a couple of questions from a newbie to this group

Discussion in 'Computer Security' started by His Boy Elroy, Apr 1, 2004.

  1. 1. I've been thinking of trying out F-Secure as my Firewall, but am also
    looking at Black Ice Defender, Norton's Firewall, and in the past I've used
    Zone Alarm Pro, although I found the interface to be more of a pain than of
    any use - I like for being able to be used with Visual Route. I haven't used
    any McAfee products in years although I'm willing to believe if a number of
    you say so that their software has improved to it's pre-Cybermedia level.

    Comments? Anyone got one that isn't on the list of what I've tried in the
    past that they feel is the best on a home PC? And by "best" I mean "most
    secure" and "most easily configurable and intelligent"

    2. I am not brand new to computers but I'm brand new to instant messaging.
    Right now I am using latest version of AIM. I wonder though, right now I
    have it configured so only those on my Buddy List can reach me. How easy it
    for someone to "see" a conversation I'm having? How big a back way in hole
    does it leave in my virus and trojan defences when I'm logged on? When I'm
    not? I have set it to not accept files. Anyone ever have any trouble being
    hacked or virused via AIM?

    3. Where are the best sources for certifications that will actually mean
    something for someone with a BSc in Computers, but who wants to specialize
    in computer security development or admin?

    Unfortuneately, being new in this area, I've little info to offer in return
    to questions from others in this field, but as I learn I will certainly
    participate. I'm really interested in the security end of computing.

    Thanks very much in advance to all who take a moment to respond.


    ~~HBE
    His Boy Elroy, Apr 1, 2004
    #1
    1. Advertising

  2. His Boy Elroy

    Kerodo Guest

    "His Boy Elroy" <> wrote in
    news:mTOac.11509$:

    > 1. I've been thinking of trying out F-Secure as my Firewall, but am
    > also looking at Black Ice Defender, Norton's Firewall, and in the past
    > I've used Zone Alarm Pro, although I found the interface to be more of
    > a pain than of any use - I like for being able to be used with Visual
    > Route. I haven't used any McAfee products in years although I'm
    > willing to believe if a number of you say so that their software has
    > improved to it's pre-Cybermedia level.
    >
    > Comments? Anyone got one that isn't on the list of what I've tried in
    > the past that they feel is the best on a home PC? And by "best" I mean
    > "most secure" and "most easily configurable and intelligent"
    >

    I'd recommend Kerio. http://www.kerio.com/kpf_home.html

    And I'd stay away from Norton too..

    I just tested Kerio, Outpost, ZoneAlarm and Sygate, and Kerio is the only
    one that successfully stealthed the first 1056 ports on grc.com's tests.
    All the others left ports open or closed, but not stealthed.



    --
    Kerodo
    Kerodo, Apr 1, 2004
    #2
    1. Advertising

  3. His Boy Elroy

    *Vanguard* Guest

    "His Boy Elroy" said in
    news:mTOac.11509$:
    > 1. I've been thinking of trying out F-Secure as my Firewall, but am
    > also looking at Black Ice Defender, Norton's Firewall, and in the
    > past I've used Zone Alarm Pro, although I found the interface to be
    > more of a pain than of any use - I like for being able to be used
    > with Visual Route. I haven't used any McAfee products in years
    > although I'm willing to believe if a number of you say so that their
    > software has improved to it's pre-Cybermedia level.
    >
    > Comments? Anyone got one that isn't on the list of what I've tried in
    > the past that they feel is the best on a home PC? And by "best" I
    > mean "most secure" and "most easily configurable and intelligent"
    >
    > 2. I am not brand new to computers but I'm brand new to instant
    > messaging. Right now I am using latest version of AIM. I wonder
    > though, right now I have it configured so only those on my Buddy List
    > can reach me. How easy it for someone to "see" a conversation I'm
    > having? How big a back way in hole does it leave in my virus and
    > trojan defences when I'm logged on? When I'm not? I have set it to
    > not accept files. Anyone ever have any trouble being hacked or
    > virused via AIM?
    >
    > 3. Where are the best sources for certifications that will actually
    > mean something for someone with a BSc in Computers, but who wants to
    > specialize in computer security development or admin?
    >
    > Unfortuneately, being new in this area, I've little info to offer in
    > return to questions from others in this field, but as I learn I will
    > certainly participate. I'm really interested in the security end of
    > computing.
    >
    > Thanks very much in advance to all who take a moment to respond.
    >
    >
    > ~~HBE


