Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Ken Gardner wrote:
>
>
> But if one did
> take place, I would do the equivalent of arresting the imposter or dealing
> with him myself -- with extreme prejudice -- by using antivirus, anti-adware,
> or anti-spyware software to remove the imposter.
>
>
All of which begs the question, somewhat. How do you detect the
presence of malware that your antivirus and anti-spyware applications
don't recognize as such? The experienced, advanced computer user may
well notice subtle odd behaviour and investigate, but what about the
average consumer? Most lack the technical knowledge, the inclination,
or even the desire to have that level of understanding. Unless some
goes egregiously awry, the average computer user simply won't be aware
that he's just sent his credit card info off to Eastern Europe. A 3rd
party firewall at least tells them that there's something wrong, even if
they don't quite know what to do about it.
>
> Obviously they can't, so part of dealing with the problem is (1) regularly
> updating anti-crudware software on a daily basis (if not even more frequent),
> (2) regularly scanning for such crudware (I scan for antivirus crud weekly
> and antispyware crud nightly), (3) learning when to recognize the signs of
> malware doing bad stuff, and (4) staying up to date on emerging security
> threats. I'm confident in my own ability to do all of these things. But...
>
>
I can't argue with any of that; it mirrors my own opinions and
practices. Most other people, however, are nowhere near as
conscientious about performing these hygienic chores.
>
>
> I agree to this extent. Any crudware, whether new or old, isn't going to
> install itself by magic on your machine without the active participation of
> the user. So the single best step anyone can take is to educate himself on
> how to avoid downloading and installing crudware in the first place. Now, if
> someone isn't going to take the trouble to do this, then I would agree that
> he better get a third party firewall that blocks outbound communications.
> But that's not me.
>
Yes, I think we're both in agreement on this. Unfortunately, the
overwhelming majority of computer users don't think the same way we do.
There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.
Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.
> In other words, third party firewalls aren't for everyone, but only for
> people who practice unsafe computing practices and therefore need the
> protection of a more agressive firewall...
While it certainly true that there's no "one size fits all" solution to
computer security, I have to disagree with your contention that only
people who practice unsafe computing need a firewall. Anyone is capable
of making a mistake; it only makes good sense to have a mechanism in
place that can detect that mistake. Do you disdain the use of seat
belts because you've never been involved in a traffic accident, and you
have an air-bag to protect you if necessary? (Shaky analogy, but I like
it.) Although, by my lights, anyone who connects a computer to the
Internet without first having a properly configured firewall in place
*is* using unsafe computing practices, so I guess we're actually in
agreement on this point, as well. (And I've just contradicted myself, in
a manner of speaking, haven't I?) We just haven't agreed upon the
definition of "unsafe computing."
> ... That's not everyone, or even most people.
>
>
Here, I must vehemently disagree. Having spent the past several years
supporting all levels of computer users in multiple environments, I've
observed that the vast majority of people don't know how to practice
safe hex, and really aren't particularly interested in learning.
>
> It comes down to how conservative and cautious you want to be. I am very
> conservative and cautious about downloading, opening, installing, or clicking
> on stuff I don't know or trust, and as a consequence I can afford to be a bit
> less conservative and cautious about my choice of firewall.
>
If everyone were as cautious as you, there'd very probably be no need
for this discussion to have taken place, or for the subject to ever
arise, for that matter.
> This hasn't always been my attitude. I also used to use third party
> firewalls as well, including both Norton and Zone Alarm. Invariably I would
> discover that some program that was supposed to update didn't update, or for
> some reason I would have trouble connecting to the Internet and the problem
> turned out to be that the firewall was blocking a perfectly legitimate
> program that it didn't recognize.
Having used both products, my experiences differed. I never found them
to cause problems of that sort, at all. Of course, my experiences are
obviously going to be different, so this is something of a moot point.
> Given how careful and cautious I already
> was in other areas, I didn't see the point of spending additional time
> messing with the firewall.
>
>
You're making an informed decision, after having weighed all of the
factors that apply in your case. Most people don't do that.
>
>
> The problems I always had with third party
> firewalls was that the software was not properly configured -- by the
> program, not by me. As a result, it would block many legitimate outbound
> communications, so I would constantly be reconfiguring the firewall.
How do you mean "the software was not properly configured -- by the
program?" We you expecting that the firewall's default settings would
be universally applicable and require no user intervention, no fine
tuning, as it were? If I'm understanding you correctly, that strikes me
as a rather naive outlook for someone who is as knowledgeable and
experienced as you seem. And were you really "constantly"
reconfiguring the firewall, or was it only after you'd made changes to
one or more of the applications? There's always a brief period during
which a new firewall must be "taught" about your computing habits and
your applications, but after that initial "burn-in" period, it really
shouldn't be necessary to constantly reconfigure the firewall.
> Also,
> these programs did a generally poor job in advising me whether I should allow
> or block a particular attempt to access the Internet. As a result, I would
> have to go on Google, or to Microsoft's support site, or these newsgroups, to
> get straight information that I could understand. To be sure, all of this
> was a minor hassle, but it was still a hassle and it was often
> time-consuming.
This is because the firewall is reacting to the potentially dangerous
behavior of an application, rather than checking a list to see if a
program is one of the pre-defined bad guys. The firewall doesn't "know"
that a program is a good guy until you tell it so. (And your definition
of an acceptable outbound connection may well vary from any one else's.)
The inconvenience of having to research the source of the firewall's
alarm is, to me, just one of the prices that must be paid to have a
secure computer. I look upon such an event as an educational opportunity.
In the end, computer security boils down to a decision to compromise
between convenience and security. One has to decide just how much
inconvenience is acceptable, as well as choosing a comfortable level of
risk. Nearly everyone who makes a conscious effort will, I think,
settle at a different level of compromise, which works best in his
individual situation.
> I would rather spend my time arguing
> with bright computer guys like you over Usenet.
>
Thank you for the kind words. I've enjoyed our exchange of ideas, as well.
--
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH