
    problems. This is a result of a group of sociopathic types
    over in the comp.lang.perl.misc newsgroup, being frustrated
    by our sudden rotation and randomizing our security measures.
    A select few of those people are very well known personae
    within the Perl Community and a couple from Apache Dot Org,
    one even runs a dot gov site offering services to a certain
    state government, secure services. Here he is trying to
    harass our family, in a very childish manner.

    I should take down his dot gov site, except local mapping
    for his dot gov site includes the Department of Justice,
    who are people to fear; you do NOT mess with Uncle Sam.

    So, for the "newbies" out there reading this article, never
    dismiss a need for security. You are in danger.

    If you cannot access our site, do not take this personally.
    You may, however, blame this on some of the hateful people
    over in comp.lang.perl.misc newsgroup. I have relaxed our
    security features for tonight so most can access and view.

    Yes, I clearly hold a grudge and am clearly grinding an axe,
    as you will should you suffer the same, as did Leythos'
    wife's mother, another innocent victim of the net.


    Purl Gurl
  36. Archived from groups: comp.security.firewalls (More info?)

    Purl Gurl wrote:

    > Purl Gurl wrote:
    > > Leythos wrote:
    > > > Purl Gurl wrote:

    (snipped)

    > For those readers interesting in statistical graphs, you may
    > visit our family server here,

    > http://www.purlgurl.net/attacks.html/

    > On that page you will discover nice graphical charts of actual
    > attacks on our server,

    To add some offbeat interest for this newsgroup, previously
    in another article, I write of randomizing security methods
    to prevent profiling of security systems.

    For our last chart, bottom chart, you can "see" results of
    a program which randomizes responses to selected events.

    Look directly aboves dates May 28, May 29 on through to
    May 31 date, literally directly above those dates on
    the graph. You are actually looking at effects of our
    security rotation. Then comes June 1 which reflects a
    serious increase in attempts, by cooperative actions
    by many. This increase is a graph of their frustration
    and of attempting new methods; they are trying to figure
    out what the Hades is going on.

    This is nice. Randomizing manipulates them into trying
    different techniques, which are logged and reviewed;
    they afford me an ability to collect data, on them.

    I write "they" and do claim a cooperative effort.

    A short partial snippet of data collected,

    ShowLetter?MsgId=6432_6633_3451_1052_65_0_17113_-1_0&YY=26695&inc=25

    A mistake made there, a big mistake. Those involved in a cooperative
    effort to harass our family, provided me with just the data I needed
    to black hat an email account and extract evidence of just such; an
    overt cooperative effort by a select group I know well.

    Now they know with their routinely monitoring newsgroups for
    my postings. Will they make this type of mistake again? Yes.

    Perhaps, in time, I will submit my data to law enforcement,
    as I have done in the past to some of them. Most embarrassing
    for some to have a detective knock upon their front door or
    to phone you and ask questions which heighten anxiety.

    Previously I wrote of Murphy. He does not always work against
    those of us, almost all of us, who are good and decent people.
    Quite the opposite, Murphy more often works against those who
    are less than good and decent; Bad Karma.

    Again, security is that which you create and maintain. Security
    is not purely software based; it is more often based upon your
    personal ability to think like a fox.


    Purl Gurl
  37. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 02 Jun 2004 13:57:37 +0200, Wolfgang Kueter wrote:

    >Bumblebee wrote:
    >^^^^^^^^^
    >
    >Who?

    Bumblebee <chris_bee@privacy.invalid>

    >> I use ZoneAlarm Pro [...]
    >
    >I don't. And you don't need either. But besides obtaining a real name you
    >need to read: http://www.ntsvcfg.de/ntsvcfg_eng.html

    I don't need to read the above link and you're welcome to disagree
    with me. I gave what I believed to be good advice to another person
    who was asking about firewalls. Using a firewall certainly won't cause
    any damage whereas being without a firewall *could* result in damage.

