«

Sebastian Gottschalk <> writes:

> And of course it would be nice if outbound protection could work in some
> serious way. But for obvious reasons it doesn't and won't ever.

For the obvious-impaired, can you highlight these reasons?

I'm still of the opinion that the outbound protection in software
firewalls is better than not having it at all, but I'm curious to know
the reasons behind your stance that it's worthless.

--
Todd H.
http://www.toddh.net/

Todd H. wrote:

> Sebastian Gottschalk <> writes:
>
>> And of course it would be nice if outbound protection could work in some
>> serious way. But for obvious reasons it doesn't and won't ever.
>
> For the obvious-impaired, can you highlight these reasons?

- Turing-completeness of malware
- interprocess communication
- programs' configuration data are writeable by everyone

> I'm still of the opinion that the outbound protection in software
> firewalls is better than not having it at all,

Not using software firewalls doesn't mean not having protection. And the
argument is generally wrong, since such software introduces complexity and
therefore insecurity, also as proven by the real world.

> but I'm curious to know the reasons behind your stance that it's worthless.

Obviously: It isn't reliable to any point, thus doesn't provide any
security. It's an intrusion detection mechanism at best, and even then
worthless due to the decrease of security by the implementation.

On Mon, 22 Jan 2007 18:28:14 +0100, Sebastian Gottschalk
<> wrote:

>> but I'm curious to know the reasons behind your stance that it's worthless.
>
>Obviously: It isn't reliable to any point, thus doesn't provide any
>security. It's an intrusion detection mechanism at best, and even then
>worthless due to the decrease of security by the implementation.

A lock on your front door is worthless if someone really wants to
break into your house... but I bet you have one, anyway. Why?

--
Zilbandy

Ok, apparently my initial post has caused some debate here. I posted
here because you know much more than I do, so let me clarify my
question.

Like everyone else, I want to prevent any hackers from attacking my
machine. I want to block those attacks, but at the same time I would
like to prevent anything that should not be on my computer, such as
malware, from sending out my personal information or whatever.

Being on disability, I cannot afford a lot of expensive software. With
that, can someone offer me the basics of what I should have installed
to offer me as much protection, both incoming and outgoing, as
possible? My OS is XP if that helps.

Thanks in advance for your help.
Dickie

On Mon, 22 Jan 2007 14:44:32 -0500, Dickie Peters
<ferrante276-> wrote:

>Like everyone else, I want to prevent any hackers from attacking my
>machine.

If properly configured, your router should provide adequate protection
from connection attempts from the outside.

>I want to block those attacks, but at the same time I would
>like to prevent anything that should not be on my computer, such as
>malware, from sending out my personal information or whatever.

Don't expect to be able to control malware. Only reasonable
countermeassure is to keep it off your machine.

>Being on disability, I cannot afford a lot of expensive software.

Security does'nt have to cost you anything.

>With that, can someone offer me the basics of what I should have installed
>to offer me as much protection, both incoming and outgoing, as
>possible? My OS is XP if that helps.

IMHO security is not about installing as much "protection" as
possible. It is more about installing and running only software of
decent quality from sources you trust, keeping it updated and using
your brain.

In other words, there are some technical counter-meassures you can and
should take. The rest (the major part) is more or less up to you.

Feel free to visit my site for further inspiration:
http://home20.inet.tele.dk/b_nice/index.htm

Zilbandy wrote:

> On Mon, 22 Jan 2007 18:28:14 +0100, Sebastian Gottschalk
> <> wrote:
>
>>> but I'm curious to know the reasons behind your stance that it's worthless.
>>
>>Obviously: It isn't reliable to any point, thus doesn't provide any
>>security. It's an intrusion detection mechanism at best, and even then
>>worthless due to the decrease of security by the implementation.
>
> A lock on your front door is worthless if someone really wants to
> break into your house... but I bet you have one, anyway. Why?

A front door isn't supposed to provide any security, but rather is a demand
from your insurance company.

That's why really important stuff is usually kept in a safe, not leaving
the "protection" to just a simple front door.

Beside that, you're drawing strange comparisons between analogue and
digital worlds. There is no equivalent of "more force/energy/power" in
digital world, and all possibilities are enumerable.

Dickie Peters wrote:

> Like everyone else, I want to prevent any hackers from attacking my
> machine. I want to block those attacks,

There is no need to block anything that should trivially fail anyway.

