Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > a couple of questions from a newbie to this group

Reply
Thread Tools

a couple of questions from a newbie to this group

 
 
His Boy Elroy
Guest
Posts: n/a
 
      04-01-2004
1. I've been thinking of trying out F-Secure as my Firewall, but am also
looking at Black Ice Defender, Norton's Firewall, and in the past I've used
Zone Alarm Pro, although I found the interface to be more of a pain than of
any use - I like for being able to be used with Visual Route. I haven't used
any McAfee products in years although I'm willing to believe if a number of
you say so that their software has improved to it's pre-Cybermedia level.

Comments? Anyone got one that isn't on the list of what I've tried in the
past that they feel is the best on a home PC? And by "best" I mean "most
secure" and "most easily configurable and intelligent"

2. I am not brand new to computers but I'm brand new to instant messaging.
Right now I am using latest version of AIM. I wonder though, right now I
have it configured so only those on my Buddy List can reach me. How easy it
for someone to "see" a conversation I'm having? How big a back way in hole
does it leave in my virus and trojan defences when I'm logged on? When I'm
not? I have set it to not accept files. Anyone ever have any trouble being
hacked or virused via AIM?

3. Where are the best sources for certifications that will actually mean
something for someone with a BSc in Computers, but who wants to specialize
in computer security development or admin?

Unfortuneately, being new in this area, I've little info to offer in return
to questions from others in this field, but as I learn I will certainly
participate. I'm really interested in the security end of computing.

Thanks very much in advance to all who take a moment to respond.


~~HBE


 
Reply With Quote
 
 
 
 
Kerodo
Guest
Posts: n/a
 
      04-01-2004
"His Boy Elroy" <(E-Mail Removed)> wrote in
news:mTOac.11509$(E-Mail Removed) ble.rogers.com:

> 1. I've been thinking of trying out F-Secure as my Firewall, but am
> also looking at Black Ice Defender, Norton's Firewall, and in the past
> I've used Zone Alarm Pro, although I found the interface to be more of
> a pain than of any use - I like for being able to be used with Visual
> Route. I haven't used any McAfee products in years although I'm
> willing to believe if a number of you say so that their software has
> improved to it's pre-Cybermedia level.
>
> Comments? Anyone got one that isn't on the list of what I've tried in
> the past that they feel is the best on a home PC? And by "best" I mean
> "most secure" and "most easily configurable and intelligent"
>

I'd recommend Kerio. http://www.kerio.com/kpf_home.html

And I'd stay away from Norton too..

I just tested Kerio, Outpost, ZoneAlarm and Sygate, and Kerio is the only
one that successfully stealthed the first 1056 ports on grc.com's tests.
All the others left ports open or closed, but not stealthed.



--
Kerodo
 
Reply With Quote
 
 
 
 
*Vanguard*
Guest
Posts: n/a
 
      04-01-2004
"His Boy Elroy" said in
news:mTOac.11509$(E-Mail Removed) ble.rogers.com:
> 1. I've been thinking of trying out F-Secure as my Firewall, but am
> also looking at Black Ice Defender, Norton's Firewall, and in the
> past I've used Zone Alarm Pro, although I found the interface to be
> more of a pain than of any use - I like for being able to be used
> with Visual Route. I haven't used any McAfee products in years
> although I'm willing to believe if a number of you say so that their
> software has improved to it's pre-Cybermedia level.
>
> Comments? Anyone got one that isn't on the list of what I've tried in
> the past that they feel is the best on a home PC? And by "best" I
> mean "most secure" and "most easily configurable and intelligent"
>
> 2. I am not brand new to computers but I'm brand new to instant
> messaging. Right now I am using latest version of AIM. I wonder
> though, right now I have it configured so only those on my Buddy List
> can reach me. How easy it for someone to "see" a conversation I'm
> having? How big a back way in hole does it leave in my virus and
> trojan defences when I'm logged on? When I'm not? I have set it to
> not accept files. Anyone ever have any trouble being hacked or
> virused via AIM?
>
> 3. Where are the best sources for certifications that will actually
> mean something for someone with a BSc in Computers, but who wants to
> specialize in computer security development or admin?
>
> Unfortuneately, being new in this area, I've little info to offer in
> return to questions from others in this field, but as I learn I will
> certainly participate. I'm really interested in the security end of
> computing.
>
> Thanks very much in advance to all who take a moment to respond.
>
>
> ~~HBE


I first had Norton Internet Security 2002. I bought ZoneAlarm Pro and trialed it for awhile (a little under 2 months). Gave up and went back to Norton. Norton is good except for one nagging problem that continued into their 2003 version: the firewall can occasionally go dead and interfere or block some or all communications. This has occurred on 3 of my computers. After a long discussion, I came up with a way to reset NIS without having to reboot the computer. Sometimes it works, sometimes not.

