How to prevent malware from running on your PC

Archived from groups: comp.security.firewalls (More info?)

Hi,

because I was mentioning this as a good topic some times already,
I want to start the discussion ;-)

I think, to prevent malware running on your PC, you should close the
attack vectors, with which malware is distributed onto your PC.

That means:

- you should not offer servers to the Internet, so worms or crackers,
who are trying to abuse network services, have no chance; if you're
PC is offering such services, stop them or filter away any traffic,
which is intended for those services

- you should handle mails and mail attachements carefully; a virus
scanner can help here to have a look on every attachement, before
you're opening it, but you also should use your brain, because
virus scanners cannot be perfect

- you should not use software for communication in the Internet, which
implements technology like ActiveX or ActiveScripting, because these
are security design flaws; so don't use Internet Explorer or Outlook
Express

- you should keep at least every software up to date, you're using in the
Internet or for data out of the Internet, because any software could
have an exploit you're using for communication

- you should use your brain before inserting disks into your PC, and
a virus scanner will help also, if you know, that virus scanners cannot
be perfect

And keep your system as simple as possible; increasing complexity anytime
is a security risk - try to remove software or to stop software before
adding other software, which is intended to control software, which also
could be stopped or removed.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
60 answers Last reply
More about prevent malware running
  1. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432ad957@news.uni-ulm.de...
    > Hi,
    >
    > because I was mentioning this as a good topic some times already,
    > I want to start the discussion ;-)
    >
    > I think, to prevent malware running on your PC, you should close the
    > attack vectors, with which malware is distributed onto your PC.
    >
    > That means:
    >
    > - you should not offer servers to the Internet, so worms or crackers,
    > who are trying to abuse network services, have no chance; if you're
    > PC is offering such services, stop them or filter away any traffic,
    > which is intended for those services
    >
    > - you should handle mails and mail attachements carefully; a virus
    > scanner can help here to have a look on every attachement, before
    > you're opening it, but you also should use your brain, because
    > virus scanners cannot be perfect
    >
    > - you should not use software for communication in the Internet, which
    > implements technology like ActiveX or ActiveScripting, because these
    > are security design flaws; so don't use Internet Explorer or Outlook
    > Express
    >
    > - you should keep at least every software up to date, you're using in the
    > Internet or for data out of the Internet, because any software could
    > have an exploit you're using for communication
    >
    > - you should use your brain before inserting disks into your PC, and
    > a virus scanner will help also, if you know, that virus scanners cannot
    > be perfect
    >
    > And keep your system as simple as possible; increasing complexity anytime
    > is a security risk - try to remove software or to stop software before
    > adding other software, which is intended to control software, which also
    > could be stopped or removed.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"

    You obviously don't grasp the concept of how malware is distributed. It is
    not just about stopping services, not using OE and IE etc, but
    mailware/virii/worms/trojans utilise known or unknown flaws in the Windows
    OS to attack a PC whilst connected to the internet. Even good old
    linux/unix/mac aren't foolproof and can be attacked.
    To totally protect a PC, you will need to remove all floppy drives, cd/dvd
    drives, disable USB ports and remove the PC from the internet.
  2. Archived from groups: comp.security.firewalls (More info?)

    >
    > You obviously don't grasp the concept of how malware is distributed.
    > It is not just about stopping services, not using OE and IE etc, but
    > mailware/virii/worms/trojans utilise known or unknown flaws in the
    > Windows OS to attack a PC whilst connected to the internet. Even good
    > old linux/unix/mac aren't foolproof and can be attacked.


    > To totally protect a PC, you will need to remove all floppy drives,
    > cd/dvd drives, disable USB ports and remove the PC from the internet.
    >

    So you know that's impossible and no one is going to do it. One does the
    best he or she can do to protect the machine by any means necessary. :)

    Duane :)
  3. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432ad957@news.uni-ulm.de...
    > Hi,
    >
    > because I was mentioning this as a good topic some times already,
    > I want to start the discussion ;-)
    >
    > I think, to prevent malware running on your PC, you should close the
    > attack vectors, with which malware is distributed onto your PC.
    >
    > That means:

    That means an impossible task because you don't know who you're giving the
    advice to or what their experience or knowledge or situation is.
    Good advice given to an inexperienced home user may be bad advice if given
    to an experienced person in a different situation or even an inexperienced
    business user. So there is no set of rules which, if followed by everyone,
    will be a good idea for everyone. Therefore I think it's better to leave
    people alone to come to their own conclusions about personal firewall
    software. I don't use it, but I have little reason to care if other people
    do.

    >
    > - you should not offer servers to the Internet, so worms or crackers,
    > who are trying to abuse network services, have no chance; if you're
    > PC is offering such services, stop them or filter away any traffic,
    > which is intended for those services

    That would make it a little difficult for me to get any email as I run my
    own SMTP server. It would also mean I couldn't use my web server. I don't
    run a web site of any importance but it's useful for transferring files to
    other places when required.
    It would also mean I couldn't do remote access to my PC.

    >
    > - you should handle mails and mail attachements carefully; a virus
    > scanner can help here to have a look on every attachement, before
    > you're opening it, but you also should use your brain, because
    > virus scanners cannot be perfect

    I prefer not to get any viruses instead of relying on software to fight
    software, however I do sometimes advise other people to use virus scanners
    because there's at least some chance that the scanner will know about and
    stop the virus BEFORE it does damage.

    >
    > - you should not use software for communication in the Internet, which
    > implements technology like ActiveX or ActiveScripting, because these
    > are security design flaws; so don't use Internet Explorer or Outlook
    > Express

    You're going to have difficulty with Windows Update then, not to mention the
    games the kids insist on playing (which use shockwave).

    >
    > - you should keep at least every software up to date, you're using in the
    > Internet or for data out of the Internet, because any software could
    > have an exploit you're using for communication

    Many vendors use updates as an excuse to get users to purchase the latest
    version.
    How are users going to tell the difference between this and genuine security
    updates?

    >
    > - you should use your brain before inserting disks into your PC, and
    > a virus scanner will help also, if you know, that virus scanners cannot
    > be perfect

    That means that the person inserting the disk needs to have a brain.
    This is not always the case in my experience.

    Jason

    >
    > And keep your system as simple as possible; increasing complexity anytime
    > is a security risk - try to remove software or to stop software before
    > adding other software, which is intended to control software, which also
    > could be stopped or removed.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  4. Archived from groups: comp.security.firewalls (More info?)

    On Fri, 16 Sep 2005 19:28:34 +0100, "Jason Edwards"
    <none1@invalid.invalid> wrote:

    <snip>

    >You're going to have difficulty with Windows Update then,

    The real problem with WU is that it's a Trojan. It often changes
    settings and opens ports. Now, I've done what Volker suggests
    for many years. But it's a good idea to have a sw firewall (I don't
    use XP) to block inbound until you can recover from the WU Trojan,
    assuming you don't have a external router/fw.

    Also, I see no harm in using a sw firewall on OS other than XP with
    its built-in inbound blocking fw. After all, not all malicious code is
    smart enough to bypass or disable it. So as long as a sw firewall is
    taken with seventeen grains of salt and anti-BS medicine I don't
    think the good ones add significant vulnerabilities to the system.
    And I like the kind of info Sygate gives me sometimes. It's a valuable
    tool, IMO.

    Art
  5. Archived from groups: comp.security.firewalls (More info?)

    > The real problem with WU is that it's a Trojan.

    Yeah, that's it. great comment! That will help.

    -Frank
  6. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432ad957@news.uni-ulm.de...

    Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
    Internet services, Firefox browser, Outlook Express in high-security mode
    (no ActiveX)...is a NAT router of any value and why?

    thanks,
    nf
  7. Archived from groups: comp.security.firewalls (More info?)

    In article <IpKWe.4642$6e1.4624@newssvr14.news.prodigy.com>,
    no.replies@no.where says...
    >
    > "Volker Birk" <bumens@dingens.org> wrote in message
    > news:432ad957@news.uni-ulm.de...
    >
    > Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
    > Internet services, Firefox browser, Outlook Express in high-security mode
    > (no ActiveX)...is a NAT router of any value and why?

