Gigabyte or Abit or Asus

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"Luc The Perverse" <sll_NOSPAM_zm@remove.cc.usu.edu> wrote in message
news:424069bf$0$8960$3a2ecee9@news.csolutions.net...
> "Roger Hamlett" <rogerspamignored@ttelmah.demon.co.uk> wrote in
> message news:JCW%d.56$nc3.42@newsfe3-win.ntli.net...
>>
>> "Scott" <pawsandclawsremovethis@btconnect.com> wrote in message
>> news:d1p7v8$766$1@hercules.btinternet.com...
>> >
>> > "Nero" <nero@rome.it> wrote in message
>> > news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
>> >> What the kinhell you runnin two firewalls for?
>> >> Why run SP2 firewall AND Norton??
>> >> Think you will be better protected?
>> >> That's like wearin a belt and suspenders
>> >>
>> >
>> > I'm running two firewalls for extra protection. It's fine to
> run two
>> > firewalls, but not two virus scanners and one virus scanner
> will read
>> > the others virus definitions and possibly delete them.
>> > I like to be careful just incase someone cracks through one of
> them, at
>> > least I'm protected that little bit more.
>> >
>> > Do you not recommend this?
>> Personally, when it comes to virii, you need belt, braces,
> suspenders, and
>> super-glue!.
>> There are some viruses, that specifically have been targetted to
> penetrate
>> particular virus scanners. Multiple firewalls is less worthwhile,
> since in
>> general how effective this is is entirely 'down' to how well the
> package
>> is set up. However the XP firewall, is pretty basic, and adding a
> version
>> that offers better configuration, is often a good idea.
>> Virus scanners should be perfectly capable of working without
> interfering
>> with one another. This is down to placing the definition files in
> seperate
>> directories. It is pointless to run two, if they are based on the
> same
>> type of detection algorithm, however systems are available that
>> deliberately 'cascade' multiple testers using different search
>> algorithmns. I use an external commercial scanner on the server,
> and then
>> a seperate system on the PC for exactly this reason.
>
>
> Have you EVER run two virus scanners simultaniously? The speed hit
> is unbelievable. And they are not going to protect you against
> brand new virii that nobody has definitions for.
Actually, some will. These are the so called 'heuristic' scanners, that
can look for resemblances to previous virii, or simply for the same file
arriving at multiple sites on a business network, and flagging it as
suspicious until proven otherwise. These were the bases of the systems
that did stop Melissa the first time round.
The speed hit is down to the power of the machines, and the natures of the
algorithms chosen.

> Now if there were some kind of arrangement where your
> router/gateway could run a virus scanner, and your computer could
> run one, that is something completely different.
>
> There's nothing wrong with two firewalls, except that if something
> isn't working you have to dick with two of them to fix it.
Currently, I am running three virus scanners in the router, and two in the
individual machines, and performance is such that an email arrives less
than 1/10th second after it first reaches the router.

Best Wishes

 

[Scott]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"Ed Light" <nobody@nobody.there> wrote in message
news:7830e.60658$xt.2270@fed1read07...
> Maybe you could put each antivirus in the other's exclude list, if it
> includes folders.
>
Good point

Scott

 

[Tim]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

<snip>

It is common to run not just one, but sometimes 3 different AV scanners on
email servers. The reasoning is simple: when a new virus comes out, an
updated virus def will come from the vendors in some random sequence. If you
have say 3 AV's then you stand to reduce the interval between new virus
def's being available. These AV scanners are special variants (similar to
the desktop engines) as they Plug into the MTA chain somewhere.

I would not run more than one AV at a time on a desktop PC - for performance
and stability reasons. AV vendors seem to have enough issues keeping their
products working without complicating things by having more than 1 AV engine
active.

Having more than 1 firewall is sensible so long as they are configured
sensibly. In a corporate environment, there should be fw's at all perimeter
internet connection points and leased link / interbranch connections,
between all departments, and if you are brave within departments to control
what Valid traffic is.

On a SOHO / Home config, a h/w firewall combined with a s/w firewall on the
PC is sensible as it provides double layer protection. It is not unheard of
for vulnerabilities to be found in h/w firewalls or similar problems in s/w
firewalls, or exploits in the OS or web browser.

If you have say the XP SP2 firewall on combined with a hardware f/w, then
that is a good config. If you do not have a hardware f/w either get one, or
use a more advanced, reputable s/w firewall that can block outgoing traffic
as well as incoming.

