Sign in with
Sign up | Sign in
Your question

How to prevent malware from running on your PC

Last response: in Networking
Share
Anonymous
September 16, 2005 8:40:23 PM

Archived from groups: comp.security.firewalls (More info?)

Hi,

because I was mentioning this as a good topic some times already,
I want to start the discussion ;-)

I think, to prevent malware running on your PC, you should close the
attack vectors, with which malware is distributed onto your PC.

That means:

- you should not offer servers to the Internet, so worms or crackers,
who are trying to abuse network services, have no chance; if you're
PC is offering such services, stop them or filter away any traffic,
which is intended for those services

- you should handle mails and mail attachements carefully; a virus
scanner can help here to have a look on every attachement, before
you're opening it, but you also should use your brain, because
virus scanners cannot be perfect

- you should not use software for communication in the Internet, which
implements technology like ActiveX or ActiveScripting, because these
are security design flaws; so don't use Internet Explorer or Outlook
Express

- you should keep at least every software up to date, you're using in the
Internet or for data out of the Internet, because any software could
have an exploit you're using for communication

- you should use your brain before inserting disks into your PC, and
a virus scanner will help also, if you know, that virus scanners cannot
be perfect

And keep your system as simple as possible; increasing complexity anytime
is a security risk - try to remove software or to stop software before
adding other software, which is intended to control software, which also
could be stopped or removed.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
September 16, 2005 8:40:24 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432ad957@news.uni-ulm.de...
> Hi,
>
> because I was mentioning this as a good topic some times already,
> I want to start the discussion ;-)
>
> I think, to prevent malware running on your PC, you should close the
> attack vectors, with which malware is distributed onto your PC.
>
> That means:
>
> - you should not offer servers to the Internet, so worms or crackers,
> who are trying to abuse network services, have no chance; if you're
> PC is offering such services, stop them or filter away any traffic,
> which is intended for those services
>
> - you should handle mails and mail attachements carefully; a virus
> scanner can help here to have a look on every attachement, before
> you're opening it, but you also should use your brain, because
> virus scanners cannot be perfect
>
> - you should not use software for communication in the Internet, which
> implements technology like ActiveX or ActiveScripting, because these
> are security design flaws; so don't use Internet Explorer or Outlook
> Express
>
> - you should keep at least every software up to date, you're using in the
> Internet or for data out of the Internet, because any software could
> have an exploit you're using for communication
>
> - you should use your brain before inserting disks into your PC, and
> a virus scanner will help also, if you know, that virus scanners cannot
> be perfect
>
> And keep your system as simple as possible; increasing complexity anytime
> is a security risk - try to remove software or to stop software before
> adding other software, which is intended to control software, which also
> could be stopped or removed.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"

You obviously don't grasp the concept of how malware is distributed. It is
not just about stopping services, not using OE and IE etc, but
mailware/virii/worms/trojans utilise known or unknown flaws in the Windows
OS to attack a PC whilst connected to the internet. Even good old
linux/unix/mac aren't foolproof and can be attacked.
To totally protect a PC, you will need to remove all floppy drives, cd/dvd
drives, disable USB ports and remove the PC from the internet.
Anonymous
September 16, 2005 8:40:25 PM

Archived from groups: comp.security.firewalls (More info?)

>
> You obviously don't grasp the concept of how malware is distributed.
> It is not just about stopping services, not using OE and IE etc, but
> mailware/virii/worms/trojans utilise known or unknown flaws in the
> Windows OS to attack a PC whilst connected to the internet. Even good
> old linux/unix/mac aren't foolproof and can be attacked.




> To totally protect a PC, you will need to remove all floppy drives,
> cd/dvd drives, disable USB ports and remove the PC from the internet.
>

So you know that's impossible and no one is going to do it. One does the
best he or she can do to protect the machine by any means necessary. :) 

Duane :) 
Related resources
Anonymous
September 16, 2005 11:28:34 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432ad957@news.uni-ulm.de...
> Hi,
>
> because I was mentioning this as a good topic some times already,
> I want to start the discussion ;-)
>
> I think, to prevent malware running on your PC, you should close the
> attack vectors, with which malware is distributed onto your PC.
>
> That means:

That means an impossible task because you don't know who you're giving the
advice to or what their experience or knowledge or situation is.
Good advice given to an inexperienced home user may be bad advice if given
to an experienced person in a different situation or even an inexperienced
business user. So there is no set of rules which, if followed by everyone,
will be a good idea for everyone. Therefore I think it's better to leave
people alone to come to their own conclusions about personal firewall
software. I don't use it, but I have little reason to care if other people
do.

>
> - you should not offer servers to the Internet, so worms or crackers,
> who are trying to abuse network services, have no chance; if you're
> PC is offering such services, stop them or filter away any traffic,
> which is intended for those services

That would make it a little difficult for me to get any email as I run my
own SMTP server. It would also mean I couldn't use my web server. I don't
run a web site of any importance but it's useful for transferring files to
other places when required.
It would also mean I couldn't do remote access to my PC.

>
> - you should handle mails and mail attachements carefully; a virus
> scanner can help here to have a look on every attachement, before
> you're opening it, but you also should use your brain, because
> virus scanners cannot be perfect

I prefer not to get any viruses instead of relying on software to fight
software, however I do sometimes advise other people to use virus scanners
because there's at least some chance that the scanner will know about and
stop the virus BEFORE it does damage.

>
> - you should not use software for communication in the Internet, which
> implements technology like ActiveX or ActiveScripting, because these
> are security design flaws; so don't use Internet Explorer or Outlook
> Express

You're going to have difficulty with Windows Update then, not to mention the
games the kids insist on playing (which use shockwave).

>
> - you should keep at least every software up to date, you're using in the
> Internet or for data out of the Internet, because any software could
> have an exploit you're using for communication

Many vendors use updates as an excuse to get users to purchase the latest
version.
How are users going to tell the difference between this and genuine security
updates?

>
> - you should use your brain before inserting disks into your PC, and
> a virus scanner will help also, if you know, that virus scanners cannot
> be perfect

That means that the person inserting the disk needs to have a brain.
This is not always the case in my experience.

Jason

>
> And keep your system as simple as possible; increasing complexity anytime
> is a security risk - try to remove software or to stop software before
> adding other software, which is intended to control software, which also
> could be stopped or removed.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 16, 2005 11:28:35 PM

Archived from groups: comp.security.firewalls (More info?)

On Fri, 16 Sep 2005 19:28:34 +0100, "Jason Edwards"
<none1@invalid.invalid> wrote:

<snip>

>You're going to have difficulty with Windows Update then,

The real problem with WU is that it's a Trojan. It often changes
settings and opens ports. Now, I've done what Volker suggests
for many years. But it's a good idea to have a sw firewall (I don't
use XP) to block inbound until you can recover from the WU Trojan,
assuming you don't have a external router/fw.

Also, I see no harm in using a sw firewall on OS other than XP with
its built-in inbound blocking fw. After all, not all malicious code is
smart enough to bypass or disable it. So as long as a sw firewall is
taken with seventeen grains of salt and anti-BS medicine I don't
think the good ones add significant vulnerabilities to the system.
And I like the kind of info Sygate gives me sometimes. It's a valuable
tool, IMO.

Art
September 17, 2005 1:13:05 AM

Archived from groups: comp.security.firewalls (More info?)

> The real problem with WU is that it's a Trojan.

Yeah, that's it. great comment! That will help.

-Frank
Anonymous
September 17, 2005 5:35:36 AM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432ad957@news.uni-ulm.de...

Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
Internet services, Firefox browser, Outlook Express in high-security mode
(no ActiveX)...is a NAT router of any value and why?

thanks,
nf
Anonymous
September 17, 2005 6:03:45 AM

Archived from groups: comp.security.firewalls (More info?)