Now I, too, am looking to replace Norton's firewall. There are a lot of nice features but I can't keep having my connection go partially or wholly dead once every day or two. Sygate has their freebie Personal Firewall (http://smb.sygate.com) but it seems too crippled so you'll end up getting their Pro version, anyway. Users of freebie Kerio 2.x (forget the minor version, maybe 2.5) like it but don't like the commercial version Kerio 4.0 saying it is too flaky (which is what I'm trying to get away from now). I hadn't even thought of F-Secure. I wouldn't bother with BlackIce; failed too many times for too long as evidenced in testing by Gibson (grc.com).


--
__________________________________________________ ____________________
Post replies to newsgroup. Share with others. E-mail not accepted.
__________________________________________________ ____________________
 
Reply With Quote
 
Colonel Flagg
Guest
Posts: n/a
 
      04-01-2004
In article <Xns94BDEFE9AB767kerodokenny@68.6.19.6>,
kerodo~nospam~(E-Mail Removed) says...
> "His Boy Elroy" <(E-Mail Removed)> wrote in
> news:mTOac.11509$(E-Mail Removed) ble.rogers.com:
>
> > 1. I've been thinking of trying out F-Secure as my Firewall, but am
> > also looking at Black Ice Defender, Norton's Firewall, and in the past
> > I've used Zone Alarm Pro, although I found the interface to be more of
> > a pain than of any use - I like for being able to be used with Visual
> > Route. I haven't used any McAfee products in years although I'm
> > willing to believe if a number of you say so that their software has
> > improved to it's pre-Cybermedia level.
> >
> > Comments? Anyone got one that isn't on the list of what I've tried in
> > the past that they feel is the best on a home PC? And by "best" I mean
> > "most secure" and "most easily configurable and intelligent"
> >

> I'd recommend Kerio. http://www.kerio.com/kpf_home.html
>
> And I'd stay away from Norton too..
>
> I just tested Kerio, Outpost, ZoneAlarm and Sygate, and Kerio is the only
> one that successfully stealthed the first 1056 ports on grc.com's tests.
> All the others left ports open or closed, but not stealthed.
>
>
>
>



"stealth" is a non-term. it's meaningless, much as all of grc is.

"filtered" is more appropriate and it's less secure than closed. closed
means NOTHING is listening. "filtered" means "something" *could* be
listening, but "something" is _in_between_ you and the target, whether
it's running in front of or on the machine in question, "something" is
filtering the traffic between the outside and inside machines. filtered
is also a tell-tale sign for hackers to try harder and to walk your
router, your firewall, etc. and attempt enumeration of the LAN beyond.
"closed" means nothing is listening and therefore, isn't worth the
effort of most hacks.





--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
billh
Guest
Posts: n/a
 
      04-01-2004

<snip>

Now I, too, am looking to replace Norton's firewall. There are a lot of
nice features but I can't keep having my connection go partially or wholly
dead once every day or two. Sygate has their freebie Personal Firewall
(http://smb.sygate.com) but it seems too crippled so you'll end up getting
their Pro version, anyway.

<snip>

What do you consider to be crippled in the free version that should be
available for significantly safer operation?

I use freebie Sygate behind a Linksys router. I feel it (or the combination)
does a good job and Sygate doesn't seem to be a giant resource hog; it is
also fairly easy to understand.

Thanks,
Billh


 
Reply With Quote
 
Rambler
Guest
Posts: n/a
 
      04-01-2004
On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <(E-Mail Removed)>
wrote:

>
><snip>
>
>Now I, too, am looking to replace Norton's firewall. There are a lot of
>nice features but I can't keep having my connection go partially or wholly
>dead once every day or two. Sygate has their freebie Personal Firewall
>(http://smb.sygate.com) but it seems too crippled so you'll end up getting
>their Pro version, anyway.
>
><snip>
>
>What do you consider to be crippled in the free version that should be
>available for significantly safer operation?
>
>I use freebie Sygate behind a Linksys router. I feel it (or the combination)
>does a good job and Sygate doesn't seem to be a giant resource hog; it is
>also fairly easy to understand.
>
>Thanks,
>Billh
>


Agreed - the main thing I like about Sygate is its logging
capabilities - with careful rule selection you can filter and log just
about anything. Another excellent feature is its ability to allow
trusted applications/services access, and just as easliy block them.
Much easier than fiddling with port tables. It doesn't go crazy when
my DSL connection has a heavy I/O load either.