I would not bother having 2 s/w firewalls on a PC - there is no quarantee
that they will work together correctly and what is the benefit if the OS
itself gets compromised?

For chips such as the Nvidia with the integrated h/w firewall (which I hear
is a little buggy at the moment), this should be configured in the same
manner as an external h/w firewall if the PC is the sole PC, otherwise more
ports will need opening up if there is a LAN.

It is far better to have 1 f/w that is configured correctly than 'n' that
are configured wrong.
It is far better to have 1 AV that is kept up to date and does what it is
supposed to than 'n' that do not.

Keep it simple, and make sure it is working.

- Tim

 

[jk]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Tue, 22 Mar 2005 21:42:47 +0000, Sandi Luney
<sandi@happylobster.co.uk> wrote:

>Just as a point of reference for you, I've had 3 ASUS boards (all AMD)
>and they've been grand. Twice I went for ABIT boards and both times they
>were faulty and had to go back in replacement for said ASUS boards.
>

To my opinion asus boards are often over-engineered. Further it's
annoying with all their bios updates. Further, when a new bios update
comes, don't flash it on immidiately but read first on the net about
people who RMA'ed because of faulty bios update, - so one have better
to wait a week or so. I have had a7v and a7v133, both quite
problematic.

Further asus graphics cards are often not fully compatible with
nvidia. So you cannot use standard nvidia drivers.

I have had many very nice abit boards (3-4). Not seen them fail yet,
although some older slot1 boards are known for bad caps.
They were first with nice, tweakable bios.

Yes, msi has a bad reputation for production stability. But I believe
they have improved. After all their nforce3 and nforce4 boards have a
very strong reputation, - not the least among overclockers.
Recently I have seen 2 perfect msi s939 board and no problems with
them.

Many bad stories about DFI, but also good ones.

best regards

John

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:

> "Nero" <nero@rome.it> wrote in message
> news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
>
>>What the kinhell you runnin two firewalls for?
>>Why run SP2 firewall AND Norton??
>>Think you will be better protected?
>>That's like wearin a belt and suspenders
>
>
> If one catches something the other doesn't one time, and the other catches
> something the one doesn't another time, it was worth it.
>
> Although I let ZoneAlarm tell me to abandon the win xp firewall, last year I
> found one thing that the win firewall caught that ZA didn't. I think ZA
> caught up, though.
>
>

Well, now, that's an interesting 'observation'. What do you mean by
"caught?" That you got a popup *telling* you something was being blocked or
that it let data through on a closed port? And, if you mean it let data
through on a closed port, how did you determine that?

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"David Maynard" <nospam@private.net> wrote in message
news:1143gheckem802f@corp.supernews.com...
> Ed Light wrote:
>
>> "Nero" <nero@rome.it> wrote in message
>> news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
>>
>>>What the kinhell you runnin two firewalls for?
>>>Why run SP2 firewall AND Norton??
>>>Think you will be better protected?
>>>That's like wearin a belt and suspenders
>>
>>
>> If one catches something the other doesn't one time, and the other
>> catches something the one doesn't another time, it was worth it.
>>
>> Although I let ZoneAlarm tell me to abandon the win xp firewall, last
>> year I found one thing that the win firewall caught that ZA didn't. I
>> think ZA caught up, though.
>>
>>
>
> Well, now, that's an interesting 'observation'. What do you mean by
> "caught?" That you got a popup *telling* you something was being blocked
> or that it let data through on a closed port? And, if you mean it let data
> through on a closed port, how did you determine that?
>
Using online tests that check on ports.


--
Ed Light

Smiley :-/
MS Smiley :-\

Send spam to the FTC at
uce@ftc.gov
Thanks, robots.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

The AMD 3500+ is a nice processor. I'd recommend buying the 90nm
Winchester version. I currently have it overclocked to 2.5GHz -- and
it's at 35c. I'm sure using Arctic Silver's ceramic thermal compound
has helped.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:

> "David Maynard" <nospam@private.net> wrote in message
> news:1143gheckem802f@corp.supernews.com...
>
>>Ed Light wrote:
>>
>>
>>>"Nero" <nero@rome.it> wrote in message
>>>news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
>>>
>>>
>>>>What the kinhell you runnin two firewalls for?
>>>>Why run SP2 firewall AND Norton??
>>>>Think you will be better protected?
>>>>That's like wearin a belt and suspenders
>>>
>>>
>>>If one catches something the other doesn't one time, and the other
>>>catches something the one doesn't another time, it was worth it.
>>>
>>>Although I let ZoneAlarm tell me to abandon the win xp firewall, last
>>>year I found one thing that the win firewall caught that ZA didn't. I
>>>think ZA caught up, though.
>>>
>>>
>>
>>Well, now, that's an interesting 'observation'. What do you mean by
>>"caught?" That you got a popup *telling* you something was being blocked
>>or that it let data through on a closed port? And, if you mean it let data
>>through on a closed port, how did you determine that?
>>
>
> Using online tests that check on ports.
>
>

What port did zone alarm let through that it wasn't supposed to?