In article <IpKWe.4642$6e1.4624@newssvr14.news.prodigy.com>,
no.replies@no.where says...
>
> "Volker Birk" <bumens@dingens.org> wrote in message
> news:432ad957@news.uni-ulm.de...
>
> Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
> Internet services, Firefox browser, Outlook Express in high-security mode
> (no ActiveX)...is a NAT router of any value and why?

Yes, it keeps things from reaching your computer - period - it means
that even if there is a hole in the OS or the Firewall provided by MS,
that it won't be reached unless you invite it in.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 17, 2005 12:26:55 PM

Archived from groups: comp.security.firewalls (More info?)

ABC <simonbray@nospamemail.afraid.org> wrote:
> You obviously don't grasp the concept of how malware is distributed.

Surprising.

> It is
> not just about stopping services, not using OE and IE etc, but
> mailware/virii/worms/trojans utilise known or unknown flaws in the Windows
> OS to attack a PC whilst connected to the internet.

Which flaws do you mean? Exploits in the IP/ICMP implementation itself?
This is possible, but somewhat seldom. There were some exploits, but
since some years, no-one heard of new found exploits there.

Most of the worms I know - and how I myself would implement malware,
if I would be interested in - rely on bugs of services (i.e. like buffer
overflows) which can be used to run arbitrary code, or are using exploits
in Internet Explorer or the ActiveX infrastructure around. Sometimes,
with the Witty-Worm, they're using the "Personal Firewall" software itself
for distributing.

If there are no services reachable, then this attack vector is closed.

A second main target for attacks is PEBKAC. This is much more difficult.
Social engineering attacks have a broad range to be implemented, and new
ideas are being found every day. I think, this is the most difficult
topic, because "don't try to solve social problems with technology, it
will not work".

Technology can help here a little, though. At least, it has to be as
easy as possible for the user to use systems, which are using reliably
authorization methods like cryptography and certificates, and to
distinguish between reliable information and questionable information.

I think, the main topic for this field will be, how can this reliably
flagged to the user. Here, we're in the fledgling stages yet. The
technics used today like SSL are much more too complicated to use -
who of the users does really know, what a certificate is and how to
check, if this window with such curious questions pops up?

A third main target are the programs, which are used for communication,
say: the browser, the MUA, the IRC-client, the IM app, but also
wordprocessing and spreadsheet applications, as well as sound-playing and
video-playing applications, because people like to exchange such documents.
Sometimes also Windows-Explorer is such an application *sigh* - think
about the preview-exploit.

It is a very bad idea here to involve the user in security topics at all,
like it is done with this infamous ActiveX technology for example. Here
we shouldn't ask the user anything, but provide secure applications.

We need reliable technology with those programs. And here virus
scanners can help to find out if somebody is spreading poisoned
documents, if some provider failed.

> Even good old
> linux/unix/mac aren't foolproof and can be attacked.

Yes, of course. But, your point being?

> To totally protect a PC, you will need to remove all floppy drives, cd/dvd
> drives, disable USB ports and remove the PC from the internet.

Also clear. But, your point being?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 17, 2005 12:43:34 PM

Archived from groups: comp.security.firewalls (More info?)

Frankster <Frank@spam2trash.com> wrote:
> Everyone should remember that balancing functionality with
> security is the challenge.

Yes, this is the point.

> How much functionality that is necessary depends
> on your needs. Advice like "not offer servers to the Internet" does nothing
> to help the system with a web server requirement.

Yes. We have to distinguish between people, who have to do so, and people
who don't. But I think, we could say: "only offer as less services as
possible, because then the surface, which can be attacked, is as small as
possible", can we? Then, for home users, the sentence "do not offer
servers to the internet" usually is true, is it?

> Not using "ActiveX,
> Scripting, Internet Explorer or Outlook Express" does nothing to help the
> person that is required to use them.

Yes. But is this a good idea?

I think, ActiveX is a design flaw. You're getting the same functionality
it offers if it's used for webbrowsers (say: plugins) without having a
system-wide concept like COM for such plugins, but only a browser-dependend
one. So attacks against arbitrary components in the whole system like with
the problem, Tom Ferris recently published, are not possible any more.

To abandon ActiveX and to implement a plugin concept will eliminate such
problems.

> I attended a vendor specific Spyware seminar yesterday.

I think, this was a Microsoft seminar, was it? Because, only for
Microsoft products there are so many spyware problems today. :-P

> One of the points
> the speaker made was this. Popularity + standardization = vulnerability.

This is too nearsighted. The technology also has to be unsecure, if it
should be abused. Usually, if it's complicated, then it's hard to secure.

But of course, if a technology is unsecure, and popular and widespread,
then it likely is going to be abused.

> The above is a good example to point out that the real challenge is adding
> security ON TOP OF functionality.

I think, this is one of the main misunderstandings, we're suffering from.
Security is nothing, you can add, and not at all "on top".

Security is something, which is in your concept.

If it's not in your concept, usually it's very hard (if not impossible) to
add later.

> Not, reducing functionality to gain
> security.

Of course not.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 17, 2005 12:50:53 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> > - you should not offer servers to the Internet
> That would make it a little difficult for me to get any email as I run my
> own SMTP server.

OK, sorry, this is capable of being misunderstood, what I wrote. I mean,
"for home users".

> > - you should handle mails and mail attachements carefully; a virus
> > scanner can help here to have a look on every attachement, before
> > you're opening it, but you also should use your brain, because
> > virus scanners cannot be perfect
> I prefer not to get any viruses instead of relying on software to fight
> software, however I do sometimes advise other people to use virus scanners
> because there's at least some chance that the scanner will know about and
> stop the virus BEFORE it does damage.

Yes.

> > - you should not use software for communication in the Internet, which
> > implements technology like ActiveX or ActiveScripting, because these
> > are security design flaws; so don't use Internet Explorer or Outlook
> > Express
> You're going to have difficulty with Windows Update then, not to mention the
> games the kids insist on playing (which use shockwave).

The first can be done with Internet Explorer as an exception. The second
also is available for other browsers as a simple plugin, not as a COM
compatible ActiveX control.

> > - you should keep at least every software up to date, you're using in the
> > Internet or for data out of the Internet, because any software could
> > have an exploit you're using for communication
> Many vendors use updates as an excuse to get users to purchase the latest
> version.
> How are users going to tell the difference between this and genuine security
> updates?

I think, this is vendor specific. It is in the liability of the vendor
to make this clear, and to offer security updates also for older releases.
Perhaps people who watch this and publicize about vendors, who don't, can
help.

> > - you should use your brain before inserting disks into your PC, and
> > a virus scanner will help also, if you know, that virus scanners cannot
> > be perfect
> That means that the person inserting the disk needs to have a brain.
> This is not always the case in my experience.

Yes, PEBKAC. But I think, it will not work without involving users. Of
course, they have to be involved as less as possible. But education and
training for such topics is necessary.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 17, 2005 12:52:14 PM

Archived from groups: comp.security.firewalls (More info?)

Art <null@zip.com> wrote:
[Windows Update]
> The real problem with WU is that it's a Trojan.

I don't think so.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 17, 2005 12:54:00 PM

Archived from groups: comp.security.firewalls (More info?)

nutso fasst <no.replies@no.where> wrote:
> Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
> Internet services, Firefox browser, Outlook Express in high-security mode
> (no ActiveX)...is a NAT router of any value and why?

You can have more than one PC with one single internet connection ;-)
For security purposes? Here: no.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 17, 2005 4:30:29 PM

Archived from groups: comp.security.firewalls (More info?)

On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:

>Art <null@zip.com> wrote:
>[Windows Update]
>> The real problem with WU is that it's a Trojan.
>
>I don't think so.