    Yes, it keeps things from reaching your computer - period - it means
    that even if there is a hole in the OS or the Firewall provided by MS,
    that it won't be reached unless you invite it in.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  8. Archived from groups: comp.security.firewalls (More info?)

    ABC <simonbray@nospamemail.afraid.org> wrote:
    > You obviously don't grasp the concept of how malware is distributed.

    Surprising.

    > It is
    > not just about stopping services, not using OE and IE etc, but
    > mailware/virii/worms/trojans utilise known or unknown flaws in the Windows
    > OS to attack a PC whilst connected to the internet.

    Which flaws do you mean? Exploits in the IP/ICMP implementation itself?
    This is possible, but somewhat seldom. There were some exploits, but
    since some years, no-one heard of new found exploits there.

    Most of the worms I know - and how I myself would implement malware,
    if I would be interested in - rely on bugs of services (i.e. like buffer
    overflows) which can be used to run arbitrary code, or are using exploits
    in Internet Explorer or the ActiveX infrastructure around. Sometimes,
    with the Witty-Worm, they're using the "Personal Firewall" software itself
    for distributing.

    If there are no services reachable, then this attack vector is closed.

    A second main target for attacks is PEBKAC. This is much more difficult.
    Social engineering attacks have a broad range to be implemented, and new
    ideas are being found every day. I think, this is the most difficult
    topic, because "don't try to solve social problems with technology, it
    will not work".

    Technology can help here a little, though. At least, it has to be as
    easy as possible for the user to use systems, which are using reliably
    authorization methods like cryptography and certificates, and to
    distinguish between reliable information and questionable information.

    I think, the main topic for this field will be, how can this reliably
    flagged to the user. Here, we're in the fledgling stages yet. The
    technics used today like SSL are much more too complicated to use -
    who of the users does really know, what a certificate is and how to
    check, if this window with such curious questions pops up?

    A third main target are the programs, which are used for communication,
    say: the browser, the MUA, the IRC-client, the IM app, but also
    wordprocessing and spreadsheet applications, as well as sound-playing and
    video-playing applications, because people like to exchange such documents.
    Sometimes also Windows-Explorer is such an application *sigh* - think
    about the preview-exploit.

    It is a very bad idea here to involve the user in security topics at all,
    like it is done with this infamous ActiveX technology for example. Here
    we shouldn't ask the user anything, but provide secure applications.

    We need reliable technology with those programs. And here virus
    scanners can help to find out if somebody is spreading poisoned
    documents, if some provider failed.

    > Even good old
    > linux/unix/mac aren't foolproof and can be attacked.

    Yes, of course. But, your point being?

    > To totally protect a PC, you will need to remove all floppy drives, cd/dvd
    > drives, disable USB ports and remove the PC from the internet.

    Also clear. But, your point being?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  9. Archived from groups: comp.security.firewalls (More info?)

    Frankster <Frank@spam2trash.com> wrote:
    > Everyone should remember that balancing functionality with
    > security is the challenge.

    Yes, this is the point.

    > How much functionality that is necessary depends
    > on your needs. Advice like "not offer servers to the Internet" does nothing
    > to help the system with a web server requirement.

    Yes. We have to distinguish between people, who have to do so, and people
    who don't. But I think, we could say: "only offer as less services as
    possible, because then the surface, which can be attacked, is as small as
    possible", can we? Then, for home users, the sentence "do not offer
    servers to the internet" usually is true, is it?

    > Not using "ActiveX,
    > Scripting, Internet Explorer or Outlook Express" does nothing to help the
    > person that is required to use them.

    Yes. But is this a good idea?

    I think, ActiveX is a design flaw. You're getting the same functionality
    it offers if it's used for webbrowsers (say: plugins) without having a
    system-wide concept like COM for such plugins, but only a browser-dependend
    one. So attacks against arbitrary components in the whole system like with
    the problem, Tom Ferris recently published, are not possible any more.

    To abandon ActiveX and to implement a plugin concept will eliminate such
    problems.

    > I attended a vendor specific Spyware seminar yesterday.

    I think, this was a Microsoft seminar, was it? Because, only for
    Microsoft products there are so many spyware problems today. :-P

    > One of the points
    > the speaker made was this. Popularity + standardization = vulnerability.

    This is too nearsighted. The technology also has to be unsecure, if it
    should be abused. Usually, if it's complicated, then it's hard to secure.

    But of course, if a technology is unsecure, and popular and widespread,
    then it likely is going to be abused.

    > The above is a good example to point out that the real challenge is adding
    > security ON TOP OF functionality.

    I think, this is one of the main misunderstandings, we're suffering from.
    Security is nothing, you can add, and not at all "on top".

    Security is something, which is in your concept.

    If it's not in your concept, usually it's very hard (if not impossible) to
    add later.

    > Not, reducing functionality to gain
    > security.

    Of course not.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  10. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > > - you should not offer servers to the Internet
    > That would make it a little difficult for me to get any email as I run my
    > own SMTP server.

    OK, sorry, this is capable of being misunderstood, what I wrote. I mean,
    "for home users".

    > > - you should handle mails and mail attachements carefully; a virus
    > > scanner can help here to have a look on every attachement, before
    > > you're opening it, but you also should use your brain, because
    > > virus scanners cannot be perfect
    > I prefer not to get any viruses instead of relying on software to fight
    > software, however I do sometimes advise other people to use virus scanners
    > because there's at least some chance that the scanner will know about and
    > stop the virus BEFORE it does damage.

    Yes.

    > > - you should not use software for communication in the Internet, which
    > > implements technology like ActiveX or ActiveScripting, because these
    > > are security design flaws; so don't use Internet Explorer or Outlook
    > > Express
    > You're going to have difficulty with Windows Update then, not to mention the
    > games the kids insist on playing (which use shockwave).

    The first can be done with Internet Explorer as an exception. The second
    also is available for other browsers as a simple plugin, not as a COM
    compatible ActiveX control.

    > > - you should keep at least every software up to date, you're using in the
    > > Internet or for data out of the Internet, because any software could
    > > have an exploit you're using for communication
    > Many vendors use updates as an excuse to get users to purchase the latest
    > version.
    > How are users going to tell the difference between this and genuine security
    > updates?

    I think, this is vendor specific. It is in the liability of the vendor
    to make this clear, and to offer security updates also for older releases.
    Perhaps people who watch this and publicize about vendors, who don't, can
    help.

    > > - you should use your brain before inserting disks into your PC, and
    > > a virus scanner will help also, if you know, that virus scanners cannot
    > > be perfect
    > That means that the person inserting the disk needs to have a brain.
    > This is not always the case in my experience.

    Yes, PEBKAC. But I think, it will not work without involving users. Of
    course, they have to be involved as less as possible. But education and
    training for such topics is necessary.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  11. Archived from groups: comp.security.firewalls (More info?)

    Art <null@zip.com> wrote:
    [Windows Update]
    > The real problem with WU is that it's a Trojan.

    I don't think so.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  12. Archived from groups: comp.security.firewalls (More info?)

    nutso fasst <no.replies@no.where> wrote:
    > Question: With DSL, fixed IP, WinXP, Windows Firewall (default config), no
    > Internet services, Firefox browser, Outlook Express in high-security mode
    > (no ActiveX)...is a NAT router of any value and why?

    You can have more than one PC with one single internet connection ;-)
    For security purposes? Here: no.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  13. Archived from groups: comp.security.firewalls (More info?)

    On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:

    >Art <null@zip.com> wrote:
    >[Windows Update]
    >> The real problem with WU is that it's a Trojan.
    >
    >I don't think so.

    I recently had occassion to do a fresh install of Win 98SE. As is my
    custom, I then proceeded to disable services and make sure the
    adapters were bound to TCP/IP only. The netstat -an result was
    empty as usual.

