Archived from groups: alt.sys.pc-clone.dell,aus.computers,alt.comp.freeware (
More info?)
Thanks for your followup, Ted. As you say, if one can keep stuff
*out* to begin with that will solve most problems. I imagine that
once malware in "in" it becomes difficult for the system to determine
if a given instruction is coming from the malware or, legitimately,
from the user?
In article <4124fcd9$0$21737$61fed72c@news.rcn.com>,
Ted" <nothanks@invalid.invalid> wrote:
>
>"Phred" <ppnerkDELETETHIS@yahoo.com> wrote in message
> news:2ojptiFbfaqaU2@uni-berlin.de...
>> In article <41238a46$0$21756$61fed72c@news.rcn.com>,
>> "Ted" <nothanks@invalid.invalid> wrote:
>
>> >I don't know enough about all the different firewalls to reliably answer
>> >that question. I do know that local client/server fingerprinting has
>> >become more popular. It is usefull as a secondary level of defense,
>> >and hyping it is a good way to sell firewalls. Heck, I'm almost
>> >tempted to buy a couple. For purposes of developing demonstrations
>> >of how easy it is to bypass them ;-)
>>
>> You seem to be saying these things don't work anyway?
🙂
>
>What do you mean by "work"? If you are asking how effective are
>they at preventing unauthorized net access, that depends in large part
>on how hostile the local environment is. How knowledgeable and
>carefull are the machine's users? Has malware found its way onto
>the machine, and if so, how sophisticated is it?
>
>If the environment is "friendly"... if the firewall is used properly and
>all malware is caught *before* it has a chance to execute on the
>machine, they should work quite well. But in that kind of situation,
>the [advanced] fingerprinting techniques aren't really necessary.
>
>If the firewall isn't used properly and/or if malware *is* allowed to
>execute on the machine, it's a whole different ballgame. If the
>malware is relatively unsophisticated/nonaggressive, such firewalls
>should be effective and the fingerprinting technique may come in
>handy. If the malware is highly sophisticated/aggressive, it may
>utilize any number of techniques (some automatic/technical, some
>involving tricking the user) that can be used to slip data past even
>those firewalls that utilize advanced fingerprinting. In some cases
>the malware will be able to uninstall the firewall, in some cases
>disable it or punch a hole in it, in some cases the malware will be
>able to coerce a trusted/fingerprinted app into sending/receiving
>data for it, etc. FWIW, the same or similar techniques can be
>used to disable or otherwise bypass other anti-malware tools such
>as antivirus software. Which is why it is so critical to prevent
>malware from getting onto your box and/or executing in the first
>place.
>
>Does this mean that fingerprinting firewalls are useless or are not
>worth upgrading to? No, I'm not saying that. It doesn't hurt to
>have additional protection even when that additional protection
>may not work in all scenarios. People, not necessarily you, just
>need to understand that there are limitations to what fingerprinting
>firewalls and outgoing blocking can do. The biggest one being
>that they are geared toward protecting you from "harm" that is
>caused by something that should never be given an opportunity
>to begin with.
Cheers, Phred.
--
ppnerkDELETE@THISyahoo.com.INVALID
Facebook
Twitter
Instagram