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

On Mon, 21 Mar 2005 07:56:24 -0500, Colonel Blip wrote
(in article <423ec54a$1_2@127.0.0.1>):

> Subject: Gigabyte or Abit or Asus
> From: "Colonel Blip" <colonel.blip@removethespambigfoot.com>
> Date: Monday 7:56 AM
> Newsgroups: alt.comp.hardware.overclocking.amd,
> alt.comp.hardware.pc-homebuilt, alt.comp.periphs.mainboard.asus
>
> Hello, All!
>
> I'm interested in getting a 939 socket m/b and an Athlon64 3000+. I've
> always been an Asus m/b person, but thought I would at least test the waters
> on views of the Asus vs. other m/b's. Any views on 'best' of these three
> manufactures for socket 939?
>
> Thanks.
>
> Colonel Blip.
> E-mail: colonel.blip@removethespambigfoot.com

By far I've had the best luck with Gigabyte.

I've had bad results from ASUS. (Many problems.) I've never tried ABIT.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"David Maynard" <nospam@private.net> wrote
> What port did zone alarm let through that it wasn't supposed to?
I can't remember. It was some sort of Windows related port.

I'll be gone from newsgroups until mid-April.


--
Ed Light

Smiley :-/
MS Smiley :-\

Send spam to the FTC at
uce@ftc.gov
Thanks, robots.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:

> "David Maynard" <nospam@private.net> wrote
>
>>What port did zone alarm let through that it wasn't supposed to?
>
> I can't remember. It was some sort of Windows related port.

What I'm trying to figure out is if it really 'leaked' a port or if it's
simply that one was properly enabled and you just didn't realize it.

>
> I'll be gone from newsgroups until mid-April.
>

ok

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"David Maynard" <nospam@private.net> wrote
> What I'm trying to figure out is if it really 'leaked' a port or if it's
> simply that one was properly enabled and you just didn't realize it.

The online test said the port was visible, or something.

It was shields up or something like that.


--
Ed Light

Smiley :-/
MS Smiley :-\

Send spam to the FTC at
uce@ftc.gov
Thanks, robots.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:

> "David Maynard" <nospam@private.net> wrote
>
>>What I'm trying to figure out is if it really 'leaked' a port or if it's
>>simply that one was properly enabled and you just didn't realize it.
>
>
> The online test said the port was visible, or something.
>
> It was shields up or something like that.
>
>

Ok. Doesn't sound like we're going to get much farther on that one.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"David Maynard" <nospam@private.net> wrote in message
news:1146rvibrhghgea@corp.supernews.com...
> Ed Light wrote:
>
>> "David Maynard" <nospam@private.net> wrote
>>
>>>What I'm trying to figure out is if it really 'leaked' a port or if it's
>>>simply that one was properly enabled and you just didn't realize it.
>>
>>
>> The online test said the port was visible, or something.
>>
>> It was shields up or something like that.
>>
>>
>
> Ok. Doesn't sound like we're going to get much farther on that one.


Here's Shields Up.
http://grc.com/

After searching a bit I found a note to myself that universal plug and play
opens up a port to the internet despite ZoneAlarm. Note dated 12-25-02. It
says to uninstall it.

http://grc.com/default.htm and scroll down to universal plug and pray.

I'll really be gone now, unless I come in for another session tonight, for a
couple of weeks.

--
Ed Light

Smiley :-/
MS Smiley :-\

Send spam to the FTC at
uce@ftc.gov
Thanks, robots.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

"Ed Light" <nobody@nobody.there> wrote in message
news:g0L0e.599$k57.302@fed1read07...
>
> "David Maynard" <nospam@private.net> wrote in message
> news:1146rvibrhghgea@corp.supernews.com...
>> Ed Light wrote:
>>
>>> "David Maynard" <nospam@private.net> wrote
>>>
>>>>What I'm trying to figure out is if it really 'leaked' a port or if it's
>>>>simply that one was properly enabled and you just didn't realize it.
>>>
>>>
>>> The online test said the port was visible, or something.
>>>
>>> It was shields up or something like that.
>>>
>>>
>>
>> Ok. Doesn't sound like we're going to get much farther on that one.
>
>
> Here's Shields Up.
> http://grc.com/
>
> After searching a bit I found a note to myself that universal plug and
> play opens up a port to the internet despite ZoneAlarm. Note dated
> 12-25-02. It says to uninstall it.
>
> http://grc.com/default.htm and scroll down to universal plug and pray.
>
> I'll really be gone now, unless I come in for another session tonight, for
> a couple of weeks.