    After doing a Windows Update ... downloading and installing all
    patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
    logon screen appeared. Sure enough, my work had been nullified
    and netstat -an showed all the usual NETBIOS ports listening. I had
    been on line for quite some time with DSL servcice wide open to
    attack. Luckily, I took no hits.

    To protect yourself from the WU trojan, you can keep the install
    file of your favorite software fw on CD and install it immediately
    after installing Windows and before going online. Do your OS hardening
    _after_ doing WU since it will undo some of your work. Then if your
    sw firewall is disabled for any reason, you'll still be safe going
    online.

    Art

    http://home.epix.net/~artnpeg
  14. Archived from groups: comp.security.firewalls (More info?)

    "Art" <null@zilch.com> wrote in message
    news:kq1oi1lb8ibt04l3uep2f0r8dl53bvc8hb@4ax.com...
    > On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:
    >
    > >Art <null@zip.com> wrote:
    > >[Windows Update]
    > >> The real problem with WU is that it's a Trojan.
    > >
    > >I don't think so.
    >
    > I recently had occassion to do a fresh install of Win 98SE. As is my
    > custom, I then proceeded to disable services and make sure the
    > adapters were bound to TCP/IP only. The netstat -an result was
    > empty as usual.
    >
    > After doing a Windows Update ... downloading and installing all
    > patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
    > logon screen appeared. Sure enough, my work had been nullified
    > and netstat -an showed all the usual NETBIOS ports listening. I had
    > been on line for quite some time with DSL servcice wide open to
    > attack. Luckily, I took no hits.

    That's one reason why a quick run of both netstat (I prefer tcpview) and
    shields up is a good idea after a fresh install (including updates and
    applications) of any version of Windows.
    But it's a much better idea for home users to be behind an external firewall
    box which filters incoming connection requests by default. This doesn't have
    to be NAT but NAT is likely to be the cheapest way.
    There is no reason why this filtering cannot be done in a DSL or cable modem
    but this may create an administration problem (and thus cost a lot of money)
    for ISPs. Some of us would rather do our own filtering but it would be best
    for ISPs to do it for others.

    Jason

    > To protect yourself from the WU trojan, you can keep the install
    > file of your favorite software fw on CD and install it immediately
    > after installing Windows and before going online. Do your OS hardening
    > _after_ doing WU since it will undo some of your work. Then if your
    > sw firewall is disabled for any reason, you'll still be safe going
    > online.
    >
    > Art
    >
    > http://home.epix.net/~artnpeg
  15. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" <void@nowhere.lan> wrote in message
    news:MPG.1d95438b84fc308698a09f@news-server.columbus.rr.com...
    > Yes, it keeps things from reaching your computer - period - it means
    > that even if there is a hole in the OS or the Firewall provided by MS,
    > that it won't be reached unless you invite it in.

    Thanks for the reply.

    I worked for years behind a software NAT- & firewall-equipped server. HTTP
    and mail services were not behind NAT, only workstations. Neither server nor
    workstation were ever infected until one day I browsed some 'reputable' news
    sites (NYTimes, CNN, NBC...) with lots of advertisements. I did not click on
    any ad, yet IE5 got hijaacked by CoolWebSearch. IP sharing is good, but I
    don't see that NAT did much for security. Stricter security settings,
    switching to FireFox, email filtering, and using a blocker HOSTS file* were
    sufficient to avoid another intrusion. But I'm advising an elderly lady
    who's switching from AOL dialup to DSL, and if I'm missing something--that
    HW NAT is going to add protection for her system with no internet services
    running and NetBIOS unbound from the NIC--I'd like to know specifically what
    it is. My biggest concern is that her system not get infected with a mass
    mailer or dos attack zombie.

    nf

    * http://mvps.org/winhelp2002/hosts.txt
  16. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432bbccd@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > > - you should not offer servers to the Internet
    > > That would make it a little difficult for me to get any email as I run
    my
    > > own SMTP server.
    >
    > OK, sorry, this is capable of being misunderstood, what I wrote. I mean,
    > "for home users".

    I am a home user :)

    Jason
  17. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432bbb16@news.uni-ulm.de...
    > Frankster <Frank@spam2trash.com> wrote:
    > > Everyone should remember that balancing functionality with
    > > security is the challenge.
    >
    [cut]

    >Then, for home users, the sentence "do not offer servers to the internet"
    usually is >true, is it?

    Yes it's usually true, but imagine yourself face to face with an
    inexperienced home Windows user and say "do not offer servers to the
    internet".
    What kind of look would you expect on their face?

    Yes it's usually true, but it can be as true as it likes without making any
    difference if there is no way to make it happen.

    Jason

    [rest cut]
  18. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > Yes it's usually true, but imagine yourself face to face with an
    > inexperienced home Windows user and say "do not offer servers to the
    > internet".
    > What kind of look would you expect on their face?

    This is, why I started www.dingens.org.

    > Yes it's usually true, but it can be as true as it likes without making any
    > difference if there is no way to make it happen.

    Oh, Torsten's script on http://www.ntsvcfg.de/ntsvcfg_eng.html is working
    good, and so is my tool on http://www.dingens.org/index.html.en

    It _is_ possible, also for a regular user. I don't know, how many downloads
    Torsten has, but the tool of www.dingen.org was now downloaded approximately
    250 000 times.

    I'm usually getting good response.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  19. Archived from groups: comp.security.firewalls (More info?)

    Art <null@zilch.com> wrote:
    > On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:
    > >Art <null@zip.com> wrote:
    > >[Windows Update]
    > >> The real problem with WU is that it's a Trojan.
    > >I don't think so.
    > After doing a Windows Update ... downloading and installing all
    > patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
    > logon screen appeared. Sure enough, my work had been nullified
    > and netstat -an showed all the usual NETBIOS ports listening. I had
    > been on line for quite some time with DSL servcice wide open to
    > attack. Luckily, I took no hits.

    I'd not call Windows-Update a "Trojan" (even not a "Greek", because the
    Trojan Horse was not Trojan, but Greek, though ;-)

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  20. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > But it's a much better idea for home users to be behind an external firewall
    > box which filters incoming connection requests by default. This doesn't have
    > to be NAT but NAT is likely to be the cheapest way.

    Please don't forget, that NAT is not a security technology, and many NAT
    implementations are not secure. If you're using a NAT router (we both mean
    masquerading when we say "NAT", I guess), then you should filter anyway.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  21. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > Yes it's usually true, but imagine yourself face to face with an
    > inexperienced home Windows user and say "do not offer servers to the
    > internet".

    I know this situation very well.

    > What kind of look would you expect on their face?

    Usually, they don't understand at all, what's goin' on. So we have to
    explain.

    > Yes it's usually true, but it can be as true as it likes without making any
    > difference if there is no way to make it happen.

    Hm, www.dingens.org usually works. This is the reason, why I put
    Torsten's script into a small Windows program.

    But of course, in fact it's Microsoft's job to do so. But they don't do
    i.e. by offering Service Packs for the older Windows releases, which stop
    all services as the default configuration for stand-alone PCs. I'm happy,
    that they at least are delivering a packet filter with Windows XP in SP2
    now, which works - the Windows firewall.

    I really don't understand, why people are paying money for "Personal
    Firewalls" and not are blaming Microsoft for this security desaster they
    have to answer for.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  22. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432d189a@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > Yes it's usually true, but imagine yourself face to face with an
    > > inexperienced home Windows user and say "do not offer servers to the
    > > internet".
    > > What kind of look would you expect on their face?
    >
    > This is, why I started www.dingens.org.
    >
    > > Yes it's usually true, but it can be as true as it likes without making
    any
    > > difference if there is no way to make it happen.
    >
    > Oh, Torsten's script on http://www.ntsvcfg.de/ntsvcfg_eng.html is working
    > good, and so is my tool on http://www.dingens.org/index.html.en
    >
    > It _is_ possible, also for a regular user. I don't know, how many
    downloads
    > Torsten has, but the tool of www.dingen.org was now downloaded
    approximately
    > 250 000 times.

    Is that all? Steve Gibson is claiming over twenty times that for some of his
    tools.