I recently had occassion to do a fresh install of Win 98SE. As is my
custom, I then proceeded to disable services and make sure the
adapters were bound to TCP/IP only. The netstat -an result was
empty as usual.

After doing a Windows Update ... downloading and installing all
patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
logon screen appeared. Sure enough, my work had been nullified
and netstat -an showed all the usual NETBIOS ports listening. I had
been on line for quite some time with DSL servcice wide open to
attack. Luckily, I took no hits.

To protect yourself from the WU trojan, you can keep the install
file of your favorite software fw on CD and install it immediately
after installing Windows and before going online. Do your OS hardening
_after_ doing WU since it will undo some of your work. Then if your
sw firewall is disabled for any reason, you'll still be safe going
online.

Art

http://home.epix.net/~artnpeg
Anonymous
September 17, 2005 5:58:22 PM

Archived from groups: comp.security.firewalls (More info?)

"Art" <null@zilch.com> wrote in message
news:kq1oi1lb8ibt04l3uep2f0r8dl53bvc8hb@4ax.com...
> On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:
>
> >Art <null@zip.com> wrote:
> >[Windows Update]
> >> The real problem with WU is that it's a Trojan.
> >
> >I don't think so.
>
> I recently had occassion to do a fresh install of Win 98SE. As is my
> custom, I then proceeded to disable services and make sure the
> adapters were bound to TCP/IP only. The netstat -an result was
> empty as usual.
>
> After doing a Windows Update ... downloading and installing all
> patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
> logon screen appeared. Sure enough, my work had been nullified
> and netstat -an showed all the usual NETBIOS ports listening. I had
> been on line for quite some time with DSL servcice wide open to
> attack. Luckily, I took no hits.

That's one reason why a quick run of both netstat (I prefer tcpview) and
shields up is a good idea after a fresh install (including updates and
applications) of any version of Windows.
But it's a much better idea for home users to be behind an external firewall
box which filters incoming connection requests by default. This doesn't have
to be NAT but NAT is likely to be the cheapest way.
There is no reason why this filtering cannot be done in a DSL or cable modem
but this may create an administration problem (and thus cost a lot of money)
for ISPs. Some of us would rather do our own filtering but it would be best
for ISPs to do it for others.

Jason

> To protect yourself from the WU trojan, you can keep the install
> file of your favorite software fw on CD and install it immediately
> after installing Windows and before going online. Do your OS hardening
> _after_ doing WU since it will undo some of your work. Then if your
> sw firewall is disabled for any reason, you'll still be safe going
> online.
>
> Art
>
> http://home.epix.net/~artnpeg
Anonymous
September 17, 2005 7:53:05 PM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d95438b84fc308698a09f@news-server.columbus.rr.com...
> Yes, it keeps things from reaching your computer - period - it means
> that even if there is a hole in the OS or the Firewall provided by MS,
> that it won't be reached unless you invite it in.

Thanks for the reply.

I worked for years behind a software NAT- & firewall-equipped server. HTTP
and mail services were not behind NAT, only workstations. Neither server nor
workstation were ever infected until one day I browsed some 'reputable' news
sites (NYTimes, CNN, NBC...) with lots of advertisements. I did not click on
any ad, yet IE5 got hijaacked by CoolWebSearch. IP sharing is good, but I
don't see that NAT did much for security. Stricter security settings,
switching to FireFox, email filtering, and using a blocker HOSTS file* were
sufficient to avoid another intrusion. But I'm advising an elderly lady
who's switching from AOL dialup to DSL, and if I'm missing something--that
HW NAT is going to add protection for her system with no internet services
running and NetBIOS unbound from the NIC--I'd like to know specifically what
it is. My biggest concern is that her system not get infected with a mass
mailer or dos attack zombie.

nf

* http://mvps.org/winhelp2002/hosts.txt
Anonymous
September 18, 2005 3:11:22 AM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432bbccd@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > > - you should not offer servers to the Internet
> > That would make it a little difficult for me to get any email as I run
my
> > own SMTP server.
>
> OK, sorry, this is capable of being misunderstood, what I wrote. I mean,
> "for home users".

I am a home user :) 

Jason
Anonymous
September 18, 2005 3:48:28 AM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432bbb16@news.uni-ulm.de...
> Frankster <Frank@spam2trash.com> wrote:
> > Everyone should remember that balancing functionality with
> > security is the challenge.
>
[cut]

>Then, for home users, the sentence "do not offer servers to the internet"
usually is >true, is it?

Yes it's usually true, but imagine yourself face to face with an
inexperienced home Windows user and say "do not offer servers to the
internet".
What kind of look would you expect on their face?

Yes it's usually true, but it can be as true as it likes without making any
difference if there is no way to make it happen.

Jason

[rest cut]
Anonymous
September 18, 2005 1:34:50 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> Yes it's usually true, but imagine yourself face to face with an
> inexperienced home Windows user and say "do not offer servers to the
> internet".
> What kind of look would you expect on their face?

This is, why I started www.dingens.org.

> Yes it's usually true, but it can be as true as it likes without making any
> difference if there is no way to make it happen.

Oh, Torsten's script on http://www.ntsvcfg.de/ntsvcfg_eng.html is working
good, and so is my tool on http://www.dingens.org/index.html.en

It _is_ possible, also for a regular user. I don't know, how many downloads
Torsten has, but the tool of www.dingen.org was now downloaded approximately
250 000 times.

I'm usually getting good response.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 1:36:56 PM

Archived from groups: comp.security.firewalls (More info?)

Art <null@zilch.com> wrote:
> On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:
> >Art <null@zip.com> wrote:
> >[Windows Update]
> >> The real problem with WU is that it's a Trojan.
> >I don't think so.
> After doing a Windows Update ... downloading and installing all
> patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
> logon screen appeared. Sure enough, my work had been nullified
> and netstat -an showed all the usual NETBIOS ports listening. I had
> been on line for quite some time with DSL servcice wide open to
> attack. Luckily, I took no hits.

I'd not call Windows-Update a "Trojan" (even not a "Greek", because the
Trojan Horse was not Trojan, but Greek, though ;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 1:38:48 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> But it's a much better idea for home users to be behind an external firewall
> box which filters incoming connection requests by default. This doesn't have
> to be NAT but NAT is likely to be the cheapest way.

Please don't forget, that NAT is not a security technology, and many NAT
implementations are not secure. If you're using a NAT router (we both mean
masquerading when we say "NAT", I guess), then you should filter anyway.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 2:57:01 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> Yes it's usually true, but imagine yourself face to face with an
> inexperienced home Windows user and say "do not offer servers to the
> internet".

I know this situation very well.

> What kind of look would you expect on their face?

Usually, they don't understand at all, what's goin' on. So we have to
explain.

> Yes it's usually true, but it can be as true as it likes without making any
> difference if there is no way to make it happen.

Hm, www.dingens.org usually works. This is the reason, why I put
Torsten's script into a small Windows program.

But of course, in fact it's Microsoft's job to do so. But they don't do
i.e. by offering Service Packs for the older Windows releases, which stop
all services as the default configuration for stand-alone PCs. I'm happy,
that they at least are delivering a packet filter with Windows XP in SP2
now, which works - the Windows firewall.

I really don't understand, why people are paying money for "Personal
Firewalls" and not are blaming Microsoft for this security desaster they
have to answer for.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 3:35:56 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432d189a@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > Yes it's usually true, but imagine yourself face to face with an
> > inexperienced home Windows user and say "do not offer servers to the
> > internet".
> > What kind of look would you expect on their face?
>
> This is, why I started www.dingens.org.
>
> > Yes it's usually true, but it can be as true as it likes without making
any
> > difference if there is no way to make it happen.
>
> Oh, Torsten's script on http://www.ntsvcfg.de/ntsvcfg_eng.html is working
> good, and so is my tool on http://www.dingens.org/index.html.en
>
> It _is_ possible, also for a regular user. I don't know, how many
downloads
> Torsten has, but the tool of www.dingen.org was now downloaded
approximately
> 250 000 times.