I agree with the Colonel re. grc.com too - lots of hype and hysteria,
not much substance. Hardly surprising that Mr.Gibson heartily
recommends ZoneAlarm, when he owns the company that markets it, though
he pretends he's just an enthusiastic user.

I used to believe that grc.com did a good job, but no longer. I notice
that Mr.G "reveals" that your browser "can send any information it
likes about you or your computer". Oh yeah? Like your credit card
number, maybe? No, the best example he can come up with of a "security
breach" is your screen resolution!

 
Reply With Quote
 
David Postill
Guest
Posts: n/a
 
      04-01-2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <(E-Mail Removed)>, on Thu, 01 Apr 2004 17:36:25 +0100, Rambler
<(E-Mail Removed)> wrote:

| On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <(E-Mail Removed)>
| wrote:

<snip />

| Hardly surprising that Mr.Gibson heartily
| recommends ZoneAlarm, when he owns the company that markets it, though
| he pretends he's just an enthusiastic user.

Your evidence please?

I note that regardless of your opinions (just who are you anyway?)
Steve clearly states he has no connection with any firewall company.

On <http://grc.com/lt/leaktest.htm> he says:

"My Role
It is for all of these reasons that I have decided to assume an active and vocal position as an
unbiased third-party
evaluator of the technology and security of personal software firewall products.

For the record, I have NO INTEREST in any of these vendors.
I have NO undisclosed relationship of any sort with any person,
company or entity, and no hidden agenda creating bias of any kind."

<davidp />

- --
David Postill

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
Comment: Get key from pgpkeys.mit.edu:11370

iQA/AwUBQGxUF3xp7q1nhFwUEQIp+ACgmcKIt8+leGcwRbfI//X+NbvDoOMAoKyB
sasSxSIPpvJZpyvqxiS+tq2c
=9Dx8
-----END PGP SIGNATURE-----

 
Reply With Quote
 
johns
Guest
Posts: n/a
 
      04-01-2004

> 1. I've been thinking of trying out F-Secure as my Firewall,


We are using f-secure virus software running off our "virus"
server that is updated by f-secure constantly. It has been
first rate, and we chose it because ALL of the other brands
failed in our tests. We are now working on f-secure firewall.
This is a big lan, and security is a serious issue here. I'll let
you know how the firewall does once it is up. It will offload
from the server to clients just like the virus programs do.

> any McAfee products in years although I'm willing to believe if a number

of
> you say so that their software has improved to it's pre-Cybermedia level.


It has. I run it at home, and it updates every time I go online.
I have yet to see anything get past it, plus it seems intelligent
enough to spot "social engineering" hacks. McAffey and
f-secure are essentially the same product as I remember
from years past.

> Comments? Anyone got one that isn't on the list of what I've tried in the
> past that they feel is the best on a home PC? And by "best" I mean "most
> secure" and "most easily configurable and intelligent"


A firewall certainly isn't going to help you. It will nag the
crap out of you until you are fed up with it. And you will
most certainly leave some kind of access open. The best
form of home computer protection is .. first a good anti-
virus product, such as McAffee ... and then a big hard
drive .. 80 gig or more ... split C - D .. and a disk imaging
program such as PowerQuest2002, so you can keep
copies of old images plus recent images. That lets you
back away from a hack with no problem. AdAware and
Spybot can help ... a little, but the ability to copy off
favorites, email, and data and then restore your system
fully in about 45 minutes is the best approach. Another
good thing to do is stay the HELL off DSL ! I simply
cannot believe home users would leave a connect open
like that. Pure stupidity BIGTIME ! Use a 56k modem
and have your ISP enable Postini on your email account.
Big hacks simply can't get down quick enough that you
can't turn your computer off. On DSL, you are doomed.

> 2. I am not brand new to computers but I'm brand new to instant messaging.
> Right now I am using latest version of AIM.


If I catch anyone in my labs running AIM, I kick them out of
there right then. I also gpedit the .exe so AIM cannot run ever.
I've got a list of scumware that I have gpedited off my systems.
You are wide open running that garbage.