Happy to say, Shield Up shows ports 5000 and 1900 upnp stealthed with only
ZoneAlarm with Antivirus.

Glad I revisited it.

And this is with the little utility they provide saying that upnp is on.

But I guess I'll turn it off.


--
Ed Light

Smiley :-/
MS Smiley :-\

Send spam to the FTC at
uce@ftc.gov
Thanks, robots.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

3200+ wrote:
> "Colonel Blip" <colonel.blip@removethespambigfoot.com> wrote in message
> news:423ec54a$1_2@127.0.0.1...
>
>>Hello, All!
>>
>>I'm interested in getting a 939 socket m/b and an Athlon64 3000+. I've
>>always been an Asus m/b person, but thought I would at least test the
>
> waters
>
>>on views of the Asus vs. other m/b's. Any views on 'best' of these three
>>manufactures for socket 939?
>>
>>Thanks.
>>
>>Colonel Blip.
>>E-mail: colonel.blip@removethespambigfoot.com
>>
>>
>>
>>----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet
>
> News==----
>
>>http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+
>
> Newsgroups
>
>>----= East and West-Coast Server Farms - Total Privacy via Encryption
>
> =----
>
> I would never ever use anything by Gigabyte again. IMHO their products are
> of inferior design and their technical support is so poor that it is hard to
> believe they get away with it.
>
> Jon
>
>

Whereas I'm a loyal gigabyte customer. All of my computers run their
boards. The only problem I had was one that failed outside of the one
year warranty offered by all computer shops here in Australia. So, the
distributor stepped in when I asked them and sent the board back for me
and gigabyte replaced it with a new board (a better model). I don't like
their northbridge fans, but that could be said for any manufacturer that
uses that set up.

Cheers,

Ari


--
spammage trappage: replace fishies_ with yahoo

I'm going to die rather sooner than I'd like. I tried to protect my
neighbours from crime, and became the victim of it. Complications in
hospital following this resulted in a serious illness. I now need a bone
marrow transplant. Many people around the world are waiting for a marrow
transplant, too. Please volunteer to be a marrow donor:
http://www.abmdr.org.au/
http://www.marrow.org/

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:
> "David Maynard" <nospam@private.net> wrote in message
> news:1143gheckem802f@corp.supernews.com...
>
>>Ed Light wrote:
>>
>>
>>>"Nero" <nero@rome.it> wrote in message
>>>news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
>>>
>>>
>>>>What the kinhell you runnin two firewalls for?
>>>>Why run SP2 firewall AND Norton??
>>>>Think you will be better protected?
>>>>That's like wearin a belt and suspenders
>>>
>>>
>>>If one catches something the other doesn't one time, and the other
>>>catches something the one doesn't another time, it was worth it.
>>>
>>>Although I let ZoneAlarm tell me to abandon the win xp firewall, last
>>>year I found one thing that the win firewall caught that ZA didn't. I
>>>think ZA caught up, though.
>>>
>>>
>>
>>Well, now, that's an interesting 'observation'. What do you mean by
>>"caught?" That you got a popup *telling* you something was being blocked
>>or that it let data through on a closed port? And, if you mean it let data
>>through on a closed port, how did you determine that?
>>
>
> Using online tests that check on ports.
>
>

LOL

--
spammage trappage: replace fishies_ with yahoo

I'm going to die rather sooner than I'd like. I tried to protect my
neighbours from crime, and became the victim of it. Complications in
hospital following this resulted in a serious illness. I now need a bone
marrow transplant. Many people around the world are waiting for a marrow
transplant, too. Please volunteer to be a marrow donor:
http://www.abmdr.org.au/
http://www.marrow.org/

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Roy wrote:
> Getting back to the question at hand, it is necessary that you decide what
> your upgrades are going to be. If you are looking at the Nvidia Chipset with
> a 939 pin CPU them the highest rated motherboards on the market are the MSI
> and DFI brands. If you intend on staying with the Via Chipset then both the
> Asus and Abit motherboards are rated very high, and will still be able to
> use AGP video cards.
>
> Be careful, because in the 939 pin selection of motherboards there are the
> new SLI boards which will require an upgrade to the new PCI-Express Video
> Cards which are not cheap.