Is that all? Steve Gibson is claiming over twenty times that for some of his
tools.

Perhaps it is mostly experienced people who have downloaded your tools so
far, in other words those who didn't really need them or were just curious
to have a look.

I haven't used your tools myself, but I have no doubt that they do exactly
what they are intended to do and are likely to be of the highest quality
available for such tools.

Jason

>
> I'm usually getting good response.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 4:21:06 PM

Archived from groups: comp.security.firewalls (More info?)

In article <432d2bdd@news.uni-ulm.de>, bumens@dingens.org says...
> I really don't understand, why people are paying money for "Personal
> Firewalls" and not are blaming Microsoft for this security desaster they
> have to answer for.

Because there is a simple solution, one that, like every other OS, has
solutions that don't involve the vendor. I would never stick a default
setup Linux box on the live internet, nor a Windows PC, nor a MAC with
OS/X.

People should not trust Windows SP2 firewall as it's not been proven,
can be circumvented by the user or a script, and is not monitoring
outbound traffic.

What I can't understand is why you think Windows SP2 firewall is enough
for anyone.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 18, 2005 5:42:41 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

>
> What I can't understand is why you think Windows SP2 firewall is enough
> for anyone.
>

Likely, because he believes that following pretty well established Safe
Computing Practices (a/k/a SafeHex) mitigates the need for using a
software firewall with application or communication control.
Anonymous
September 18, 2005 6:15:57 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> > > What kind of look would you expect on their face?
> > This is, why I started www.dingens.org.
> > It _is_ possible, also for a regular user. I don't know, how many
> downloads
> > Torsten has, but the tool of www.dingen.org was now downloaded
> approximately
> > 250 000 times.
> Is that all?

To proof, that it's possible? Yes.

> Steve Gibson is claiming over twenty times that for some of his
> tools.

Yes. And I don't want to compete with him. Please don't compare me with
him. I offered www.dingens.org as free software, and you're free to
improve it if you want to.

> Perhaps it is mostly experienced people who have downloaded your tools so
> far

No, not at all. The more experienced people usually are downloading
Torsten's script, because this is much easier to modify or adapt. My job
only was to make this understanding accessible for most of the users.

I just implemented a small Windows program out of this script to open
these possibilities also for the unexperienced user. And it works.

The German magazin "PC Professional" (which is the German sister magazin
of the PC Magazin, I guess) requested me to write an article for them,
and they had a "Personal Firewall" test themselves - they aknowledged,
what I'm telling.

The 250.000 downloads are what was downloaded from my own website,
not including the people who used this tool, because it's on many CDs
from many magazins in Germany now.

> I haven't used your tools myself, but I have no doubt that they do exactly
> what they are intended to do and are likely to be of the highest quality
> available for such tools.

Thank you for trusting ;-) But: what would be best is, that Microsoft
finally make those tools uunnecessary by implementing a default
configuration for any release of Microsoft Windows people are using,
which is secure.

Then there is no need any more for such tools. And this will be best.

To the background of this process:

I'm active in the Chaos Computer Club, ERFA Ulm / Chaostreff Bad Waldsee.
Just enter my name in Google ;-)

We were shocked, that Microsoft were offering head money for pupils,
who are rampaging in the age of 17 by downloading "virus construction
kits" from the net and creating viruses like "Sasser".

I think, paying bounty hunters for the head of pupils cannot be the
way to solve the security mistakes of Microsoft. Of course, such
pupils have to be punished, but Microsoft also have to do their home-
work first.

So I wanted to show how easy it is (and 50k and one day work are enough)
to secure a Windows PC that it cannot be target of worms like sasser any
more. It was in the days before Windows XP SP2.

I had the hope, that then some people will understand, that we don't need
bounty hunters, but secure systems. And that does not mean, that Microsoft
have to invest hundreds of millions of $, but that it's enough to think
about it to solve the worst problems.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 6:15:58 PM

Archived from groups: comp.security.firewalls (More info?)

On 18 Sep 2005 14:15:57 +0200, Volker Birk <bumens@dingens.org> wrote:

>We were shocked, that Microsoft were offering head money for pupils,
>who are rampaging in the age of 17 by downloading "virus construction
>kits" from the net and creating viruses like "Sasser".
>
>I think, paying bounty hunters for the head of pupils cannot be the
>way to solve the security mistakes of Microsoft. Of course, such
>pupils have to be punished, but Microsoft also have to do their home-
>work first.

Some food for thought from _The Six Dumbest Ideas in Computer
Security_:

http://www.ranum.com/security/computer_security/editori...

> #4) Hacking is Cool
>
>One of the best ways to get rid of cockroaches in your kitchen is to scatter bread-crumbs under the stove, >right? Wrong! That's a dumb idea. One of the best ways to discourage hacking on the Internet is to give the >hackers stock options, buy the books they write about their exploits, take classes on "extreme hacking kung >fu" and pay them tens of thousands of dollars to do "penetration tests" against your systems, right? Wrong! >"Hacking is Cool" is a really dumb idea.
>
>Around the time I was learning to walk, Donn Parker was researching the behavioral aspects of hacking and >computer security. He says it better than I ever could:

>"Remote computing freed criminals from the historic requirement of proximity to their crimes. Anonymity and >freedom from personal victim confrontation increased the emotional ease of crime, i.e., the victim was only >an inanimate computer, not a real person or enterprise. Timid people could become criminals. The >proliferation of identical systems and means of use and the automation of business made possible and >improved the economics of automating crimes and constructing powerful criminal tools and scripts with great >leverage."
>
>Hidden in Parker's observation is the awareness that hacking is a social problem. It's not a technology >problem, at all. "Timid people could become criminals." The Internet has given a whole new form of >elbow-room to the badly socialized borderline personality. The #4th dumbest thing information security >practitioners can do is implicitly encourage hackers by lionizing them. The media plays directly into this, >by portraying hackers, variously, as "whiz kids" and "brilliant technologists" - of course if you're a >reporter for CNN, anyone who can install Linux probably does qualify as a "brilliant technologist" to you. I >find it interesting to compare societal reactions to hackers as "whiz kids" versus spammers as "sleazy con >artists." I'm actually heartened to see that the spammers, phishers, and other scammers are adopting the >hackers and the techniques of the hackers - this will do more to reverse society's view of hacking than any >other thing we could do.
>
>If you're a security practitioner, teaching yourself how to hack is also part of the "Hacking is Cool" dumb >idea. Think about it for a couple of minutes: teaching yourself a bunch of exploits and how to use them >means you're investing your time in learning a bunch of tools and techniques that are going to go stale as >soon as everyone has patched that particular hole. It means you've made part of your professional skill-set >dependent on "Penetrate and Patch" and you're going to have to be part of the arms-race if you want that >skill-set to remain relevant and up-to-date. Wouldn't it be more sensible to learn how to design security >systems that are hack-proof than to learn how to identify security systems that are dumb?
>
>My prediction is that the "Hacking is Cool" dumb idea will be a dead idea in the next 10 years. I'd like to >fantasize that it will be replaced with its opposite idea, "Good Engineering is Cool" but so far there is no >sign that's likely to happen.