    Advising someone *not* to use a firewall borders on being malicious
    advice IMHO. Not that it's any of your business Wolfgang but I did use
    my real name, Chris Bee. I acquired the nickname "Bumblebee" over 50
    years ago, virtually on the first day I started going to Kindergarten
    prior to attending Primary School.
    --

    Chris Bee
  38. Archived from groups: comp.security.firewalls (More info?)

    "Jens Hoffmann" <jh@bofh.de> wrote in message
    news:slrncbs5ik.e38.jh@churrasco.bofh.de...
    > Hi,
    >
    > Leythos <void@nowhere.com> wrote:
    > >> non-affected system (i.e. Knoppix or Unix/Linux):
    > > It clearly stats not to connect the computer to the internet until
    > > "Downloading" the patch - how are home users going to do that?
    >
    > Knoppix is an excellent piece of software, directly running from a cd.
    > Have a look at it.

    You are missing the point. How many home users will have Knoppix lying
    about? And if they didn't, how would they download a copy without connecting
    their only pc to the internet? And then, how many confronted with a non
    Microsoft interface would know what to do to download the patch etc. etc.
    etc.

    The alternate is a NAT router and a quick trip to Windows update. Easy and
    foolproof(ish)
  39. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 2 Jun 2004 15:51:27 +0100, Mike wrote:

    [snip]

    > I'm not sure what you are trying to say...
    >
    > Is it "Organization: SHLINK Internet Service" and I should be impressed
    > because you are from an ISP? If you are from an ISP you should know better.

    I have a feeling you are deliberately misunderstanding what Wolfgang is
    trying to communicate.

    > Or is it "NNTP-Posting-Host: fw0.shlink.de" because you have hidden your ip
    > address? Which resolves to :
    >
    > ;; ANSWER SECTION:
    > fw0.shlink.de. 3600 IN A 212.60.1.4

    Nothing hidden about that address? Or do you mean it is hidden
    because it resolves to a DNS name? If so, I have successfully
    hidden all my IP addresses :)

    > telnet 212.60.1.4 25
    > Trying 212.60.1.4...
    > Connected to fw0.shlink.de (212.60.1.4).
    > Escape character is '^]'.
    > 220 fw0.shlink.de (RBL/SPF) ESMTP
    >
    > But wait! fw0? Could that be a firewall?? Firewall 0?? Nah! You couldn't
    > possibly be advocating users not to use a firewall while using one
    > yourself??
    >
    > If you don't advocate firewalls, what are you doing in this group?

    This group is for discussion, not advocating. Try reading Wolfgangs
    posts again.

    The point he is trying to make is that while adding a NAT device might
    cure the symptom of a vulnerable system (by adding more code,
    statistically introducing more bugs, to solve the problem caused by
    too much code in the first place), it does not solve the real problem
    which is insecure systems. Securing those systems will be a much
    better solution, and what we all should be advocating unless we have
    another agenda than to make the Internet a more secure place. At
    least that is how I interpret it.

    Firewall vendors/resellers will not necessarily tell you this, because
    their agenda is making money.

    I really dislike the 'add a NAT device' "solution", but with a) todays
    wide-spread use of insecure operating systems and default settings,
    even if the new versions are much better than previous ones the old
    ones are still widely used in production environments and homes, b)
    the complexity of operating systems with which even computer science
    graduates struggle, and c) most peoples belief that computers are easy
    to use and maintain compared to other technical equipment (you probably
    wouldn't service your brand new car yourself, or even your TV unless
    you have a special interest or knowledge), I can see the need for an
    immidiate way of treating those symptoms. But the long term goal
    should still be securing the _systems_. If you disagree, I really
    hope you don't work in this industry.

    > Your methods may well be correct and acceptable to you, but in the context
    > of the original poster who started by asking wether he needed a firewall and
    > was by inference a newbie, telling him to dig into the guts of his operating
    > system without even finding out what OS he had is; bad, wrong, stupid,
    > irresponsible and unhelpful.

    IIRC the URL to the hints on how to configure Windows securely was
    mentioned, but I must admit I did not follow entire thread. However,
    that does not invalidate my comments to the above.