And the performance for the SLI boards is not really any better (often
worse) than regular boards that cost 50% less.

Ari

--
spammage trappage: replace fishies_ with yahoo

I'm going to die rather sooner than I'd like. I tried to protect my
neighbours from crime, and became the victim of it. Complications in
hospital following this resulted in a serious illness. I now need a bone
marrow transplant. Many people around the world are waiting for a marrow
transplant, too. Please volunteer to be a marrow donor:
http://www.abmdr.org.au/
http://www.marrow.org/

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:
> "David Maynard" <nospam@private.net> wrote in message
> news:1146rvibrhghgea@corp.supernews.com...
>
>>Ed Light wrote:
>>
>>
>>>"David Maynard" <nospam@private.net> wrote
>>>
>>>
>>>>What I'm trying to figure out is if it really 'leaked' a port or if it's
>>>>simply that one was properly enabled and you just didn't realize it.
>>>
>>>
>>>The online test said the port was visible, or something.
>>>
>>>It was shields up or something like that.
>>>
>>>
>>
>>Ok. Doesn't sound like we're going to get much farther on that one.
>
>
>
> Here's Shields Up.
> http://grc.com/
>
> After searching a bit I found a note to myself that universal plug and play
> opens up a port to the internet despite ZoneAlarm. Note dated 12-25-02. It
> says to uninstall it.
>
> http://grc.com/default.htm and scroll down to universal plug and pray.
>
> I'll really be gone now, unless I come in for another session tonight, for a
> couple of weeks.
>

Ah, yes, uPnP. Well, that makes sense.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

Ed Light wrote:

> "Ed Light" <nobody@nobody.there> wrote in message
> news:g0L0e.599$k57.302@fed1read07...
>
>>"David Maynard" <nospam@private.net> wrote in message
>>news:1146rvibrhghgea@corp.supernews.com...
>>
>>>Ed Light wrote:
>>>
>>>
>>>>"David Maynard" <nospam@private.net> wrote
>>>>
>>>>
>>>>>What I'm trying to figure out is if it really 'leaked' a port or if it's
>>>>>simply that one was properly enabled and you just didn't realize it.
>>>>
>>>>
>>>>The online test said the port was visible, or something.
>>>>
>>>>It was shields up or something like that.
>>>>
>>>>
>>>
>>>Ok. Doesn't sound like we're going to get much farther on that one.
>>
>>
>>Here's Shields Up.
>>http://grc.com/
>>
>>After searching a bit I found a note to myself that universal plug and
>>play opens up a port to the internet despite ZoneAlarm. Note dated
>>12-25-02. It says to uninstall it.
>>
>>http://grc.com/default.htm and scroll down to universal plug and pray.
>>
>>I'll really be gone now, unless I come in for another session tonight, for
>>a couple of weeks.
>
>
> Happy to say, Shield Up shows ports 5000 and 1900 upnp stealthed with only
> ZoneAlarm with Antivirus.
>
> Glad I revisited it.
>
> And this is with the little utility they provide saying that upnp is on.
>
> But I guess I'll turn it off.
>
>

Yes, I don't use any uPnP devices so I have it disabled on all my machines
but if one were using it that would be an example for the usefulness of two
firewalls, one on the primary internet connection, I.E. the router, to
block all "for local use only" ports off the internet and then one on the
local machine to protect yourself from a behind the firewall attack, like
some yahoo inadvertently installing a virus on his machine that is,
therefor, on the interior local LAN.

 

[Guest]

Archived from groups: alt.comp.hardware.overclocking.amd,alt.comp.hardware.pc-homebuilt,alt.comp.periphs.mainboard.asus (More info?)

[f'ups set to <alt.comp.periphs.mainboard.asus>, exclusively]

On Tue, 22 Mar 2005 13:52:40 +0000 (UTC), in
<alt.comp.periphs.mainboard.asus>, "Scott"
<pawsandclawsremovethis@btconnect.com> wrote:
>
[snip]
>
> "Nero" <nero@rome.it> wrote in message
> news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
> > What the kinhell you runnin two firewalls for?
> > Why run SP2 firewall AND Norton??
> > Think you will be better protected?
> > That's like wearin a belt and suspenders
> >
>
> I'm running two firewalls for extra protection.
[snip]

You're kidding yourself.