I don't think you would disagree with the other points in the article.
Anonymous
September 18, 2005 6:39:35 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432d5a7d@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > > > What kind of look would you expect on their face?
> > > This is, why I started www.dingens.org.
> > > It _is_ possible, also for a regular user. I don't know, how many
> > downloads
> > > Torsten has, but the tool of www.dingen.org was now downloaded
> > approximately
> > > 250 000 times.
> > Is that all?
>
> To proof, that it's possible? Yes.
>
> > Steve Gibson is claiming over twenty times that for some of his
> > tools.
>
> Yes. And I don't want to compete with him. Please don't compare me with
> him. I offered www.dingens.org as free software, and you're free to
> improve it if you want to.
>

I can't deny that I knew it would be painful for you to be compared with
Steve Gibson, but what is the big difference?
He is offering free software too.
If your software is targeted at inexperienced home users then why bother
saying that they are free to improve it? None of them will be able to
compile it, never mind improve it. Perhaps Gibson knows this.


> > Perhaps it is mostly experienced people who have downloaded your tools
so
> > far
>
> No, not at all. The more experienced people usually are downloading
> Torsten's script, because this is much easier to modify or adapt. My job
> only was to make this understanding accessible for most of the users.

As I see it, Steve Gibson also sees it as his job to make things accessible
to inexperienced home users, but perhaps not exactly the same things as you
do.

>
> I just implemented a small Windows program out of this script to open
> these possibilities also for the unexperienced user. And it works.

Gibson's software also does what it claims, as far as I know, and it
shouldn't be very difficult for anyone who wants his source code to get it
because he does everything in assembler.

>
> The German magazin "PC Professional" (which is the German sister magazin
> of the PC Magazin, I guess) requested me to write an article for them,
> and they had a "Personal Firewall" test themselves - they aknowledged,
> what I'm telling.

Gibson has gone much further, have you appeared on TV yet?

>
> The 250.000 downloads are what was downloaded from my own website,
> not including the people who used this tool, because it's on many CDs
> from many magazins in Germany now.
>
> > I haven't used your tools myself, but I have no doubt that they do
exactly
> > what they are intended to do and are likely to be of the highest quality
> > available for such tools.
>
> Thank you for trusting ;-) But: what would be best is, that Microsoft
> finally make those tools uunnecessary by implementing a default
> configuration for any release of Microsoft Windows people are using,
> which is secure.

XP SP2 seems to be the closest they've got so far. But suppost the original
release of 2000 or XP had actually been XP SP2. Would we still be here
discussing other ways that home users' PCs could be made to run hostile
code? I think we would.

>
> Then there is no need any more for such tools. And this will be best.
>
> To the background of this process:
>
> I'm active in the Chaos Computer Club, ERFA Ulm / Chaostreff Bad Waldsee.
> Just enter my name in Google ;-)

Not quite as many hits as Steve Gibson but an exponential increase shouldn't
see it take long :) 

>
> We were shocked, that Microsoft were offering head money for pupils,
> who are rampaging in the age of 17 by downloading "virus construction
> kits" from the net and creating viruses like "Sasser".

Well they have to do something to reduce the incidence of worms like Sasser
and I think it's likely that they have many people who are better versed in
politics than software.

>
> I think, paying bounty hunters for the head of pupils cannot be the
> way to solve the security mistakes of Microsoft. Of course, such
> pupils have to be punished, but Microsoft also have to do their home-
> work first.
>
> So I wanted to show how easy it is (and 50k and one day work are enough)
> to secure a Windows PC that it cannot be target of worms like sasser any
> more. It was in the days before Windows XP SP2.

So Microsoft have already fixed that with SP2. Now we just have to wait for
home users to all do a clean install of XP SP2

>
> I had the hope, that then some people will understand, that we don't need
> bounty hunters, but secure systems. And that does not mean, that Microsoft
> have to invest hundreds of millions of $, but that it's enough to think
> about it to solve the worst problems.

Steve Gibson also appears to think that Microsoft don't understand security
and that it's his job to provide tools to fix it until they do.

There is honestly no need to write a long reply Volker, and please don't be
too hurt that I saw many parallels between you and Steve Gibson.

Jason

>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 1:56:11 AM

Archived from groups: comp.security.firewalls (More info?)

In article <0ZmdndbxZsC-KLDeRVn-jg@comcast.com>, optikl@invalid.net
says...
> Leythos wrote:
>
> >
> > What I can't understand is why you think Windows SP2 firewall is enough
> > for anyone.
> >
>
> Likely, because he believes that following pretty well established Safe
> Computing Practices (a/k/a SafeHex) mitigates the need for using a
> software firewall with application or communication control.

Interesting Idea, but, I don't run a personal firewall application on
any systems except for laptops. Even with more than 1000 nodes in
managed environments, we disable the Windows XP SP2 firewall service,
but, we also have control of the inbound and outbound connections and
filter content OUT of smtp, ftp, http, etc...

In my own home I have a WatchGuard Firebox firewall, it's removing
malicious content all the time, but I don't run any PFW on anything
except the latops.

The only reason I run a PFW on a laptop is because I can't trust new
client network.

The reason to NOT let SP2 Firewall be your protection is that it will
allow File/Printer sharing by default - most vendor provided ones block
it by default.

I see no reason to have SP2's firewall when there are quality ones like
ZAP and such.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 19, 2005 3:42:46 PM

Archived from groups: comp.security.firewalls (More info?)

Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
> http://www.ranum.com/security/computer_security/editori...
> > #4) Hacking is Cool
> >One of the best ways to get rid of cockroaches in your kitchen is to
> >scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.

I don't agree with that:

http://www.catb.org/~esr/jargon/html/H/hacker.html
http://www.catb.org/~esr/jargon/html/C/cracker.html

> I don't think you would disagree with the other points in the article.

I don't know yet ;-) This does not sound like an artikle I want to read.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 3:42:47 PM

Archived from groups: comp.security.firewalls (More info?)

On 19 Sep 2005 11:42:46 +0200, Volker Birk <bumens@dingens.org> wrote:

>Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
>> http://www.ranum.com/security/computer_security/editori...
>> > #4) Hacking is Cool
>> >One of the best ways to get rid of cockroaches in your kitchen is to
>> >scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.
>
>I don't agree with that:
>
>http://www.catb.org/~esr/jargon/html/H/hacker.html
>http://www.catb.org/~esr/jargon/html/C/cracker.html


Quibbling over terminology. That's a lost cause anyway to resist the
evolution of a living language. Today, for most, hacker == cracker. It
may be wrong in the historical sense but it is correct now for the
majority.

>> I don't think you would disagree with the other points in the article.
>
>I don't know yet ;-) This does not sound like an artikle I want to read.

No one likes reading articles that contradict their viewpoint.

You have no desire to refute the points the article makes?
Anonymous
September 19, 2005 3:59:04 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> I can't deny that I knew it would be painful for you to be compared with
> Steve Gibson, but what is the big difference?

I don't want you to use my tools. Please use Torsten's script, my tool
only is for people, who feel more comfortable with a Windows program.

I don't want you to buy my tools. In fact, you cannot buy it, because I
will not sell it ;-)

And beside my tools, I don't want to sell nonsense to you.

> He is offering free software too.

No. Freeware is not Free Software. Please read:

http://www.gnu.org/philosophy/free-sw.html

> If your software is targeted at inexperienced home users then why bother
> saying that they are free to improve it?

Not the inexperienced home user will improve it. But perhaps, a technician
in this discussion here want's to read the source code or even improve it.

And anybody who wants to and is able to can check, what it's really doing.

> > No, not at all. The more experienced people usually are downloading
> > Torsten's script, because this is much easier to modify or adapt. My job
> > only was to make this understanding accessible for most of the users.
> As I see it, Steve Gibson also sees it as his job to make things accessible
> to inexperienced home users, but perhaps not exactly the same things as you
> do.

Perhaps. But I doubt, that Mr. Gibson is doing this for other reasons
than making money. I cannot see, why he should spread so much nonsense
through the net, if that would be not true.

> > I just implemented a small Windows program out of this script to open
> > these possibilities also for the unexperienced user. And it works.
> Gibson's software also does what it claims, as far as I know, and it
> shouldn't be very difficult for anyone who wants his source code to get it
> because he does everything in assembler.