    When people are interested enough to ask if they really do need a
    firewall, the correct answer in my not so humble opinion is "it
    depends", followed by a more in-depth explanation preferably contained
    in a FAQ. The 'newbie' is free to stop reading, or ask more
    questions if it is too much/little information.

    (and I don't expect anyone to be impressed by the "university of .."
    in my headers - it has nothing to do with my opinions here, I'm just
    an ex-employee)


    - Eirik
    --
    New and exciting signature!
  40. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    > In the one weeks time I was gone her machine was infected with 380+
    > different spyware apps, and more than 40 virus's/trojans.

    'It was infected' sounds like hat this didn't require end user interaction.
    I doubt that.

    > Needless to
    > say, they didn't do anything other than turn it on, get through the
    > basic startup config, and start using it.

    Does 'using a system' include 'installation of malware'?

    > This is your classic user,
    > your classic level of users on home systems.

    Most filtering devices placed in front of a box do not prevent installing
    malware by the user himself.

    > Had they installed the Linksys router they would have been a LOT better
    > off and I would not have had to wipe/reinstall from scratch.

    You would since the router does not prevent the installation of malware.

    > I installed XP Prof, NAV 2004, Spybot Search & Destroy, set the "Internet"
    zone to
    > "HIGH" and the Trusted Zone to medium, then showed her how to add
    > trusted sites to the trusted zone. I also installed her Office XP and
    > Outlook XP. She's been running for a couple months now and not one
    > problem.

    Well, some time ago I reinstalled an infected win2000 workstation of a quite
    unskilled user. I patched the installation, switched off all services, set
    user and access rights strict using good passwords, configured IE properly,
    told the user that he must not log in as adminsitrator unless for
    maintainance tasks. No problems with the machine.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  41. Archived from groups: comp.security.firewalls (More info?)

    Bob Kryger wrote:

    > What about the situation where the is a vulnerability in the OS itself?
    > In the TCP stack, or the kernel.

    OK, that is a valid argument but it refers to any filtering device as well.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  42. Archived from groups: comp.security.firewalls (More info?)

    Wolfgang Kueter wrote:
    > Bob Kryger wrote:
    >
    >
    >>What about the situation where the is a vulnerability in the OS itself?
    >>In the TCP stack, or the kernel.
    >
    >
    > OK, that is a valid argument but it refers to any filtering device as well.

    Exactly, and that lead to the security concept of 'defense-in-depth'

    [from another post]
    The principle for doing so is sound and ancient, defense-in-depth. If
    you were to have only a single line of defense then once it is
    compromised so are your assets. Two or more levels of defense,
    preferably of different technologies will provide additional levels of
    protection. On my home systems I run a hardware firewall AND different
    software firewalls on different systems.

    Basically one line of defense is not enough. You assertion of a well run
    system, may be considered, one good line of defense. It is, but its not
    sufficient, in today's Internet, especially for newbies. Like it or not,
    we sometimes have to be pragmatic.

    bk
  43. Archived from groups: comp.security.firewalls (More info?)

    "Eirik Seim" <eirik@mi.uib.no> wrote in message
    news:slrncbtp53.1hu.eirik@kain.mi.uib.no...
    > On Wed, 2 Jun 2004 15:51:27 +0100, Mike wrote:
    >
    > [snip]
    >
    > > I'm not sure what you are trying to say...
    > >
    > > Is it "Organization: SHLINK Internet Service" and I should be impressed
    > > because you are from an ISP? If you are from an ISP you should know
    better.
    >
    > I have a feeling you are deliberately misunderstanding what Wolfgang is
    > trying to communicate.

    Enlighten me because it has passed right over my head without even parting
    my hair.