> not? I have set it to not accept files. Anyone ever have any trouble being
> hacked or virused via AIM?


Just commercial trash ... so far.

> 3. Where are the best sources for certifications that will actually mean
> something for someone with a BSc in Computers, but who wants to specialize
> in computer security development or admin?


Tech schools. CS can't seem to be bothered with PCs, and that
is the dominant business out there. The tech school programs
are getting the job done. CS is still about 10 years behind, but
once you get to the job, self-training is the way to go. CS gets
you in the door.

johns


 
Reply With Quote
 
*Vanguard*
Guest
Posts: n/a
 
      04-01-2004
"Rambler" said in news:(E-Mail Removed):
>
> Agreed - the main thing I like about Sygate is its logging
> capabilities - with careful rule selection you can filter and log just
> about anything. Another excellent feature is its ability to allow
> trusted applications/services access, and just as easliy block them.
> Much easier than fiddling with port tables. It doesn't go crazy when
> my DSL connection has a heavy I/O load either.
>
> I agree with the Colonel re. grc.com too - lots of hype and hysteria,
> not much substance. Hardly surprising that Mr.Gibson heartily
> recommends ZoneAlarm, when he owns the company that markets it, though
> he pretends he's just an enthusiastic user.


Aw, did your feelings get bruised about a product that's not even yours? Sounds like a defensive developer when you tell them there's a bug in their code. So in your accusation that Steve Gibson owns ZoneAlarm, just where did you discover this? From some other Gibson basher? I don't see him listed on the board of directors at http://www.zonelabs.com/store/conten...utUs/board.jsp. Don't see him listed on the management team at http://www.zonelabs.com/store/conten...management.jsp. Don't see him listed as an investor at http://www.zonelabs.com/store/conten.../investors.jsp. Gee, I suppose if we follow the chain far enough down then we would find Gibson - as a customer! But then we'd find him a customer of BlackIce, Sygate, and several other firewalls.

If Gibson owned ZoneAlarm, why doesn't he have a link to it, especially on his sell page at http://grc.com/purchasing.htm? Why, for those developers that fixed their leaky firewalls, does he applaud Sygate, TPF, and some others? ZoneAlarm was the one that from the start of his testing proved not to be leaky. So because he applauded ZoneAlarm first for passing his LeakTest that makes him an owner of ZoneAlarm? Gee, I must own a lot of companies. Better hurry, "I like Microsoft." Great, now I'm as rich as Bill. "I like Adobe." Great, now I own that one, too.

Yep, "lots of hype and hysteria" - by idiots claiming to know something they don't. Let's see your proof! If you have independent proof showing Gibson owns ZoneAlarm as you claim, yeah, that will color my opinions of his testing. Otherwise, stop polishing your bishop. As I recall, Gibson found Sygate leaky and then they fixed it and he applauds it, so why are you so upset? Because he was brazen enough to announce their **** up in the first place?

> I used to believe that grc.com did a good job, but no longer. I notice
> that Mr.G "reveals" that your browser "can send any information it
> likes about you or your computer". Oh yeah? Like your credit card
> number, maybe? No, the best example he can come up with of a "security
> breach" is your screen resolution!


And your testing had the browser running AFTER your firewall, right? The browser test is just that, a *browser* test. If your firewall is blocking Referrer than obviously Gibson's test, or anyone else's, won't see it. Boy, do you stretch the truth - to the point of a lie! Your browser can send information that IT has. Obviously all the HTTP headers are available because YOU connected to HIS web site. So when you go to his Shields Up web page and click on the button to interrogate what your browser will reveal itself (which your firewall may or may not block some of it), just where on that page do you see him discuss credit card information?

Fact is, his browser test isn't very complete. He is just showing you what every web site can see in your HTTP headers when you connect to them. http://bcheck.scanit.be/bcheck/ provides a much better test but it goes beyond just what your browser will report; it also checks its "features". In fact, when running their test, Windows Media Player loaded (twice) because they tried to proffer audio content (and I have IE configured to NOT play music within it but instead using WMP separately) and another time to run a script through it (failed). I also got a prompt window to push a .vbs download to my host (obviously a security issue but the prompt blocks the auto-download attempt, so make sure your Internet security zone is properly configured). The test also opened the Search frame within IE, changed window focus, and other nasty effects. Based on this test, and because I had already read the KB article on how to add the "My Computer" local zone to the security zones displayed in Internet Options -> Security, I changed the setting from Enabled to Prompt for active scripting. That eliminated the high security threat they noted on my system. However, it also means that I have to keep answering Okay to a prompt when, for example, I open a help file and navigate around the help file by using links presented in a topics list. I'm not sure yet what to do about their medium security risk assessment regarding javascript and the the Search bar. The Search bar did appear but nothing got ran, or it was one of those prompts to ask me to run something that I clicked Cancel or No. You can find more browser security checks, like http://browsercheck.qualys.com/index.php, by doing a Google search on "browser security". Gibson's test just shows the HTTP headers that are available to any web site that wants them. He does NOT say your credit card information is at risk. He doesn't test for it.