If this is true, it's crazy - there is no reason why not to use C.

> > The German magazin "PC Professional" (which is the German sister magazin
> > of the PC Magazin, I guess) requested me to write an article for them,
> > and they had a "Personal Firewall" test themselves - they aknowledged,
> > what I'm telling.
> Gibson has gone much further, have you appeared on TV yet?

Yes, but with completely other topics, which have nothing to do with that ;-)

> > Thank you for trusting ;-) But: what would be best is, that Microsoft
> > finally make those tools uunnecessary by implementing a default
> > configuration for any release of Microsoft Windows people are using,
> > which is secure.
> XP SP2 seems to be the closest they've got so far.

Yes. I agree. But where is this for Windows 2000?

> So Microsoft have already fixed that with SP2.

Unfortunately not. Even Windows XP SP2 is offering servers in the default
configuration, nobody needs. And afterwards they're filtered away again
with the Windows-Firewall.

Of course, this does not make sense at all. But they're doing this. And
when the Windows-Firewall is not up for some reason (like the bug they
had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
again.

My question is: why?

Why don't they change this at last? And why don't they change the absurd
idea, that also a Windows client machine in a Windows domain has to offer
RPC service to be able to be a member of the domain?

This is a b0rken concept.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 4:04:02 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> In article <432d2bdd@news.uni-ulm.de>, bumens@dingens.org says...
> > I really don't understand, why people are paying money for "Personal
> > Firewalls" and not are blaming Microsoft for this security desaster they
> > have to answer for.
> Because there is a simple solution, one that, like every other OS, has
> solutions that don't involve the vendor. I would never stick a default
> setup Linux box on the live internet, nor a Windows PC, nor a MAC with
> OS/X.

Mac OS X offers _zero_ servers to the Internet in the default configuration.
So does the actual Debian GNU/Linux.

Unfortunately, other Linux distributions are to critizise also.

> People should not trust Windows SP2 firewall as it's not been proven,

This is just FUD. Please explain, what do you mean with it. The Windows-
Firewall is a simple configuration tool to configure the packet filter
in Windows' kernel.

And this packet filter works good, for all what I can see. So please
explain, what exactly does not work as expected.

> can be circumvented by the user or a script

Just like _every_ "Personal Firewall" we tested. See Chippy's autoclicker
tool.

> and is not monitoring
> outbound traffic.

I already said enough to that topic, didn't I? Why are you arguing with
this in spite of the fact, that you could know, that this will not work
anyway?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 4:05:24 PM

Archived from groups: comp.security.firewalls (More info?)

optikl <optikl@invalid.net> wrote:
> > What I can't understand is why you think Windows SP2 firewall is enough
> > for anyone.
> Likely, because he believes that following pretty well established Safe
> Computing Practices (a/k/a SafeHex) mitigates the need for using a
> software firewall with application or communication control.

Yes. In fact, I think this is a much better idea then believing that
security can be bought in boxes.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 4:06:35 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> The reason to NOT let SP2 Firewall be your protection is that it will
> allow File/Printer sharing by default - most vendor provided ones block
> it by default.

We tested this. On no box we tested, File/Printer sharing was enabled by
default. So this is just wrong what you're saying.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 6:57:32 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432e8be8@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > I can't deny that I knew it would be painful for you to be compared with
> > Steve Gibson, but what is the big difference?
>
> I don't want you to use my tools. Please use Torsten's script, my tool
> only is for people, who feel more comfortable with a Windows program.
>
> I don't want you to buy my tools. In fact, you cannot buy it, because I
> will not sell it ;-)

Gibson doesn't sell all his tools, but he does push and sell a tool which
no-one needs any more provided they have proper backups and a few pennies
for a replacement drive. It is true that most people don't have proper
backups, but that's a separate discussion.

[cut]
> > Gibson's software also does what it claims, as far as I know, and it
> > shouldn't be very difficult for anyone who wants his source code to get
it
> > because he does everything in assembler.
>
> If this is true, it's crazy - there is no reason why not to use C.

I don't think C is the best language in the world, but that's a separate
discussion.
I don't mean I think it's a good idea to do everything in assembler.

[cut]
> > XP SP2 seems to be the closest they've got so far.
>
> Yes. I agree. But where is this for Windows 2000?

Ask the politicians at Microsoft. I'm sure they can come up with a long list
of reasons why we must all throw away our Windows 2000 systems and purchase
Vista. No doubt one reason will be that it's the most secure and easy to use
operating system they've ever produced.

>
> > So Microsoft have already fixed that with SP2.
>
> Unfortunately not. Even Windows XP SP2 is offering servers in the default
> configuration, nobody needs. And afterwards they're filtered away again
> with the Windows-Firewall.
>
> Of course, this does not make sense at all. But they're doing this. And
> when the Windows-Firewall is not up for some reason (like the bug they
> had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
> again.
>
> My question is: why?

Ask them. If you get any further than banging your head against a brick
wall, let me know.

Jason


>
> Why don't they change this at last? And why don't they change the absurd
> idea, that also a Windows client machine in a Windows domain has to offer
> RPC service to be able to be a member of the domain?
>
> This is a b0rken concept.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 20, 2005 1:43:02 AM

Archived from groups: comp.security.firewalls (More info?)

On Mon, 19 Sep 2005 06:23:17 -0700, Wim de Vries
<kikker@sneeuwenleeuw.con.invalid> wrote:


>Quibbling over terminology. That's a lost cause anyway to resist the
>evolution of a living language. Today, for most, hacker == cracker. It
>may be wrong in the historical sense but it is correct now for the
>majority.
>

For most cockroach = bug,
and bacteria = bug.
Bacteria = cockroach ??

Norton Antibug?

Geo
Anonymous
September 20, 2005 9:55:30 AM

Archived from groups: comp.security.firewalls (More info?)

Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
> > This does not sound like an artikle I want to read.
> No one likes reading articles that contradict their viewpoint.

If someone compares people with cockroaches, then I'm not very interested
in what he has to say, sorry.

> You have no desire to refute the points the article makes?

Sorry, I'm not interested in a discussion which bases on offense and
pure polemics.

But if you want to discuss yourself, of course I'm happy to discuss
with you. Please feel free to critizise me, tell me your views.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 20, 2005 9:55:31 AM

Archived from groups: comp.security.firewalls (More info?)

On 20 Sep 2005 05:55:30 +0200, Volker Birk <bumens@dingens.org> wrote:

>Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
>> > This does not sound like an artikle I want to read.
>> No one likes reading articles that contradict their viewpoint.
>
>If someone compares people with cockroaches, then I'm not very interested
>in what he has to say, sorry.

If you would re-read the thread, you will see that it was "GEO"
Me@home.here in Message-ID: <432f2c5a.18847898@news.ucalgary.ca> who
mentioned "cockroaches", not I.
>
>> You have no desire to refute the points the article makes?
>
>Sorry, I'm not interested in a discussion which bases on offense and
>pure polemics.
>
>But if you want to discuss yourself, of course I'm happy to discuss
>with you. Please feel free to critizise me, tell me your views.

Sorry for my cynicism, but this seems a convenient ploy on your part
to avoid any concrete discussion at all. I have been civil in all my
responses to you unless questioning your position on firewalls in
being "uncivil".

My general view? I feel you are overly zealous in your dismissal of
PFs as limited but useful tools even if they only provide mental
comfort to the non-technical user. My 79 year-old father uses his
windows-based PC to follow the stock market. He is partially blind, so
my 78 year-old mother has to do the technical tasks for him. She has
actually begun crying in frustration as I lead her through some of the
more arcane tasks because she just doesn't understand why she has to
spend time turning off services or applying upgrades. There are
millions of users out there, young and old, like my parents.

Your one-size fits all security solution disdainfully ignores a
significant part of the PC users out there who can, at least, have a
minimal level of security by using a PF.

My impression is that an anti-personal firewall position has become a
fad in Germany and pro-UNIX/Linux circles since most of the advocacy
I've seen in this groups originates from German UNIX/Linux users.
Anonymous
September 20, 2005 10:01:09 AM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
[Gibson]
> > > he does everything in assembler.
> > If this is true, it's crazy - there is no reason why not to use C.
> I don't think C is the best language in the world, but that's a separate
> discussion.

But Windows is written in C, and the API is in C (beside the funny
decision of Microsoft to have Pascal calling convention in the DLLs).

> I don't mean I think it's a good idea to do everything in assembler.

Of course, if he wants to do it, why not? I for myself only are hacking
assembler code, if there is no other way to achive what I want to do.

> > Unfortunately not. Even Windows XP SP2 is offering servers in the default
> > configuration, nobody needs. And afterwards they're filtered away again
> > with the Windows-Firewall.
> > Of course, this does not make sense at all. But they're doing this. And
> > when the Windows-Firewall is not up for some reason (like the bug they
> > had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
> > again.
> > My question is: why?
> Ask them. If you get any further than banging your head against a brick
> wall, let me know.

;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 20, 2005 1:50:51 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432f8985@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> [Gibson]
> > > > he does everything in assembler.
> > > If this is true, it's crazy - there is no reason why not to use C.
> > I don't think C is the best language in the world, but that's a separate
> > discussion.
>
> But Windows is written in C,

And I think that's one of its biggest problems, however I'm not suggesting
that there's a simple way to do anything about that.
Rewriting Windows from the ground up would be good for security but bad for
any other reason I can think of.
So I think we're stuck with things as they are, no matter how many people
offer web sites with tools designed to improve security. The people who need
those tools will never find them, and even if they do find them they will
not be able to download and use them, no matter how simple it is.
http://www.theregister.co.uk/2005/09/19/symantec_zombie...
So I conclude that it's not possible to prevent malware running on a Windows
PC when the Windows PC is connected to broadband and owner is a home user
who has no idea how to prevent it. Even if they find your web page (or
Gibson's or another page or this newsgroup) they won't have a clue what it's
talking about and they won't know which page to believe.
Things may change in the distant future but I don't know how many years.

Christmas will be here soon. I wonder what the effect will be on the number
of broadband connected Windows PCs waiting to be owned.

Jason

[cut]>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 20, 2005 7:23:16 PM

Archived from groups: comp.security.firewalls (More info?)

Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
> If you would re-read the thread, you will see that it was "GEO"
> Me@home.here in Message-ID: <432f2c5a.18847898@news.ucalgary.ca> who
> mentioned "cockroaches", not I.

This is not true. In your article
<13pqi11nvt8s3eulq7bl1m8m9q8sk2dokb@4ax.com> you wrote:

------------------------------ schnipp -----------------------------------
Some food for thought from _The Six Dumbest Ideas in Computer
Security_:

http://www.ranum.com/security/computer_security/editori...

One of the best ways to get rid of cockroaches in your kitchen is to
scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.
One of the best ways to discourage hacking on the Internet is to give the
hackers stock options, buy the books they write about their exploits,
take classes on "extreme hacking kung fu" and pay them tens of thousands
of dollars to do "penetration tests" a gainst your systems, right? Wrong!
"Hacking is Cool" is a really dumb idea.
------------------------------ schnapp -----------------------------------

Here you're compairing (or at least the author of the article is
compairing, and you're referencing it) human beings with crockroaches.

This is not a starting point we could discuss, sorry.

> >> You have no desire to refute the points the article makes?
> >Sorry, I'm not interested in a discussion which bases on offense and
> >pure polemics.
> >But if you want to discuss yourself, of course I'm happy to discuss
> >with you. Please feel free to critizise me, tell me your views.
> Sorry for my cynicism, but this seems a convenient ploy on your part
> to avoid any concrete discussion at all.

Not at all. Just try, please.

> My general view? I feel you are overly zealous in your dismissal of
> PFs as limited but useful tools even if they only provide mental
> comfort to the non-technical user.

I don't think that "Personal Firewalls" are "limited but useful tools".
The "Personal Firewalls", I saw, are completely useless and even
counterproductive tools for security purposes.

This is the reason I'm arguing against them, what perhaps you mean with
"zealous" ;-)

> My 79 year-old father uses his
> windows-based PC to follow the stock market. He is partially blind, so
> my 78 year-old mother has to do the technical tasks for him. She has
> actually begun crying in frustration as I lead her through some of the
> more arcane tasks because she just doesn't understand why she has to
> spend time turning off services or applying upgrades. There are
> millions of users out there, young and old, like my parents.

Yes. And they could buy a Macintosh, perhaps a MacMini.

> Your one-size fits all security solution disdainfully ignores a
> significant part of the PC users out there who can, at least, have a
> minimal level of security by using a PF.

No, not at all. Quite the contrary, I'm working on the topic to offer
quick solutions for such users in my sparetime for free, and I'm trying
to help building the awareness in the public for solutions for this
topic, including the most important approach: making Microsoft solving
those problems.

> My impression is that an anti-personal firewall position has become a
> fad in Germany and pro-UNIX/Linux circles since most of the advocacy
> I've seen in this groups originates from German UNIX/Linux users.

Sorry, this is not true. The "anti-personal firewall position" has its
origins in Usenet in de.comp.security.misc, and in the work of Frank Kaune
and Torsten Mann as well as Ansgar Wiechers and Urs Traenkner. All of
them, without exception, are Windows users, and Windows experts AFAICS.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 21, 2005 4:18:32 AM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> Can you give an estimate of the number of Windows PCs connected to broadband
> which do not have XP SP2?

Unfortunately, I don't have such numbers. It would be interesting to know,
though.

> Information is only useful to those who can make sense of it.

Yes, of course.

> > why not using Internet Explorer or Outlook Express,
> > but some alternatives - and keeping those up to date.
> For the reasons I've already given.
> Try teaching your cat to do this, at least it will keep still and purr, but
> it won't listen to a word of what you're saying.

;-)

I don't have the bad experiences with end users as you seem to have ;-)

> > Also the home user
> > has to be teached, that he should be careful with stuff he gets per email
> > from unknown sources.
> Try teaching them then.

I'm doing this.

> A microphone also listens, even if it's not connected to anything.

;-)

I'm trying to use multiplicators in this game, though. I.e. PC Professional
and other magazines. Of course, this is a difficult task, and it's difficult
to teach the magazine writers first. But, perhaps it would be a good idea,
if I would not do this alone?

> I think Microsoft think that they have to solve these problems too, but
> without breaking any existing applications.

I don't think, that thi really is the problems. We had some technical
discussions about this topic on de.comp.security.misc yet, and it seems
to be less problematic than what I thought first.

As a bigger problem I see, that Microsoft is a very heterogenous group
of people not only but also in terms of security knowledge.

One person is calling any trial to remove malware from your PC if it is
already infected an impossible task (what usually is true, it's not
possible to do this in a secure way usually), while the other person
is advertizing malware removal tools from Microsoft at the same time.

http://www.microsoft.com/technet/community/columns/secm...
http://www.microsoft.com/athome/security/spyware/softwa...

> > and why "Personal Firewall" providers
> > can sell their products with nonsense like "stealthing" or "controlling
> > outbound traffic".
> It's because people want to buy it because other people told them they need
> it.

Yes, of course.

> Have you logged on to a banking site recently?
> Were you warned that you should be using anti-virus and personal firewall
> software?

Yes.

> Were you offered a discount on one of the two products you can find in the
> high street?