    Perhaps it is mostly experienced people who have downloaded your tools so
    far, in other words those who didn't really need them or were just curious
    to have a look.

    I haven't used your tools myself, but I have no doubt that they do exactly
    what they are intended to do and are likely to be of the highest quality
    available for such tools.

    Jason

    >
    > I'm usually getting good response.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  23. Archived from groups: comp.security.firewalls (More info?)

    In article <432d2bdd@news.uni-ulm.de>, bumens@dingens.org says...
    > I really don't understand, why people are paying money for "Personal
    > Firewalls" and not are blaming Microsoft for this security desaster they
    > have to answer for.

    Because there is a simple solution, one that, like every other OS, has
    solutions that don't involve the vendor. I would never stick a default
    setup Linux box on the live internet, nor a Windows PC, nor a MAC with
    OS/X.

    People should not trust Windows SP2 firewall as it's not been proven,
    can be circumvented by the user or a script, and is not monitoring
    outbound traffic.

    What I can't understand is why you think Windows SP2 firewall is enough
    for anyone.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  24. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    >
    > What I can't understand is why you think Windows SP2 firewall is enough
    > for anyone.
    >

    Likely, because he believes that following pretty well established Safe
    Computing Practices (a/k/a SafeHex) mitigates the need for using a
    software firewall with application or communication control.
  25. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > > > What kind of look would you expect on their face?
    > > This is, why I started www.dingens.org.
    > > It _is_ possible, also for a regular user. I don't know, how many
    > downloads
    > > Torsten has, but the tool of www.dingen.org was now downloaded
    > approximately
    > > 250 000 times.
    > Is that all?

    To proof, that it's possible? Yes.

    > Steve Gibson is claiming over twenty times that for some of his
    > tools.

    Yes. And I don't want to compete with him. Please don't compare me with
    him. I offered www.dingens.org as free software, and you're free to
    improve it if you want to.

    > Perhaps it is mostly experienced people who have downloaded your tools so
    > far

    No, not at all. The more experienced people usually are downloading
    Torsten's script, because this is much easier to modify or adapt. My job
    only was to make this understanding accessible for most of the users.

    I just implemented a small Windows program out of this script to open
    these possibilities also for the unexperienced user. And it works.

    The German magazin "PC Professional" (which is the German sister magazin
    of the PC Magazin, I guess) requested me to write an article for them,
    and they had a "Personal Firewall" test themselves - they aknowledged,
    what I'm telling.

    The 250.000 downloads are what was downloaded from my own website,
    not including the people who used this tool, because it's on many CDs
    from many magazins in Germany now.

    > I haven't used your tools myself, but I have no doubt that they do exactly
    > what they are intended to do and are likely to be of the highest quality
    > available for such tools.

    Thank you for trusting ;-) But: what would be best is, that Microsoft
    finally make those tools uunnecessary by implementing a default
    configuration for any release of Microsoft Windows people are using,
    which is secure.

    Then there is no need any more for such tools. And this will be best.

    To the background of this process:

    I'm active in the Chaos Computer Club, ERFA Ulm / Chaostreff Bad Waldsee.
    Just enter my name in Google ;-)

    We were shocked, that Microsoft were offering head money for pupils,
    who are rampaging in the age of 17 by downloading "virus construction
    kits" from the net and creating viruses like "Sasser".

    I think, paying bounty hunters for the head of pupils cannot be the
    way to solve the security mistakes of Microsoft. Of course, such
    pupils have to be punished, but Microsoft also have to do their home-
    work first.

    So I wanted to show how easy it is (and 50k and one day work are enough)
    to secure a Windows PC that it cannot be target of worms like sasser any
    more. It was in the days before Windows XP SP2.

    I had the hope, that then some people will understand, that we don't need
    bounty hunters, but secure systems. And that does not mean, that Microsoft
    have to invest hundreds of millions of $, but that it's enough to think
    about it to solve the worst problems.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  26. Archived from groups: comp.security.firewalls (More info?)

    On 18 Sep 2005 14:15:57 +0200, Volker Birk <bumens@dingens.org> wrote:

    >We were shocked, that Microsoft were offering head money for pupils,
    >who are rampaging in the age of 17 by downloading "virus construction
    >kits" from the net and creating viruses like "Sasser".
    >
    >I think, paying bounty hunters for the head of pupils cannot be the
    >way to solve the security mistakes of Microsoft. Of course, such
    >pupils have to be punished, but Microsoft also have to do their home-
    >work first.

    Some food for thought from _The Six Dumbest Ideas in Computer
    Security_:

    http://www.ranum.com/security/computer_security/editorials/dumb/

    > #4) Hacking is Cool
    >
    >One of the best ways to get rid of cockroaches in your kitchen is to scatter bread-crumbs under the stove, >right? Wrong! That's a dumb idea. One of the best ways to discourage hacking on the Internet is to give the >hackers stock options, buy the books they write about their exploits, take classes on "extreme hacking kung >fu" and pay them tens of thousands of dollars to do "penetration tests" against your systems, right? Wrong! >"Hacking is Cool" is a really dumb idea.
    >
    >Around the time I was learning to walk, Donn Parker was researching the behavioral aspects of hacking and >computer security. He says it better than I ever could:

    >"Remote computing freed criminals from the historic requirement of proximity to their crimes. Anonymity and >freedom from personal victim confrontation increased the emotional ease of crime, i.e., the victim was only >an inanimate computer, not a real person or enterprise. Timid people could become criminals. The >proliferation of identical systems and means of use and the automation of business made possible and >improved the economics of automating crimes and constructing powerful criminal tools and scripts with great >leverage."
    >
    >Hidden in Parker's observation is the awareness that hacking is a social problem. It's not a technology >problem, at all. "Timid people could become criminals." The Internet has given a whole new form of >elbow-room to the badly socialized borderline personality. The #4th dumbest thing information security >practitioners can do is implicitly encourage hackers by lionizing them. The media plays directly into this, >by portraying hackers, variously, as "whiz kids" and "brilliant technologists" - of course if you're a >reporter for CNN, anyone who can install Linux probably does qualify as a "brilliant technologist" to you. I >find it interesting to compare societal reactions to hackers as "whiz kids" versus spammers as "sleazy con >artists." I'm actually heartened to see that the spammers, phishers, and other scammers are adopting the >hackers and the techniques of the hackers - this will do more to reverse society's view of hacking than any >other thing we could do.
    >
    >If you're a security practitioner, teaching yourself how to hack is also part of the "Hacking is Cool" dumb >idea. Think about it for a couple of minutes: teaching yourself a bunch of exploits and how to use them >means you're investing your time in learning a bunch of tools and techniques that are going to go stale as >soon as everyone has patched that particular hole. It means you've made part of your professional skill-set >dependent on "Penetrate and Patch" and you're going to have to be part of the arms-race if you want that >skill-set to remain relevant and up-to-date. Wouldn't it be more sensible to learn how to design security >systems that are hack-proof than to learn how to identify security systems that are dumb?
    >
    >My prediction is that the "Hacking is Cool" dumb idea will be a dead idea in the next 10 years. I'd like to >fantasize that it will be replaced with its opposite idea, "Good Engineering is Cool" but so far there is no >sign that's likely to happen.


    I don't think you would disagree with the other points in the article.
  27. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432d5a7d@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > > > What kind of look would you expect on their face?
    > > > This is, why I started www.dingens.org.
    > > > It _is_ possible, also for a regular user. I don't know, how many
    > > downloads
    > > > Torsten has, but the tool of www.dingen.org was now downloaded
    > > approximately
    > > > 250 000 times.
    > > Is that all?
    >
    > To proof, that it's possible? Yes.
    >
    > > Steve Gibson is claiming over twenty times that for some of his
    > > tools.
    >
    > Yes. And I don't want to compete with him. Please don't compare me with
    > him. I offered www.dingens.org as free software, and you're free to
    > improve it if you want to.
    >

    I can't deny that I knew it would be painful for you to be compared with
    Steve Gibson, but what is the big difference?
    He is offering free software too.
    If your software is targeted at inexperienced home users then why bother
    saying that they are free to improve it? None of them will be able to
    compile it, never mind improve it. Perhaps Gibson knows this.