    > > Or is it "NNTP-Posting-Host: fw0.shlink.de" because you have hidden
    your ip
    > > address? Which resolves to :
    > >
    > > ;; ANSWER SECTION:
    > > fw0.shlink.de. 3600 IN A 212.60.1.4
    >
    > Nothing hidden about that address? Or do you mean it is hidden
    > because it resolves to a DNS name? If so, I have successfully
    > hidden all my IP addresses :)

    >
    > > telnet 212.60.1.4 25
    > > Trying 212.60.1.4...
    > > Connected to fw0.shlink.de (212.60.1.4).
    > > Escape character is '^]'.
    > > 220 fw0.shlink.de (RBL/SPF) ESMTP
    > >
    > > But wait! fw0? Could that be a firewall?? Firewall 0?? Nah! You
    couldn't
    > > possibly be advocating users not to use a firewall while using one
    > > yourself??
    > >
    > > If you don't advocate firewalls, what are you doing in this group?
    >
    > This group is for discussion, not advocating. Try reading Wolfgangs
    > posts again.

    I have and they are still full of dangerous, unhelpful and unusable advice
    for the newbie asking the original question.
  44. Archived from groups: comp.security.firewalls (More info?)

    In article <c9mm69$ek0$1@news.shlink.de>, wolfgang@shconnect.de says...
    > Well, some time ago I reinstalled an infected win2000 workstation of a quite
    > unskilled user. I patched the installation, switched off all services, set
    > user and access rights strict using good passwords, configured IE properly,
    > told the user that he must not log in as adminsitrator unless for
    > maintainance tasks. No problems with the machine.

    WG, don't get me wrong, I know how to secure a Windows 2000/XP machine
    and what services to allow, but, for most home users it's not going to
    help.

    By the time a home user gets fully booted up for the first time, they
    already have the ethernet connection connected to the PC. Since they
    don't have the instructions on how to secure it, they browse around the
    internet looking for instructions - provided they even know they need to
    secure it - and find various answers. About 10 minutes later their
    system, if Windows XP tells them they have updates to install and they
    do (after about 4 reboots from service pack installs), they have a
    machine that is reasonably patched - total estimated time online before
    being patched 1 hour. Now, they remembered that they didn't secure their
    machine, so they start searching again, find a couple malicious sites,
    get nice things installed since they look like links to the information
    they wanted (but were really scripts). Since they didn't update their
    Anti-Virus software it doesn't detect the web scripts and the trojans
    make it in. After about an hour they find enough information to stop
    some services - total time online 2 hours now.....

    During their 2 hours, provided they even know that they need to secure
    their machine, they've been subjected to any number of hacks/exploits
    and have a compromised box.

    Now, do the same thing with them sitting behind a NAT router. Sure, the
    malicious sites are not prevented, but the inbound traffic during the
    first hour that they are doing updates is. Who knows, they may find the
    answers without hitting a malicious site and during that second hour the
    NAT router will still be protecting them. Also, after reading enough,
    they call Dell and ask about AV products, the learn that they have to
    register McCrappy before it will update, they do and get the updates -
    still not hacked and now all updates are in place.

    Now, lets take the typical user - gets PC, connects to internet
    directly, doesn't do anything to secure machine. We know this type, it's
    their machine that keeps probing our machines to "reach out an touch
    us".

    Now take the typical user - get a PC, connects to the router, doesn't do
    anything, plays around, oops - sees the Windows Update ICON flashing
    ignores it. At least this machine is protected from being attacked by
    unknown systems/users. Sure, the PC can be compromised by the user, but
    it's more likely to be compromised if the user is connected directly.

    If ISP's would just enable NAT by default on their cable/dsl modems most
    users would have a fighting chance while they get updates/patched.

