Archived from groups: comp.security.firewalls (
More info?)
DanR wrote:
> Volker Birk wrote:
> > DanR <dhr22@sorrynospm.com> wrote:
> >> Your views are
> >> not widespread.
> >
> > Please offer arguements, why I should be wrong.
> >
> > Yours,
> > VB.
>
> Once you reply to a post you hijack the post.
many people can respond to you. especially if they do not agree with
one person's response. Dont' blame somebody for responding.
>There is not one reply that has
> anything to do with the original post. You say the same thing over and over and
> over. I for one like to have some idea of what software on my computer accesses
> the Internet. Can you offer examples of typical computer software that common
> folks have on their computer that is written to bypass or fool the software
> firewall when that software attempts to access the Internet. I like to have the
> option to block programs like Adobe Acrobat that constantly want to check for
> updates.
If you rely on a firewall blocking outgoing connections to ultimately
save you from spyware, then it'd be wrong.
Whether you do or do not use a firewall to block outgoing . I am not
taking any side on that debate.
I suggest some software to monitor (though not block) connections at
any given time.
netstat <-- built into windows, is not that good since it doesn't
display processes.
'Active Ports' is very good.
I can think of oter ideas. netstat live. a 'packet' sniffer.
Looking from VB's perspective,
you really should know that spyware is communicating, and shouldn't
need a firewall to tell you
you shouldn't rely on a firewall as the last 'reliance'. This is a huge
danger.
Blocking outgoing connections is a bit like locking yourself in your
own house. Making yourself a prisoner in your own home, when really
with a little care, spyware shouldn't communicate, and if it does, you
should notice and catch it early. spyware is just advertising really.
It's usually obvious when it's there anyway. Even users notice "my
internet is going slow".
And he knows how easy it is to get past. Just like he knew that to get
past stealth required a simple switch on nmap! In that instance, you
know how easy it is, you say 'big deal' and you block him off at a
'higher level'.
You can allow ICMP(as TCP/IP specifies), and you can allow Outgoing
connections. You can allow these without putting your computer at
risk.
You dont need to put banana skins on your driveway(then avoiding them
each time you walk out the house). Secure your home instead.
You should take into account when a poster does know his RFCs,
Also, is it such a big deal if some spyware runs on your computer for
10 minutes before you notice it? To have got into that situation you
have to be quite careless.
I even use internet explorer and I don't get into that situation!!
(though I recommend anybody else does).
To me, and I do not have much knowledge, reading VB's argument, it
isn't a bullet proof argument. Since what to VB is a banana skin, may
not be a banana skin to the average spyware. It may be a poisoned dart.
So, you're right to ask what spyware does so.
It would be careless tohave spyware running on your comp for any length
of time and not know. And if you're smart enough to configure a
firewall to block outgoing connections. You shuld be smart enough to
watch your windows computer with the right sofware (Active Ports,
packet sniffer(ethereal,iris) )
It would be careless/unlucky to get it on your system in the first
place. So you should be prepared for it to happen, and monitor your
established connections, , which procsses. maybe even using a packet
sniffer if you're suspicious.
Maybe if the system is for a user that says he will only browse the web
and he is not technically curious about anything. And he's not going to
watch his computer and secure it as best as possible. Then perhaps it's
a bullet proof argument that
you want to block all outgoing connections except port 80.
So you see. By listening to a poster that reads his RFCs, you learn
that a good techie will be monitoring his established connections. And
if he is suspicious, he will be checking any out with a packet sniffer
if he is suspicious. At least that is the conclusion I draw.