    > > Perhaps it is mostly experienced people who have downloaded your tools
    so
    > > far
    >
    > No, not at all. The more experienced people usually are downloading
    > Torsten's script, because this is much easier to modify or adapt. My job
    > only was to make this understanding accessible for most of the users.

    As I see it, Steve Gibson also sees it as his job to make things accessible
    to inexperienced home users, but perhaps not exactly the same things as you
    do.

    >
    > I just implemented a small Windows program out of this script to open
    > these possibilities also for the unexperienced user. And it works.

    Gibson's software also does what it claims, as far as I know, and it
    shouldn't be very difficult for anyone who wants his source code to get it
    because he does everything in assembler.

    >
    > The German magazin "PC Professional" (which is the German sister magazin
    > of the PC Magazin, I guess) requested me to write an article for them,
    > and they had a "Personal Firewall" test themselves - they aknowledged,
    > what I'm telling.

    Gibson has gone much further, have you appeared on TV yet?

    >
    > The 250.000 downloads are what was downloaded from my own website,
    > not including the people who used this tool, because it's on many CDs
    > from many magazins in Germany now.
    >
    > > I haven't used your tools myself, but I have no doubt that they do
    exactly
    > > what they are intended to do and are likely to be of the highest quality
    > > available for such tools.
    >
    > Thank you for trusting ;-) But: what would be best is, that Microsoft
    > finally make those tools uunnecessary by implementing a default
    > configuration for any release of Microsoft Windows people are using,
    > which is secure.

    XP SP2 seems to be the closest they've got so far. But suppost the original
    release of 2000 or XP had actually been XP SP2. Would we still be here
    discussing other ways that home users' PCs could be made to run hostile
    code? I think we would.

    >
    > Then there is no need any more for such tools. And this will be best.
    >
    > To the background of this process:
    >
    > I'm active in the Chaos Computer Club, ERFA Ulm / Chaostreff Bad Waldsee.
    > Just enter my name in Google ;-)

    Not quite as many hits as Steve Gibson but an exponential increase shouldn't
    see it take long :)

    >
    > We were shocked, that Microsoft were offering head money for pupils,
    > who are rampaging in the age of 17 by downloading "virus construction
    > kits" from the net and creating viruses like "Sasser".

    Well they have to do something to reduce the incidence of worms like Sasser
    and I think it's likely that they have many people who are better versed in
    politics than software.

    >
    > I think, paying bounty hunters for the head of pupils cannot be the
    > way to solve the security mistakes of Microsoft. Of course, such
    > pupils have to be punished, but Microsoft also have to do their home-
    > work first.
    >
    > So I wanted to show how easy it is (and 50k and one day work are enough)
    > to secure a Windows PC that it cannot be target of worms like sasser any
    > more. It was in the days before Windows XP SP2.

    So Microsoft have already fixed that with SP2. Now we just have to wait for
    home users to all do a clean install of XP SP2

    >
    > I had the hope, that then some people will understand, that we don't need
    > bounty hunters, but secure systems. And that does not mean, that Microsoft
    > have to invest hundreds of millions of $, but that it's enough to think
    > about it to solve the worst problems.

    Steve Gibson also appears to think that Microsoft don't understand security
    and that it's his job to provide tools to fix it until they do.

    There is honestly no need to write a long reply Volker, and please don't be
    too hurt that I saw many parallels between you and Steve Gibson.

    Jason

    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  28. Archived from groups: comp.security.firewalls (More info?)

    In article <0ZmdndbxZsC-KLDeRVn-jg@comcast.com>, optikl@invalid.net
    says...
    > Leythos wrote:
    >
    > >
    > > What I can't understand is why you think Windows SP2 firewall is enough
    > > for anyone.
    > >
    >
    > Likely, because he believes that following pretty well established Safe
    > Computing Practices (a/k/a SafeHex) mitigates the need for using a
    > software firewall with application or communication control.

    Interesting Idea, but, I don't run a personal firewall application on
    any systems except for laptops. Even with more than 1000 nodes in
    managed environments, we disable the Windows XP SP2 firewall service,
    but, we also have control of the inbound and outbound connections and
    filter content OUT of smtp, ftp, http, etc...

    In my own home I have a WatchGuard Firebox firewall, it's removing
    malicious content all the time, but I don't run any PFW on anything
    except the latops.

    The only reason I run a PFW on a laptop is because I can't trust new
    client network.

    The reason to NOT let SP2 Firewall be your protection is that it will
    allow File/Printer sharing by default - most vendor provided ones block
    it by default.

    I see no reason to have SP2's firewall when there are quality ones like
    ZAP and such.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  29. Archived from groups: comp.security.firewalls (More info?)

    Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
    > http://www.ranum.com/security/computer_security/editorials/dumb/
    > > #4) Hacking is Cool
    > >One of the best ways to get rid of cockroaches in your kitchen is to
    > >scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.

    I don't agree with that:

    http://www.catb.org/~esr/jargon/html/H/hacker.html
    http://www.catb.org/~esr/jargon/html/C/cracker.html

    > I don't think you would disagree with the other points in the article.

    I don't know yet ;-) This does not sound like an artikle I want to read.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  30. Archived from groups: comp.security.firewalls (More info?)

    On 19 Sep 2005 11:42:46 +0200, Volker Birk <bumens@dingens.org> wrote:

    >Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
    >> http://www.ranum.com/security/computer_security/editorials/dumb/
    >> > #4) Hacking is Cool
    >> >One of the best ways to get rid of cockroaches in your kitchen is to
    >> >scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.
    >
    >I don't agree with that:
    >
    >http://www.catb.org/~esr/jargon/html/H/hacker.html
    >http://www.catb.org/~esr/jargon/html/C/cracker.html


    Quibbling over terminology. That's a lost cause anyway to resist the
    evolution of a living language. Today, for most, hacker == cracker. It
    may be wrong in the historical sense but it is correct now for the
    majority.

    >> I don't think you would disagree with the other points in the article.
    >
    >I don't know yet ;-) This does not sound like an artikle I want to read.

    No one likes reading articles that contradict their viewpoint.

    You have no desire to refute the points the article makes?
  31. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > I can't deny that I knew it would be painful for you to be compared with
    > Steve Gibson, but what is the big difference?

    I don't want you to use my tools. Please use Torsten's script, my tool
    only is for people, who feel more comfortable with a Windows program.

    I don't want you to buy my tools. In fact, you cannot buy it, because I
    will not sell it ;-)

    And beside my tools, I don't want to sell nonsense to you.

    > He is offering free software too.

    No. Freeware is not Free Software. Please read:

    http://www.gnu.org/philosophy/free-sw.html

    > If your software is targeted at inexperienced home users then why bother
    > saying that they are free to improve it?

    Not the inexperienced home user will improve it. But perhaps, a technician
    in this discussion here want's to read the source code or even improve it.

    And anybody who wants to and is able to can check, what it's really doing.

    > > No, not at all. The more experienced people usually are downloading
    > > Torsten's script, because this is much easier to modify or adapt. My job
    > > only was to make this understanding accessible for most of the users.
    > As I see it, Steve Gibson also sees it as his job to make things accessible
    > to inexperienced home users, but perhaps not exactly the same things as you
    > do.

    Perhaps. But I doubt, that Mr. Gibson is doing this for other reasons
    than making money. I cannot see, why he should spread so much nonsense
    through the net, if that would be not true.

    > > I just implemented a small Windows program out of this script to open
    > > these possibilities also for the unexperienced user. And it works.
    > Gibson's software also does what it claims, as far as I know, and it
    > shouldn't be very difficult for anyone who wants his source code to get it
    > because he does everything in assembler.

    If this is true, it's crazy - there is no reason why not to use C.