No.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 21, 2005 4:41:19 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:43308ab8@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > Can you give an estimate of the number of Windows PCs connected to
broadband
> > which do not have XP SP2?
>
> Unfortunately, I don't have such numbers. It would be interesting to know,
> though.
>
> > Information is only useful to those who can make sense of it.
>
> Yes, of course.
>
> > > why not using Internet Explorer or Outlook Express,
> > > but some alternatives - and keeping those up to date.
> > For the reasons I've already given.
> > Try teaching your cat to do this, at least it will keep still and purr,
but
> > it won't listen to a word of what you're saying.
>
> ;-)
>
> I don't have the bad experiences with end users as you seem to have ;-)
>
> > > Also the home user
> > > has to be teached, that he should be careful with stuff he gets per
email
> > > from unknown sources.
> > Try teaching them then.
>
> I'm doing this.

I'd give it up if I were you. Unless you want to do it Steve Gibson style.
Otherwise you won't get enough people following your message.

>
> > A microphone also listens, even if it's not connected to anything.
>
> ;-)
>
> I'm trying to use multiplicators in this game, though. I.e. PC
Professional
> and other magazines. Of course, this is a difficult task, and it's
difficult
> to teach the magazine writers first. But, perhaps it would be a good idea,
> if I would not do this alone?

Do it Gibson style then. Get your followers to spread the word. Make sure
they believe that it's the only true way to security.

>
> > I think Microsoft think that they have to solve these problems too, but
> > without breaking any existing applications.
>
> I don't think, that thi really is the problems. We had some technical
> discussions about this topic on de.comp.security.misc yet, and it seems
> to be less problematic than what I thought first.
>
> As a bigger problem I see, that Microsoft is a very heterogenous group
> of people not only but also in terms of security knowledge.
>
> One person is calling any trial to remove malware from your PC if it is
> already infected an impossible task (what usually is true, it's not
> possible to do this in a secure way usually), while the other person
> is advertizing malware removal tools from Microsoft at the same time.
>
> http://www.microsoft.com/technet/community/columns/secm...
> http://www.microsoft.com/athome/security/spyware/softwa...

I think Microsoft might put it something like this:
Because Microsoft must respond to changing market conditions, you shouldn't
expect anything we say to imply a commitment to do anything in any
particular way.

Market conditions may not have much to do with educating users or having any
concern for their security. It may have much more to do with how many copies
of your product you've sold and what the bottom line is.

Microsoft could no doubt spend more money on educating users if they wanted
to, but why don't they? Is it because they know that most home users cannot
begin to understand what's inside the box and what the best system
configuration is?

One of my friends bought a new mouse a few fays ago because the mouse
pointer on the screen kept freezing. I only found out after he discovered
that the new mouse did exactly the same thing.

Jason

>
> > > and why "Personal Firewall" providers
> > > can sell their products with nonsense like "stealthing" or
"controlling
> > > outbound traffic".
> > It's because people want to buy it because other people told them they
need
> > it.
>
> Yes, of course.
>
> > Have you logged on to a banking site recently?
> > Were you warned that you should be using anti-virus and personal
firewall
> > software?
>
> Yes.
>
> > Were you offered a discount on one of the two products you can find in
the
> > high street?
>
> No.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 21, 2005 6:15:03 PM

Archived from groups: comp.security.firewalls (More info?)

Jason Edwards <none1@invalid.invalid> wrote:
> I'd give it up if I were you. Unless you want to do it Steve Gibson style.
> Otherwise you won't get enough people following your message.

Oh, no problem. I'm not thinking, that I will make the world spin the
other way around or something ;-)

But of course, this does not keep me from saying what I'm thinking.

> Do it Gibson style then.

No, thank you. I will try to keep in this reality and not to tell
nonsense. Perhaps, discussions like this one help me with it...

> Get your followers to spread the word.

I don't want to do this, sorry. That also may have to do with the fact, I'm
not a prophet and I don't have followers ;-)

> > http://www.microsoft.com/technet/community/columns/secm...
> > http://www.microsoft.com/athome/security/spyware/softwa...
> I think Microsoft might put it something like this:
> Because Microsoft must respond to changing market conditions, you shouldn't
> expect anything we say to imply a commitment to do anything in any
> particular way.

;-)

> One of my friends bought a new mouse a few fays ago because the mouse
> pointer on the screen kept freezing. I only found out after he discovered
> that the new mouse did exactly the same thing.

Then the new mouse is b0rken, too. :-P

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 21, 2005 8:44:53 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:43300d44@news.uni-ulm.de...
> http://www.ranum.com/security/computer_security/editori...
> ...
> Here you're compairing (or at least the author of the article is
> compairing, and you're referencing it) human beings with crockroaches.

It's an analogy, Volker, not a comparison. Analogy: "A similarity in some
respects between things that are otherwise dissimilar." A favorite
'keep-em-awake-and-attentive' tool of motivational speakers.

Flaws aside, I thought the piece echoed some of what you've been saying, and
makes an especially good point about the futility of enumerating badness.

My 'favorite' dumb idea: "Just get it working, we can get it working right
later." Which reminds me of an analogy: If the foundation is flawed, the
overlying structure can't possibly be stable.

"When it comes to being a pansophist, there is no 'do', only 'try'."
- nf
Anonymous
September 21, 2005 11:15:21 PM

Archived from groups: comp.security.firewalls (More info?)

nutso fasst <no.replies@no.where> wrote:
[Relation between cockroaches and human beings]
> It's an analogy, Volker, not a comparison.

Analogy or comparison - could we abstain from it, please?

> My 'favorite' dumb idea: "Just get it working, we can get it working right
> later." Which reminds me of an analogy: If the foundation is flawed, the
> overlying structure can't possibly be stable.

Hm... yes, of course. What are you trying to tell me?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 21, 2005 11:15:22 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:43319529@news.uni-ulm.de...
> Hm... yes, of course. What are you trying to tell me?

(Hmm, methinks any such attempt would be futile.) T'was not for you, just a
statement I think bears repeating (clearly there are managers who don't
subscribe to it). Sort of like replying with "use the Windows firewall" when
that's not the answer to the question. Or using a sig with the same quote
again and again, assuming some stranger will relate to the
generally-irrelevant verbiage. An analogiser might say I was just pissing
into the wind, but that is not literally correct.

nf
Anonymous
September 21, 2005 11:21:48 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:43314ec7@news.uni-ulm.de...
> Jason Edwards <none1@invalid.invalid> wrote:
> > I'd give it up if I were you. Unless you want to do it Steve Gibson
style.
> > Otherwise you won't get enough people following your message.
>
> Oh, no problem. I'm not thinking, that I will make the world spin the
> other way around or something ;-)
>
> But of course, this does not keep me from saying what I'm thinking.

I wouldn't want you to not say what you're thinking, but if we're going to
prevent malware running on home users' PCs then it may take more than nntp
and http are capable of.

>
>>
> > One of my friends bought a new mouse a few fays ago because the mouse
> > pointer on the screen kept freezing. I only found out after he
discovered
> > that the new mouse did exactly the same thing.
>
> Then the new mouse is b0rken, too. :-P

Perhaps I should have told him that :) 

Here's a story about what happens when many people use the same PC, without
any of them having a clue what's inside the box.
http://www.theregister.co.uk/2005/09/21/airport_pc_secu...
To me it seems a bit like expecting passengers to pilot an aircraft
themselves.

Jason

>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 22, 2005 12:46:27 PM

Archived from groups: comp.security.firewalls (More info?)

nutso fasst <no.replies@no.where> wrote:
> "Volker Birk" <bumens@dingens.org> wrote in message
> news:43319529@news.uni-ulm.de...
> > Hm... yes, of course. What are you trying to tell me?
> (Hmm, methinks any such attempt would be futile.)
[and other offenses]

People, who're offending others without arguments, lost the debate.

VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
!