    I first had Norton Internet Security 2002. I bought ZoneAlarm Pro and trialed it for awhile (a little under 2 months). Gave up and went back to Norton. Norton is good except for one nagging problem that continued into their 2003 version: the firewall can occasionally go dead and interfere or block some or all communications. This has occurred on 3 of my computers. After a long discussion, I came up with a way to reset NIS without having to reboot the computer. Sometimes it works, sometimes not.

    Now I, too, am looking to replace Norton's firewall. There are a lot of nice features but I can't keep having my connection go partially or wholly dead once every day or two. Sygate has their freebie Personal Firewall (http://smb.sygate.com) but it seems too crippled so you'll end up getting their Pro version, anyway. Users of freebie Kerio 2.x (forget the minor version, maybe 2.5) like it but don't like the commercial version Kerio 4.0 saying it is too flaky (which is what I'm trying to get away from now). I hadn't even thought of F-Secure. I wouldn't bother with BlackIce; failed too many times for too long as evidenced in testing by Gibson (grc.com).


    --
    ______________________________________________________________________
    Post replies to newsgroup. Share with others. E-mail not accepted.
    ______________________________________________________________________
    *Vanguard*, Apr 1, 2004
    #3
  4. In article <Xns94BDEFE9AB767kerodokenny@68.6.19.6>,
    kerodo~nospam~ says...
    > "His Boy Elroy" <> wrote in
    > news:mTOac.11509$:
    >
    > > 1. I've been thinking of trying out F-Secure as my Firewall, but am
    > > also looking at Black Ice Defender, Norton's Firewall, and in the past
    > > I've used Zone Alarm Pro, although I found the interface to be more of
    > > a pain than of any use - I like for being able to be used with Visual
    > > Route. I haven't used any McAfee products in years although I'm
    > > willing to believe if a number of you say so that their software has
    > > improved to it's pre-Cybermedia level.
    > >
    > > Comments? Anyone got one that isn't on the list of what I've tried in
    > > the past that they feel is the best on a home PC? And by "best" I mean
    > > "most secure" and "most easily configurable and intelligent"
    > >

    > I'd recommend Kerio. http://www.kerio.com/kpf_home.html
    >
    > And I'd stay away from Norton too..
    >
    > I just tested Kerio, Outpost, ZoneAlarm and Sygate, and Kerio is the only
    > one that successfully stealthed the first 1056 ports on grc.com's tests.
    > All the others left ports open or closed, but not stealthed.
    >
    >
    >
    >



    "stealth" is a non-term. it's meaningless, much as all of grc is.

    "filtered" is more appropriate and it's less secure than closed. closed
    means NOTHING is listening. "filtered" means "something" *could* be
    listening, but "something" is _in_between_ you and the target, whether
    it's running in front of or on the machine in question, "something" is
    filtering the traffic between the outside and inside machines. filtered
    is also a tell-tale sign for hackers to try harder and to walk your
    router, your firewall, etc. and attempt enumeration of the LAN beyond.
    "closed" means nothing is listening and therefore, isn't worth the
    effort of most hacks.





    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Apr 1, 2004
    #4
  5. His Boy Elroy

    billh Guest

    <snip>

    Now I, too, am looking to replace Norton's firewall. There are a lot of
    nice features but I can't keep having my connection go partially or wholly
    dead once every day or two. Sygate has their freebie Personal Firewall
    (http://smb.sygate.com) but it seems too crippled so you'll end up getting
    their Pro version, anyway.