    > > The German magazin "PC Professional" (which is the German sister magazin
    > > of the PC Magazin, I guess) requested me to write an article for them,
    > > and they had a "Personal Firewall" test themselves - they aknowledged,
    > > what I'm telling.
    > Gibson has gone much further, have you appeared on TV yet?

    Yes, but with completely other topics, which have nothing to do with that ;-)

    > > Thank you for trusting ;-) But: what would be best is, that Microsoft
    > > finally make those tools uunnecessary by implementing a default
    > > configuration for any release of Microsoft Windows people are using,
    > > which is secure.
    > XP SP2 seems to be the closest they've got so far.

    Yes. I agree. But where is this for Windows 2000?

    > So Microsoft have already fixed that with SP2.

    Unfortunately not. Even Windows XP SP2 is offering servers in the default
    configuration, nobody needs. And afterwards they're filtered away again
    with the Windows-Firewall.

    Of course, this does not make sense at all. But they're doing this. And
    when the Windows-Firewall is not up for some reason (like the bug they
    had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
    again.

    My question is: why?

    Why don't they change this at last? And why don't they change the absurd
    idea, that also a Windows client machine in a Windows domain has to offer
    RPC service to be able to be a member of the domain?

    This is a b0rken concept.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  32. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > In article <432d2bdd@news.uni-ulm.de>, bumens@dingens.org says...
    > > I really don't understand, why people are paying money for "Personal
    > > Firewalls" and not are blaming Microsoft for this security desaster they
    > > have to answer for.
    > Because there is a simple solution, one that, like every other OS, has
    > solutions that don't involve the vendor. I would never stick a default
    > setup Linux box on the live internet, nor a Windows PC, nor a MAC with
    > OS/X.

    Mac OS X offers _zero_ servers to the Internet in the default configuration.
    So does the actual Debian GNU/Linux.

    Unfortunately, other Linux distributions are to critizise also.

    > People should not trust Windows SP2 firewall as it's not been proven,

    This is just FUD. Please explain, what do you mean with it. The Windows-
    Firewall is a simple configuration tool to configure the packet filter
    in Windows' kernel.

    And this packet filter works good, for all what I can see. So please
    explain, what exactly does not work as expected.

    > can be circumvented by the user or a script

    Just like _every_ "Personal Firewall" we tested. See Chippy's autoclicker
    tool.

    > and is not monitoring
    > outbound traffic.

    I already said enough to that topic, didn't I? Why are you arguing with
    this in spite of the fact, that you could know, that this will not work
    anyway?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  33. Archived from groups: comp.security.firewalls (More info?)

    optikl <optikl@invalid.net> wrote:
    > > What I can't understand is why you think Windows SP2 firewall is enough
    > > for anyone.
    > Likely, because he believes that following pretty well established Safe
    > Computing Practices (a/k/a SafeHex) mitigates the need for using a
    > software firewall with application or communication control.

    Yes. In fact, I think this is a much better idea then believing that
    security can be bought in boxes.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  34. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > The reason to NOT let SP2 Firewall be your protection is that it will
    > allow File/Printer sharing by default - most vendor provided ones block
    > it by default.

    We tested this. On no box we tested, File/Printer sharing was enabled by
    default. So this is just wrong what you're saying.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  35. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432e8be8@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > I can't deny that I knew it would be painful for you to be compared with
    > > Steve Gibson, but what is the big difference?
    >
    > I don't want you to use my tools. Please use Torsten's script, my tool
    > only is for people, who feel more comfortable with a Windows program.
    >
    > I don't want you to buy my tools. In fact, you cannot buy it, because I
    > will not sell it ;-)

    Gibson doesn't sell all his tools, but he does push and sell a tool which
    no-one needs any more provided they have proper backups and a few pennies
    for a replacement drive. It is true that most people don't have proper
    backups, but that's a separate discussion.

    [cut]
    > > Gibson's software also does what it claims, as far as I know, and it
    > > shouldn't be very difficult for anyone who wants his source code to get
    it
    > > because he does everything in assembler.
    >
    > If this is true, it's crazy - there is no reason why not to use C.

    I don't think C is the best language in the world, but that's a separate
    discussion.
    I don't mean I think it's a good idea to do everything in assembler.

    [cut]
    > > XP SP2 seems to be the closest they've got so far.
    >
    > Yes. I agree. But where is this for Windows 2000?

    Ask the politicians at Microsoft. I'm sure they can come up with a long list
    of reasons why we must all throw away our Windows 2000 systems and purchase
    Vista. No doubt one reason will be that it's the most secure and easy to use
    operating system they've ever produced.

    >
    > > So Microsoft have already fixed that with SP2.
    >
    > Unfortunately not. Even Windows XP SP2 is offering servers in the default
    > configuration, nobody needs. And afterwards they're filtered away again
    > with the Windows-Firewall.
    >
    > Of course, this does not make sense at all. But they're doing this. And
    > when the Windows-Firewall is not up for some reason (like the bug they
    > had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
    > again.
    >
    > My question is: why?

    Ask them. If you get any further than banging your head against a brick
    wall, let me know.

    Jason


    >
    > Why don't they change this at last? And why don't they change the absurd
    > idea, that also a Windows client machine in a Windows domain has to offer
    > RPC service to be able to be a member of the domain?
    >
    > This is a b0rken concept.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  36. Archived from groups: comp.security.firewalls (More info?)

    On Mon, 19 Sep 2005 06:23:17 -0700, Wim de Vries
    <kikker@sneeuwenleeuw.con.invalid> wrote:


    >Quibbling over terminology. That's a lost cause anyway to resist the
    >evolution of a living language. Today, for most, hacker == cracker. It
    >may be wrong in the historical sense but it is correct now for the
    >majority.
    >

    For most cockroach = bug,
    and bacteria = bug.
    Bacteria = cockroach ??

    Norton Antibug?

    Geo
  37. Archived from groups: comp.security.firewalls (More info?)

    Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
    > > This does not sound like an artikle I want to read.
    > No one likes reading articles that contradict their viewpoint.

    If someone compares people with cockroaches, then I'm not very interested
    in what he has to say, sorry.

    > You have no desire to refute the points the article makes?

    Sorry, I'm not interested in a discussion which bases on offense and
    pure polemics.

    But if you want to discuss yourself, of course I'm happy to discuss
    with you. Please feel free to critizise me, tell me your views.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  38. Archived from groups: comp.security.firewalls (More info?)

    On 20 Sep 2005 05:55:30 +0200, Volker Birk <bumens@dingens.org> wrote:

    >Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
    >> > This does not sound like an artikle I want to read.
    >> No one likes reading articles that contradict their viewpoint.
    >
    >If someone compares people with cockroaches, then I'm not very interested
    >in what he has to say, sorry.

    If you would re-read the thread, you will see that it was "GEO"
    Me@home.here in Message-ID: <432f2c5a.18847898@news.ucalgary.ca> who
    mentioned "cockroaches", not I.
    >
    >> You have no desire to refute the points the article makes?
    >
    >Sorry, I'm not interested in a discussion which bases on offense and
    >pure polemics.
    >
    >But if you want to discuss yourself, of course I'm happy to discuss
    >with you. Please feel free to critizise me, tell me your views.

    Sorry for my cynicism, but this seems a convenient ploy on your part
    to avoid any concrete discussion at all. I have been civil in all my
    responses to you unless questioning your position on firewalls in
    being "uncivil".

    My general view? I feel you are overly zealous in your dismissal of
    PFs as limited but useful tools even if they only provide mental
    comfort to the non-technical user. My 79 year-old father uses his
    windows-based PC to follow the stock market. He is partially blind, so
    my 78 year-old mother has to do the technical tasks for him. She has
    actually begun crying in frustration as I lead her through some of the
    more arcane tasks because she just doesn't understand why she has to
    spend time turning off services or applying upgrades. There are
    millions of users out there, young and old, like my parents.

    Your one-size fits all security solution disdainfully ignores a
    significant part of the PC users out there who can, at least, have a
    minimal level of security by using a PF.