First, these so-called "software firewalls" are ALL inherently flawed, by
simple virtue of the fact that they are running on the same system they
attempt to protect -- that is a functional oxymoron. A truism:

You can't block a port with software that runs on the same machine where
the attacks are aimed. That's like trying to stop bullets by shoving
Kevlar up your backside. By the time the bullet hits the Kevlar, the
damage has been done.
-- Morely 'Spam is theft' Dotes in NANAE, 13-AUG-2003

But beyond that, running TWO of them is just plain silly. If either
pseudo-firewall is intelligently designed and properly configured, then it
will by itself provide ALL the "protection" that any such pseudo-firewall is
capable of. And if it is *not* intelligently designed and properly
configured, then adding yet another grossly broken "firewall" isn't going to
buy you anything (except headaches, of course).

> I like to be careful just incase someone cracks through one of them, at
> least I'm protected that little bit more.
>
[snip]

No, you're not.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

Jay T. Blocksom wrote:
> [f'ups set to <alt.comp.periphs.mainboard.asus>, exclusively]
>
> On Tue, 22 Mar 2005 13:52:40 +0000 (UTC), in
> <alt.comp.periphs.mainboard.asus>, "Scott"
> <pawsandclawsremovethis@btconnect.com> wrote:
> >
> [snip]
> >
> > "Nero" <nero@rome.it> wrote in message
> > news:4240181a$0$8744$db0fefd9@news.zen.co.uk...
> > > What the kinhell you runnin two firewalls for?
> > > Why run SP2 firewall AND Norton??
> > > Think you will be better protected?
> > > That's like wearin a belt and suspenders
> > >
> >
> > I'm running two firewalls for extra protection.
> [snip]
>
> You're kidding yourself.

Agreed. Never run 2 firewalls on one machine.

> First, these so-called "software firewalls" are ALL inherently flawed, by
> simple virtue of the fact that they are running on the same system they
> attempt to protect -- that is a functional oxymoron. A truism:
>
> You can't block a port with software that runs on the same machine where
> the attacks are aimed. That's like trying to stop bullets by shoving
> Kevlar up your backside. By the time the bullet hits the Kevlar, the
> damage has been done.
> -- Morely 'Spam is theft' Dotes in NANAE, 13-AUG-2003

I disagree. A software firewall is useful to block ports and hide
servers (services) on your machine from the outside world. If these
servers have a security flaw, then they could be exploited from outside,
and the software firewall will be able to protect you. It's also good
for blocking access to the internet from rogue software on your machine.

They can also hide you from people who port scan (poorly, but quickly),
by turning off ping etc. (Not that I think turning off ping is an
effective security measure).

Of course, they can't defend your machine from a DoS style attack, but
then a hardware firewall isn't going to help much more for the home user.

Ben
--
A7N8X FAQ: www.ben.pope.name/a7n8x_faq.html
Questions by email will likely be ignored, please use the newsgroups.
I'm not just a number. To many, I'm known as a String...

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Sun, 27 Mar 2005 12:07:53 +0100, in <alt.comp.periphs.mainboard.asus>, Ben
Pope <benpope81@_REMOVE_gmail.com> wrote:
>
> Jay T. Blocksom wrote:
[snip]

> > First, these so-called "software firewalls" are ALL inherently flawed, by
> > simple virtue of the fact that they are running on the same system they
> > attempt to protect -- that is a functional oxymoron. A truism:
> >
> > You can't block a port with software that runs on the same machine
> > where the attacks are aimed. That's like trying to stop bullets by
> > shoving Kevlar up your backside. By the time the bullet hits the
> > Kevlar, the damage has been done.
> > -- Morely 'Spam is theft' Dotes in NANAE, 13-AUG-2003
>
> I disagree. A software firewall is useful to block ports and hide
> servers (services) on your machine from the outside world.
[snip]

No, it can't, for precisely the reasons already cited.

If your system is poorly configured and/or you do not exercise good control
over what software is permitted to be installed/run/etc., then it *might* be
useful as sort of a "nagging nanny" to ride herd on the (clearly incompetent)
user. But if the user is dumb enough to need that, why presume that he/she is
smart enough to benefit from it? And besides, this is also the epitome of the
"treat the symptom" approach, as opposed to excising the disease.

> If these
> servers have a security flaw, then they could be exploited from outside,
> and the software firewall will be able to protect you.
[snip]

Wrong. For any "firewall" to be effective, it MUST stand *between* the threat
and the system being protected. So-called "software firewalls"
_by_definition_ expose at least part (usually, a large part) of the
"protected" system to the world.