--
__________________________________________________ ____________________
Post replies to newsgroup. Share with others. E-mail not accepted.
__________________________________________________ ____________________
 
Reply With Quote
 
*Vanguard*
Guest
Posts: n/a
 
      04-01-2004
"Colonel Flagg" said in
news:(E-Mail Removed):
> "stealth" is a non-term. it's meaningless, much as all of grc is.


Guess you have a real problem understanding that stealth means NO response is returned where open and closed ARE responses. Reporting a port as closed clearly identifies that there is a host at that probed IP address. That in itself identifies to the hacker that a host DOES exist at that IP address. Stealthed, in returning NO RESPONSE, tells the hacker nothing! They don't know if a host is there or not. Filtered ports that return a status of "closed" are obviously telling whomever probed the port that someone is actually at that IP address. Closed is a status just like Open. So call it "Go away" and "Come on in". BOTH still get reported back to the hacker.

A mad killer comes to your locked house and bangs on the door and demands entry. Yeah, you could say, "Sorry, no one is home". Well, gee, how stupid is that? You just told the mad killer that someone IS as home! So now the mad killer wanders around your house looking for a break-in point (i.e., your windows).

> "filtered" is more appropriate and it's less secure than closed.
> closed means NOTHING is listening. "filtered" means "something"
> *could* be listening, but "something" is _in_between_ you and the
> target, whether it's running in front of or on the machine in
> question, "something" is filtering the traffic between the outside
> and inside machines. filtered is also a tell-tale sign for hackers to
> try harder and to walk your router, your firewall, etc. and attempt
> enumeration of the LAN beyond. "closed" means nothing is listening
> and therefore, isn't worth the effort of most hacks.


Yes, closed means most hackers will go away. Most. Not all. Do you deter spam by using their opt-out web pages? Do you tell the spammer that you have a valid and monitored e-mail address in begging them to stop sending you their crap as though they had any socal morals. You don't respond! The same works on hackers. Why lure ANY hackers by reporting that you even exist?

Okay, so you want to bash Steve. I guess then you'll also bash Symantec and all other firewall vendors, too. From Symantec definition page (http://snipurl.com/5gfa):

*Closed port*
A port that is blocked by a firewall. If a computer receives incoming communication on a closed port, it responds to the sender by refusing the connection. See also port, open port, port scan, and stealth port.

*Open port*
Open ports are ports that are not blocked by a firewall. Computers accept incoming communication on open ports. See the definitions for port, closed port, stealth port, and port scan.

*Stealth port*
Giving the impression of not existing; not responding to requests for information. A firewall can be configured to "stealth" ports, so that anyone performing a port scan will not be able to determine that a computer exists at that address.

Hence, open and closed ports BOTH send a response. Stealthed ports never do. For closed ports, the hacker still finds your host but simply finds nothing is listening on that port. That is NOT the same as never finding the host in the first place. If you want to stand stoic while someone hurls a lump of juicy crap at your face and then rely on a teflon coating to keep you clean, go for it. The rest of us would prefer to duck out of the way.


--
__________________________________________________ ____________________
Post replies to newsgroup. Share with others. E-mail not accepted.
__________________________________________________ ____________________
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MCDST 271 & 272 exams, a couple of questions from a newbie. Mark MCDST 3 03-06-2007 09:00 PM
A couple of NEWBIE questions... Nobody ASP .Net 4 11-20-2006 12:40 PM
Newbie questions - Couple of VC++ questions regarding dlls and VB6 Ali Syed C Programming 3 10-13-2004 10:15 PM
(.NET Newbie) DataGrid killing me !!! (a couple questions) BTHOMASinOHIO ASP .Net Datagrid Control 3 08-19-2003 07:17 PM
Re: Couple of newbie Firewall questions Bill Matherly Jr Computer Security 2 08-18-2003 11:02 PM



Advertisments