    My impression is that an anti-personal firewall position has become a
    fad in Germany and pro-UNIX/Linux circles since most of the advocacy
    I've seen in this groups originates from German UNIX/Linux users.
  39. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    [Gibson]
    > > > he does everything in assembler.
    > > If this is true, it's crazy - there is no reason why not to use C.
    > I don't think C is the best language in the world, but that's a separate
    > discussion.

    But Windows is written in C, and the API is in C (beside the funny
    decision of Microsoft to have Pascal calling convention in the DLLs).

    > I don't mean I think it's a good idea to do everything in assembler.

    Of course, if he wants to do it, why not? I for myself only are hacking
    assembler code, if there is no other way to achive what I want to do.

    > > Unfortunately not. Even Windows XP SP2 is offering servers in the default
    > > configuration, nobody needs. And afterwards they're filtered away again
    > > with the Windows-Firewall.
    > > Of course, this does not make sense at all. But they're doing this. And
    > > when the Windows-Firewall is not up for some reason (like the bug they
    > > had already with PPPoE IIRC), then also Windows XP SP2 is vulnerable
    > > again.
    > > My question is: why?
    > Ask them. If you get any further than banging your head against a brick
    > wall, let me know.

    ;-)

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  40. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432f8985@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > [Gibson]
    > > > > he does everything in assembler.
    > > > If this is true, it's crazy - there is no reason why not to use C.
    > > I don't think C is the best language in the world, but that's a separate
    > > discussion.
    >
    > But Windows is written in C,

    And I think that's one of its biggest problems, however I'm not suggesting
    that there's a simple way to do anything about that.
    Rewriting Windows from the ground up would be good for security but bad for
    any other reason I can think of.
    So I think we're stuck with things as they are, no matter how many people
    offer web sites with tools designed to improve security. The people who need
    those tools will never find them, and even if they do find them they will
    not be able to download and use them, no matter how simple it is.
    http://www.theregister.co.uk/2005/09/19/symantec_zombie_threat/
    So I conclude that it's not possible to prevent malware running on a Windows
    PC when the Windows PC is connected to broadband and owner is a home user
    who has no idea how to prevent it. Even if they find your web page (or
    Gibson's or another page or this newsgroup) they won't have a clue what it's
    talking about and they won't know which page to believe.
    Things may change in the distant future but I don't know how many years.

    Christmas will be here soon. I wonder what the effect will be on the number
    of broadband connected Windows PCs waiting to be owned.

    Jason

    [cut]>
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  41. Archived from groups: comp.security.firewalls (More info?)

    Wim de Vries <kikker@sneeuwenleeuw.con.invalid> wrote:
    > If you would re-read the thread, you will see that it was "GEO"
    > Me@home.here in Message-ID: <432f2c5a.18847898@news.ucalgary.ca> who
    > mentioned "cockroaches", not I.

    This is not true. In your article
    <13pqi11nvt8s3eulq7bl1m8m9q8sk2dokb@4ax.com> you wrote:

    ------------------------------ schnipp -----------------------------------
    Some food for thought from _The Six Dumbest Ideas in Computer
    Security_:

    http://www.ranum.com/security/computer_security/editorials/dumb/

    One of the best ways to get rid of cockroaches in your kitchen is to
    scatter bread-crumbs under the stove, right? Wrong! That's a dumb idea.
    One of the best ways to discourage hacking on the Internet is to give the
    hackers stock options, buy the books they write about their exploits,
    take classes on "extreme hacking kung fu" and pay them tens of thousands
    of dollars to do "penetration tests" a gainst your systems, right? Wrong!
    "Hacking is Cool" is a really dumb idea.
    ------------------------------ schnapp -----------------------------------

    Here you're compairing (or at least the author of the article is
    compairing, and you're referencing it) human beings with crockroaches.

    This is not a starting point we could discuss, sorry.

    > >> You have no desire to refute the points the article makes?
    > >Sorry, I'm not interested in a discussion which bases on offense and
    > >pure polemics.
    > >But if you want to discuss yourself, of course I'm happy to discuss
    > >with you. Please feel free to critizise me, tell me your views.
    > Sorry for my cynicism, but this seems a convenient ploy on your part
    > to avoid any concrete discussion at all.

    Not at all. Just try, please.

    > My general view? I feel you are overly zealous in your dismissal of
    > PFs as limited but useful tools even if they only provide mental
    > comfort to the non-technical user.

    I don't think that "Personal Firewalls" are "limited but useful tools".
    The "Personal Firewalls", I saw, are completely useless and even
    counterproductive tools for security purposes.

    This is the reason I'm arguing against them, what perhaps you mean with
    "zealous" ;-)

    > My 79 year-old father uses his
    > windows-based PC to follow the stock market. He is partially blind, so
    > my 78 year-old mother has to do the technical tasks for him. She has
    > actually begun crying in frustration as I lead her through some of the
    > more arcane tasks because she just doesn't understand why she has to
    > spend time turning off services or applying upgrades. There are
    > millions of users out there, young and old, like my parents.

    Yes. And they could buy a Macintosh, perhaps a MacMini.

    > Your one-size fits all security solution disdainfully ignores a
    > significant part of the PC users out there who can, at least, have a
    > minimal level of security by using a PF.

    No, not at all. Quite the contrary, I'm working on the topic to offer
    quick solutions for such users in my sparetime for free, and I'm trying
    to help building the awareness in the public for solutions for this
    topic, including the most important approach: making Microsoft solving
    those problems.

    > My impression is that an anti-personal firewall position has become a
    > fad in Germany and pro-UNIX/Linux circles since most of the advocacy
    > I've seen in this groups originates from German UNIX/Linux users.

    Sorry, this is not true. The "anti-personal firewall position" has its
    origins in Usenet in de.comp.security.misc, and in the work of Frank Kaune
    and Torsten Mann as well as Ansgar Wiechers and Urs Traenkner. All of
    them, without exception, are Windows users, and Windows experts AFAICS.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  42. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > Can you give an estimate of the number of Windows PCs connected to broadband
    > which do not have XP SP2?

    Unfortunately, I don't have such numbers. It would be interesting to know,
    though.

    > Information is only useful to those who can make sense of it.

    Yes, of course.

    > > why not using Internet Explorer or Outlook Express,
    > > but some alternatives - and keeping those up to date.
    > For the reasons I've already given.
    > Try teaching your cat to do this, at least it will keep still and purr, but
    > it won't listen to a word of what you're saying.

    ;-)

    I don't have the bad experiences with end users as you seem to have ;-)

    > > Also the home user
    > > has to be teached, that he should be careful with stuff he gets per email
    > > from unknown sources.
    > Try teaching them then.

    I'm doing this.

    > A microphone also listens, even if it's not connected to anything.

    ;-)

    I'm trying to use multiplicators in this game, though. I.e. PC Professional
    and other magazines. Of course, this is a difficult task, and it's difficult
    to teach the magazine writers first. But, perhaps it would be a good idea,
    if I would not do this alone?

    > I think Microsoft think that they have to solve these problems too, but
    > without breaking any existing applications.

    I don't think, that thi really is the problems. We had some technical
    discussions about this topic on de.comp.security.misc yet, and it seems
    to be less problematic than what I thought first.

    As a bigger problem I see, that Microsoft is a very heterogenous group
    of people not only but also in terms of security knowledge.

    One person is calling any trial to remove malware from your PC if it is
    already infected an impossible task (what usually is true, it's not
    possible to do this in a secure way usually), while the other person
    is advertizing malware removal tools from Microsoft at the same time.

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
    http://www.microsoft.com/athome/security/spyware/software/default.mspx

    > > and why "Personal Firewall" providers
    > > can sell their products with nonsense like "stealthing" or "controlling
    > > outbound traffic".
    > It's because people want to buy it because other people told them they need
    > it.

    Yes, of course.

    > Have you logged on to a banking site recently?
    > Were you warned that you should be using anti-virus and personal firewall
    > software?

    Yes.

    > Were you offered a discount on one of the two products you can find in the
    > high street?

    No.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  43. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43308ab8@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > Can you give an estimate of the number of Windows PCs connected to
    broadband
    > > which do not have XP SP2?
    >
    > Unfortunately, I don't have such numbers. It would be interesting to know,
    > though.
    >
    > > Information is only useful to those who can make sense of it.
    >
    > Yes, of course.
    >
    > > > why not using Internet Explorer or Outlook Express,
    > > > but some alternatives - and keeping those up to date.
    > > For the reasons I've already given.
    > > Try teaching your cat to do this, at least it will keep still and purr,
    but
    > > it won't listen to a word of what you're saying.
    >
    > ;-)
    >
    > I don't have the bad experiences with end users as you seem to have ;-)
    >
    > > > Also the home user
    > > > has to be teached, that he should be careful with stuff he gets per
    email
    > > > from unknown sources.
    > > Try teaching them then.
    >
    > I'm doing this.

    I'd give it up if I were you. Unless you want to do it Steve Gibson style.
    Otherwise you won't get enough people following your message.

    >
    > > A microphone also listens, even if it's not connected to anything.
    >
    > ;-)
    >
    > I'm trying to use multiplicators in this game, though. I.e. PC
    Professional
    > and other magazines. Of course, this is a difficult task, and it's
    difficult
    > to teach the magazine writers first. But, perhaps it would be a good idea,
    > if I would not do this alone?

    Do it Gibson style then. Get your followers to spread the word. Make sure
    they believe that it's the only true way to security.

    >
    > > I think Microsoft think that they have to solve these problems too, but
    > > without breaking any existing applications.
    >
    > I don't think, that thi really is the problems. We had some technical
    > discussions about this topic on de.comp.security.misc yet, and it seems
    > to be less problematic than what I thought first.
    >
    > As a bigger problem I see, that Microsoft is a very heterogenous group
    > of people not only but also in terms of security knowledge.
    >
    > One person is calling any trial to remove malware from your PC if it is
    > already infected an impossible task (what usually is true, it's not
    > possible to do this in a secure way usually), while the other person
    > is advertizing malware removal tools from Microsoft at the same time.
    >
    > http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
    > http://www.microsoft.com/athome/security/spyware/software/default.mspx

    I think Microsoft might put it something like this:
    Because Microsoft must respond to changing market conditions, you shouldn't
    expect anything we say to imply a commitment to do anything in any
    particular way.

    Market conditions may not have much to do with educating users or having any
    concern for their security. It may have much more to do with how many copies
    of your product you've sold and what the bottom line is.

    Microsoft could no doubt spend more money on educating users if they wanted
    to, but why don't they? Is it because they know that most home users cannot
    begin to understand what's inside the box and what the best system
    configuration is?

    One of my friends bought a new mouse a few fays ago because the mouse
    pointer on the screen kept freezing. I only found out after he discovered
    that the new mouse did exactly the same thing.

    Jason

    >
    > > > and why "Personal Firewall" providers
    > > > can sell their products with nonsense like "stealthing" or
    "controlling
    > > > outbound traffic".
    > > It's because people want to buy it because other people told them they
    need
    > > it.
    >
    > Yes, of course.
    >
    > > Have you logged on to a banking site recently?
    > > Were you warned that you should be using anti-virus and personal
    firewall
    > > software?
    >
    > Yes.
    >
    > > Were you offered a discount on one of the two products you can find in
    the
    > > high street?
    >
    > No.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  44. Archived from groups: comp.security.firewalls (More info?)

    Jason Edwards <none1@invalid.invalid> wrote:
    > I'd give it up if I were you. Unless you want to do it Steve Gibson style.
    > Otherwise you won't get enough people following your message.

    Oh, no problem. I'm not thinking, that I will make the world spin the
    other way around or something ;-)

    But of course, this does not keep me from saying what I'm thinking.

    > Do it Gibson style then.

    No, thank you. I will try to keep in this reality and not to tell
    nonsense. Perhaps, discussions like this one help me with it...

    > Get your followers to spread the word.

    I don't want to do this, sorry. That also may have to do with the fact, I'm
    not a prophet and I don't have followers ;-)

    > > http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
    > > http://www.microsoft.com/athome/security/spyware/software/default.mspx
    > I think Microsoft might put it something like this:
    > Because Microsoft must respond to changing market conditions, you shouldn't
    > expect anything we say to imply a commitment to do anything in any
    > particular way.

    ;-)

    > One of my friends bought a new mouse a few fays ago because the mouse
    > pointer on the screen kept freezing. I only found out after he discovered
    > that the new mouse did exactly the same thing.

    Then the new mouse is b0rken, too. :-P

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  45. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43300d44@news.uni-ulm.de...
    > http://www.ranum.com/security/computer_security/editorials/dumb/
    > ...
    > Here you're compairing (or at least the author of the article is
    > compairing, and you're referencing it) human beings with crockroaches.

    It's an analogy, Volker, not a comparison. Analogy: "A similarity in some
    respects between things that are otherwise dissimilar." A favorite
    'keep-em-awake-and-attentive' tool of motivational speakers.

    Flaws aside, I thought the piece echoed some of what you've been saying, and
    makes an especially good point about the futility of enumerating badness.

    My 'favorite' dumb idea: "Just get it working, we can get it working right
    later." Which reminds me of an analogy: If the foundation is flawed, the
    overlying structure can't possibly be stable.

    "When it comes to being a pansophist, there is no 'do', only 'try'."
    - nf
  46. Archived from groups: comp.security.firewalls (More info?)

    nutso fasst <no.replies@no.where> wrote:
    [Relation between cockroaches and human beings]
    > It's an analogy, Volker, not a comparison.

    Analogy or comparison - could we abstain from it, please?

    > My 'favorite' dumb idea: "Just get it working, we can get it working right
    > later." Which reminds me of an analogy: If the foundation is flawed, the
    > overlying structure can't possibly be stable.

    Hm... yes, of course. What are you trying to tell me?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  47. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43319529@news.uni-ulm.de...
    > Hm... yes, of course. What are you trying to tell me?

    (Hmm, methinks any such attempt would be futile.) T'was not for you, just a
    statement I think bears repeating (clearly there are managers who don't
    subscribe to it). Sort of like replying with "use the Windows firewall" when
    that's not the answer to the question. Or using a sig with the same quote
    again and again, assuming some stranger will relate to the
    generally-irrelevant verbiage. An analogiser might say I was just pissing
    into the wind, but that is not literally correct.

    nf
  48. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43314ec7@news.uni-ulm.de...
    > Jason Edwards <none1@invalid.invalid> wrote:
    > > I'd give it up if I were you. Unless you want to do it Steve Gibson
    style.
    > > Otherwise you won't get enough people following your message.
    >
    > Oh, no problem. I'm not thinking, that I will make the world spin the
    > other way around or something ;-)
    >
    > But of course, this does not keep me from saying what I'm thinking.

    I wouldn't want you to not say what you're thinking, but if we're going to
    prevent malware running on home users' PCs then it may take more than nntp
    and http are capable of.

    >
    >>
    > > One of my friends bought a new mouse a few fays ago because the mouse
    > > pointer on the screen kept freezing. I only found out after he
    discovered
    > > that the new mouse did exactly the same thing.
    >
    > Then the new mouse is b0rken, too. :-P

    Perhaps I should have told him that :)

    Here's a story about what happens when many people use the same PC, without
    any of them having a clue what's inside the box.
    http://www.theregister.co.uk/2005/09/21/airport_pc_security_lax/
    To me it seems a bit like expecting passengers to pilot an aircraft
    themselves.

    Jason

    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  49. Archived from groups: comp.security.firewalls (More info?)

    nutso fasst <no.replies@no.where> wrote:
    > "Volker Birk" <bumens@dingens.org> wrote in message
    > news:43319529@news.uni-ulm.de...
    > > Hm... yes, of course. What are you trying to tell me?
    > (Hmm, methinks any such attempt would be futile.)
    [and other offenses]

    People, who're offending others without arguments, lost the debate.

    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
Ask a new question

Read More

Firewalls Malware Networking