    You stick with your services method, I'll stick with my NAT / AV (as
    well as other) methods and we'll see if you can say that you've never
    had a machine under your control that's been compromised in 20+ years.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  45. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
    news:c9mm69$ek0$1@news.shlink.de...
    > Leythos wrote:
    >
    > > In the one weeks time I was gone her machine was infected with 380+
    > > different spyware apps, and more than 40 virus's/trojans.
    >
    > 'It was infected' sounds like hat this didn't require end user
    interaction.
    > I doubt that.
    >
    > > Needless to
    > > say, they didn't do anything other than turn it on, get through the
    > > basic startup config, and start using it.
    >
    > Does 'using a system' include 'installation of malware'?
    >
    > > This is your classic user,
    > > your classic level of users on home systems.
    >
    > Most filtering devices placed in front of a box do not prevent installing
    > malware by the user himself.
    >
    > > Had they installed the Linksys router they would have been a LOT better
    > > off and I would not have had to wipe/reinstall from scratch.
    >
    > You would since the router does not prevent the installation of malware.
    >
    > > I installed XP Prof, NAV 2004, Spybot Search & Destroy, set the
    "Internet"
    > zone to
    > > "HIGH" and the Trusted Zone to medium, then showed her how to add
    > > trusted sites to the trusted zone. I also installed her Office XP and
    > > Outlook XP. She's been running for a couple months now and not one
    > > problem.
    >
    > Well, some time ago I reinstalled an infected win2000 workstation of a
    quite
    > unskilled user. I patched the installation, switched off all services, set
    > user and access rights strict using good passwords, configured IE
    properly,
    > told the user that he must not log in as adminsitrator unless for
    > maintainance tasks. No problems with the machine.

    Yet......... Its just a matter of time.
  46. Archived from groups: comp.security.firewalls (More info?)

    In article <slrncbtp53.1hu.eirik@kain.mi.uib.no>, eirik@mi.uib.no
    says...
    > The point he is trying to make is that while adding a NAT device might
    > cure the symptom of a vulnerable system (by adding more code,
    > statistically introducing more bugs, to solve the problem caused by
    > too much code in the first place), it does not solve the real problem
    > which is insecure systems. Securing those systems will be a much
    > better solution, and what we all should be advocating unless we have
    > another agenda than to make the Internet a more secure place. At
    > least that is how I interpret it.

    That's the point we're all trying to make - securing the systems is the
    best method. Problem is that the systems are NOT secured BEFORE the
    connect to the internet in most users worlds. NAT is the first part of
    the solution, it gives the users a chance to run updates/patches BEFORE
    they get hacked and while they (if they even know about it) learn to
    secure their machines (which most will never learn about).

    NAT devices don't introduce any "bugs" into the system - sure, they play
    heck with IRC DCC's and some peer-to-peer apps, but most people don't
    need to move files that way anyway. Most home users don't know about IRC
    or P2P apps, and by the time they do, they are compromised anyway.

    What you have to consider is the ORDER in which things happen - New PC,
    connect to net, infected, too late, reinstall, infected, too late....
    Buys router/NAT, reinstall, updates, av's, doing good now, searches on
    how to secure IE and Outlook, runs well for a while, searches on how to
    secure PC, does some things... Runs well for long time.... New Virus,
    opens email attachment (av software and Outlook won't let them open it),
    still running good....


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  47. Archived from groups: comp.security.firewalls (More info?)

    Mike wrote:

    > Yet......... Its just a matter of time.

    Hardly any difference to the time that Leythos needed. And I needed far less
    code.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  48. Archived from groups: comp.security.firewalls (More info?)

    Mike wrote:

    > I have and they are still full of dangerous, unhelpful and unusable advice
    > for the newbie asking the original question.

    Well, the times when I got angry about trolls like you that believe their
    claims to be a proof have long gone. So may I kindly ask you to give
    technical reasons for for claims?

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980
  49. Archived from groups: comp.security.firewalls (More info?)

    In article <c9mtuv$fk2$2@news.shlink.de>, wolfgang@shconnect.de says...
    > Mike wrote:
    >
    > > I have and they are still full of dangerous, unhelpful and unusable advice
    > > for the newbie asking the original question.
    >
    > Well, the times when I got angry about trolls like you that believe their
    > claims to be a proof have long gone. So may I kindly ask you to give
    > technical reasons for for claims?

    WG, I know you didn't ask me, but, the problem with your advice is that
    it was in response to a question to what appears to be a slightly above
    average typical home users and did not include specifics related to his
    OS.

    Without providing specifics to secure a users OS/apps, your advice
    leaves their machine fully open to compromise since there is no clear
    way for the machine to be secured. At least with NAT and AV software
    they have hope that it will be more secure than leaving some services
    exposed or even worse, finding some previously unknown hole in the OS
    that lets someone take over their system.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
Ask a new question

Read More

Firewalls Security Networking