> It's also good
> for blocking access to the internet from rogue software on your machine.
>
[snip]

See above cf. "nagging nanny".

> Of course, they can't defend your machine from a DoS style attack, but
> then a hardware firewall isn't going to help much more for the home user.
>
[snip]

You haven't seen my firewall's syslog output, have you?

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

Jay T. Blocksom wrote:
> On Sun, 27 Mar 2005 12:07:53 +0100, in <alt.comp.periphs.mainboard.asus>, Ben
> Pope <benpope81@_REMOVE_gmail.com> wrote:
> >
> > I disagree. A software firewall is useful to block ports and hide
> > servers (services) on your machine from the outside world.
> [snip]
>
> No, it can't, for precisely the reasons already cited.
>
> If your system is poorly configured and/or you do not exercise good control
> over what software is permitted to be installed/run/etc., then it *might* be
> useful as sort of a "nagging nanny" to ride herd on the (clearly incompetent)
> user. But if the user is dumb enough to need that, why presume that he/she is
> smart enough to benefit from it? And besides, this is also the epitome of the
> "treat the symptom" approach, as opposed to excising the disease.

You misunderstand what I wrote. To rephrase:

A software firewall can prevent the outside world from seeing the
services running on your machine.

> > If these
> > servers have a security flaw, then they could be exploited from outside,
> > and the software firewall will be able to protect you.
> [snip]
>
> Wrong. For any "firewall" to be effective, it MUST stand *between* the threat
> and the system being protected. So-called "software firewalls"
> _by_definition_ expose at least part (usually, a large part) of the
> "protected" system to the world.

Such as? Obviously there eis some contact with the outside world... but
you HAVE to do that in order to effectively do many of the things a user
wants to do. Unless you are saying that a forwarded port from a
hardware router offers more protection somehow...

I want to run a webserver, 2 in fact. So I need ports 80 and 82 to be
accessable to the outside world. If I sit behind a software firewall,
that only allows packets through on those two ports, then what is the
difference between that and forwarding those two ports from a hardware
router? My machine is exposed to the world, on those 2 ports... any
software vulnarabilty in my firewall (be it hardware or software
firewall) could pose a threat. As could any vulnerabilty in Apache or
Jetty.

> > It's also good
> > for blocking access to the internet from rogue software on your machine.
> >
> [snip]
>
> See above cf. "nagging nanny".

Indeed. But spyware etc. gets on the machine from time to time and
having my firewall ask me if I want the new process to access the
internet is pretty useful in determining that it exists, or that the
software I thought I was installing might be a bit dubious.

> > Of course, they can't defend your machine from a DoS style attack, but
> > then a hardware firewall isn't going to help much more for the home user.
> >
> [snip]
>
> You haven't seen my firewall's syslog output, have you?

No, and you haven't told me why I would want to. Assuming that your
hardware firewall protects you from a DoS attack, how is that useful for
the average user who just wants to browse the internet? The connection
is down either way.

Ben
--
A7N8X FAQ: www.ben.pope.name/a7n8x_faq.html
Questions by email will likely be ignored, please use the newsgroups.
I'm not just a number. To many, I'm known as a String...

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Tue, 29 Mar 2005 22:59:27 +0100, in <alt.comp.periphs.mainboard.asus>, Ben
Pope <benpope81@_REMOVE_gmail.com> wrote:
>
> Jay T. Blocksom wrote:
[snip]
> >
> > If your system is poorly configured and/or you do not exercise good
> > control over what software is permitted to be installed/run/etc., then it
> > *might* be useful as sort of a "nagging nanny" to ride herd on the
> > (clearly incompetent) user. But if the user is dumb enough to need that,
> > why presume that he/she is smart enough to benefit from it? And besides,
> > this is also the epitome of the "treat the symptom" approach, as opposed
> > to excising the disease.
>
> You misunderstand what I wrote. To rephrase:
>
> A software firewall can prevent the outside world from seeing the
> services running on your machine.
>
[snip]

Not in the scenario you later described. Read on...

> > > If these
> > > servers have a security flaw, then they could be exploited from
> > > outside, and the software firewall will be able to protect you.
> > [snip]
> >
> > Wrong. For any "firewall" to be effective, it MUST stand *between* the
> > threat and the system being protected. So-called "software firewalls"
> > _by_definition_ expose at least part (usually, a large part) of the
> > "protected" system to the world.
>
> Such as?
[snip]

The so-called "software firewall" program itself, for starters -- and
therefore, all of the user space available to that program (which, in the case
of many if not most WinBoxen, is the whole machine).

So, in addition to the vulnerabilities inherent in that "software firewall"
(cf.: <http://cert.uni-stuttgart.de/archive/bugtraq/2003/08/msg00056.html>,
<http://groups.google.co.uk/groups?selm=8d76ec03.0312071745.29f02d01@posting.google.com>,
<http://groups.google.co.uk/groups?selm=xp8Ab.31103%249O5.22721@fed1read06>,
<http://groups.google.co.uk/groups?selm=Jumsb.3342%24Tc2.25745@newsfep4-glfd.server.ntli.net>,
<http://groups.google.co.uk/groups?selm=630e418f.0312061738.716afa6d@posting.google.com>,
<http://www.kb.cert.org/vuls/id/634414>,
<http://www.kb.cert.org/vuls/id/682110>,
<http://www.kb.cert.org/vuls/id/637318>,
<http://samspade.org/d/persfire.html>, <http://samspade.org/d/firewalls.html>,
etc.), you basically expose ALL of Windows, with its chronic legion of slowly-
or never-patched vulnerabilities (cf.
<http://secunia.com/advisories/14512/print/>,
<http://secunia.com/advisories/12670/print/>,
<http://secunia.com/advisories/11482/print/>,
<http://www.techweb.com/article/printableArticle.jhtml;jsessionid=Q2AODUYJJKUOIQSNDBGCKH0CJUMEKJVN?articleID=59200229&site_section=700028>,
<http://www.internetweek.com/shared/printableArticle.jhtml?articleID=19205530>,
<http://secunia.com/advisories/10589/print/>,
<http://www.elixir.com.au/news/default.cfm?nav_id=2&id=40>, etc.) DIRECTLY to
the 'net.

Hence, this is pretty much the definition of "defeating the purpose".

Or, if it will make it any clearer to you, look at it from the other way
around: With any so-called "software firewall", you are in effect running
your general-purpose OS (typically Windows -- eeek!) *and* all of your
application programs *on* your firewall machine, which is directly
antithetical to proper security procedures: Rule #1 is to NEVER enable any
unnecessary processes or services, *especially* on a device which faces the
outside world.

> Obviously there eis some contact with the outside world... but
> you HAVE to do that in order to effectively do many of the things a user
> wants to do.
[snip]

Not true, at least not as stated. Your web-server scenario below is an
atypical exception; but even that need not engender the degree of exposure you
presume.

> Unless you are saying that a forwarded port from a
> hardware router offers more protection somehow...
>
[snip]

Of course -- at least presuming that "hardware router" is properly configured.
I'm not saying that it necessarily provides complete isolation (again, see
your "web server" scenario below); but it's definitely both another step
further removed from "the wild" *and* offers an opportunity to be selective
(think SPI) about what gets forwarded back and forth.

> I want to run a webserver, 2 in fact. So I need ports 80 and 82 to be
> accessable to the outside world.
[snip]

Which is not the case for the typical user, who does NOT need to run public
servers. But even assuming that scenario, those public servers should be on a
separate interface (sometimes called a "DMZ" or "Orange interface"), where
they are both isolated from your "protected" network (sometimes called the
"Green interface"), and where ONLY the traffic necessary for that service is
permitted through.

> If I sit behind a software firewall,
[snip]

But that's just it: You're NOT "behind" that so-called firewall; you're on
it, in it, in front of it, and all around it -- all at the same time.

> that only allows packets through on those two ports, then what is the
> difference between that and forwarding those two ports from a hardware
> router?
[snip]

You're assuming a perfect world.

The problem is not (so much) what happens when everything works as intended.
The larger problem is what happens when UNintended things happen. And in the
"software firewall" model, virtually any breach is by definition a
catastrophic disaster, simply because so much "other stuff" instantly becomes
available to the attacker.

> My machine is exposed to the world, on those 2 ports...
[snip]

Your machine is exposed to the world, period. The limitation to "on those 2
ports" is only valid in a very limited context.

> any
> software vulnarabilty in my firewall (be it hardware or software
> firewall) could pose a threat. As could any vulnerabilty in Apache or
> Jetty.
>
[snip]

That is correct. There is no such thing as a perfectly secure computer
system.

But the bigger problem is that, in the "software firewall" model, any
vulnerability in ANY software running on that box can (and will) *also* pose a
threat to the integrity of the firewall itself. In short, the whole thing is
a house of cards.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.