Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
"Anniebeth" wrote:
> I have a problem specifically because of the blocking of outbound
> communication. Norton classifies these attempts as high, medium or low risk,
> and recommends permitting or blocking accordingly. My problem is that I have
> no way of knowing if these attempts are legitimate and can only go on the
> firewall's recommendation. I may be blocking something which is okay or even
> beneficial to my system, such as updates, and I haven't a clue.
I have had this problem with Norton as well, not to mention Zone Alarm.
These programs don't do a great job of telling you exactly whey they classify
the risks the way they do. Moreover, their recommendations are probably
more conservative than you need, with the result that you sometimes end up
blocking perfectly legitimate programs. As for the really bad stuff that
does somehow get on your machine, I have read -- although I haven't
experienced it first hand -- that some of it is capable of getting past these
firewalls and "phoning home," so even then there is no guarantee that they
will do what they are supposed to do.
My view is that if the problem is rogue crudware getting on your machine and
then "phoning home," using a third party firewall is a bit like locking your
front door after the criminals have already infiltrated your house. The best
solution is not to let the crud get on your machine in the first place.
There are lots of ways to do this, the best of which is keeping antivirus
software and Windows XP fully up to date (including SP2) and educating
yourself on how to avoid crudware. The good news here is that virtually all
crudware gets on your machine because of bad choices you made to download it
(or open e-mail attachments, or click on suspect popups). So don't make
these bad choices! Learn how to avoid making bad choices. Other
preventative measures include a good antispyware program (which is hard to
find, I know, but the Microsoft Beta is the best one I've tried and I've
tried several). I would also recommend Ad-Aware SE, and others have
recommended Spybot (which I used to use until I discovered the MS beta).
>I have Norton virus protection with automatic update, and scan regularly for
> viruses anyway, and of course the firewall would block anything untoward trying
> to get into the computer. Theoretically I suppose this means that there is
> nothing on my system which is dangerous and therefore I should allow any
> outbound access - but I don't quite dare. The ones that turn up most
> frequently are all in WINDOWS/System 32 and the one that's been driving me
> crazy with repeated attempts is vmss.exe - anyone have any ideas?
Here is what I found with a quick Google search. Looks like you should
remove it, but read the link and decide for yourself.
http://www.liutilities.com/products/wintaskspro/processlibrary/vmss/
Incidentally, I suspect that if you had used Ad-Aware SE (free download at
www.lavasoft.de) and updated and ran it, it would have caught this one and
removed it. But here is a case where a third party firewall actually did
its job. If you don't feel confident in your ability to keep adware of
spyware off your machine, Norton is probably a better solution than the
Windows firewall, notwithstanding everything I said above.
Ken