> but at the same time I would
> like to prevent anything that should not be on my computer, such as
> malware, from sending out my personal information or whatever.

This doesn't work, no matter how much you want it.

The real solution is to simply not run any malware in first place. This is
what you should focus on.

> Being on disability, I cannot afford a lot of expensive software. With
> that, can someone offer me the basics of what I should have installed
> to offer me as much protection, both incoming and outgoing, as
> possible?

Stop thinking in terms of installing more software would help.

Competent usage helps. Secure configuration helps. Using non-vulnerable
software helps. No software could replace that.

B. Nice wrote:

> On Mon, 22 Jan 2007 14:44:32 -0500, Dickie Peters
> <ferrante276-> wrote:
>
>>Like everyone else, I want to prevent any hackers from attacking my
>>machine.
>
> If properly configured, your router should provide adequate protection
> from connection attempts from the outside.

Or not. Just visiting a website containing a simple image reference

<img
src="ftp://ftp.someevilserver.example/blah.gif%10%13PORT%20192,168,0,1,00,135"/>

and there your port 135/TCP gets forwarded without any hesitation. Not to
mention other classes of protocol helpers, as well as simple usage of NAT
itself. You could embed a flash applet which connects back to the server
with source port 135, thus opens such a connection, disconnects, and then
waits some time if someone starts a vulnerable DCE-RPC daemon - if not,
connect again all 5 minutes to refresh the NAT state.

If the router contains a packet filter, then the proper configuration of
this part could provide such a protection.

Unless then, a router should be regarded as transparent. You know, even RFC
2993 tells you so.

Sebastian Gottschalk wrote:
> Dickie Peters wrote:
>
>> Like everyone else, I want to prevent any hackers from attacking my
>> machine. I want to block those attacks,
>
> There is no need to block anything that should trivially fail anyway.
>
>> but at the same time I would
>> like to prevent anything that should not be on my computer, such as
>> malware, from sending out my personal information or whatever.
>
> This doesn't work, no matter how much you want it.
>
> The real solution is to simply not run any malware in first place. This is
> what you should focus on.
>
>> Being on disability, I cannot afford a lot of expensive software. With
>> that, can someone offer me the basics of what I should have installed
>> to offer me as much protection, both incoming and outgoing, as
>> possible?
>
> Stop thinking in terms of installing more software would help.
>
> Competent usage helps. Secure configuration helps. Using non-vulnerable
> software helps. No software could replace that.

Sebastian,

It seems to me that you have some strong opinions on the subject of
computer security. But perhaps you should think about how you word your
opinions before you send them off.

The idea of groups such as this is to /discuss/ computer security and to
provide /assistance/ to people who ask for it. You are simply trying to
prove to everyone that you are better because you know about it, and
everyone else deserves nothing more that to be looked down upon.

The concept of providing assistance, especially to people who wish to
learn, is to provide constructive criticism, not to say "I know how it
works, so do it my way or else you may as well not do it at all." I can
see that you do indeed know about computer security, and you can provide
a wealth of information, as well as to identify potential threats; but
that does not mean that someone who offers a suggestion that does not
cover that threat is incompetent and deserves only your contempt.

Instead of saying "No, your wrong because of this. Do it my way - /it/
works", perhaps something more along the lines of "Yes, that will cover
those threats, but will still leave open this vulnerability. This should
cover it as well", and be open to further suggestions that are perhaps
easier to manage/implement, instead of saying "my way works, so use it".

Different solutions are suitable for different people. Your way might
work, but others can as well, and may sit better with the people who use it.

Remember:
Knowledge /is/ power.
Wisdom is knowing how to use it.

Respectfully,
wraeth

Dickie Peters wrote:
> Is a software firewall such as Zone Alarm essential for added
> protection if I am already using the XP firewall, AVG antivirus (free)
> and have a wired router (D-link-524)? Will it offer me any additional
> protection? If so, is there a better free firewall than Zone alarm?
>
> Thanks.
Dickie,

This site my friend made is aimed towards explaining computer security
for the not-precisely-computer-literate staff of a school he worked at,
and explains everything on the assumption that you have only a basic
knowledge of computers (basic point-and-click skills, basic knowledge of
the Internet). It may not be exactly what you need, but as well as
giving a basic overview of computer security, it points you to several
resources, and tells you how you can learn more - either about security,
or how to protect yourself.

http://www.jpc.nsw.edu.au/support/self/security.htm

Have a look and that should help you out.

Cheers, and good luck
wraeth