    <snip>

    What do you consider to be crippled in the free version that should be
    available for significantly safer operation?

    I use freebie Sygate behind a Linksys router. I feel it (or the combination)
    does a good job and Sygate doesn't seem to be a giant resource hog; it is
    also fairly easy to understand.

    Thanks,
    Billh
    billh, Apr 1, 2004
    #5
  6. His Boy Elroy

    Rambler Guest

    On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <>
    wrote:

    >
    ><snip>
    >
    >Now I, too, am looking to replace Norton's firewall. There are a lot of
    >nice features but I can't keep having my connection go partially or wholly
    >dead once every day or two. Sygate has their freebie Personal Firewall
    >(http://smb.sygate.com) but it seems too crippled so you'll end up getting
    >their Pro version, anyway.
    >
    ><snip>
    >
    >What do you consider to be crippled in the free version that should be
    >available for significantly safer operation?
    >
    >I use freebie Sygate behind a Linksys router. I feel it (or the combination)
    >does a good job and Sygate doesn't seem to be a giant resource hog; it is
    >also fairly easy to understand.
    >
    >Thanks,
    >Billh
    >


    Agreed - the main thing I like about Sygate is its logging
    capabilities - with careful rule selection you can filter and log just
    about anything. Another excellent feature is its ability to allow
    trusted applications/services access, and just as easliy block them.
    Much easier than fiddling with port tables. It doesn't go crazy when
    my DSL connection has a heavy I/O load either.

    I agree with the Colonel re. grc.com too - lots of hype and hysteria,
    not much substance. Hardly surprising that Mr.Gibson heartily
    recommends ZoneAlarm, when he owns the company that markets it, though
    he pretends he's just an enthusiastic user.

    I used to believe that grc.com did a good job, but no longer. I notice
    that Mr.G "reveals" that your browser "can send any information it
    likes about you or your computer". Oh yeah? Like your credit card
    number, maybe? No, the best example he can come up with of a "security
    breach" is your screen resolution!
    Rambler, Apr 1, 2004
    #6
  7. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    In article <>, on Thu, 01 Apr 2004 17:36:25 +0100, Rambler
    <> wrote:

    | On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <>
    | wrote:

    <snip />

    | Hardly surprising that Mr.Gibson heartily
    | recommends ZoneAlarm, when he owns the company that markets it, though
    | he pretends he's just an enthusiastic user.

    Your evidence please?

    I note that regardless of your opinions (just who are you anyway?)
    Steve clearly states he has no connection with any firewall company.

    On <http://grc.com/lt/leaktest.htm> he says:

    "My Role
    It is for all of these reasons that I have decided to assume an active and vocal position as an
    unbiased third-party
    evaluator of the technology and security of personal software firewall products.

    For the record, I have NO INTEREST in any of these vendors.
    I have NO undisclosed relationship of any sort with any person,
    company or entity, and no hidden agenda creating bias of any kind."

    <davidp />

    - --
    David Postill

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
    Comment: Get key from pgpkeys.mit.edu:11370

    iQA/AwUBQGxUF3xp7q1nhFwUEQIp+ACgmcKIt8+leGcwRbfI//X+NbvDoOMAoKyB
    sasSxSIPpvJZpyvqxiS+tq2c
    =9Dx8
    -----END PGP SIGNATURE-----
    David Postill, Apr 1, 2004
    #7
  8. His Boy Elroy

    johns Guest


    > 1. I've been thinking of trying out F-Secure as my Firewall,


    We are using f-secure virus software running off our "virus"
    server that is updated by f-secure constantly. It has been
    first rate, and we chose it because ALL of the other brands
    failed in our tests. We are now working on f-secure firewall.
    This is a big lan, and security is a serious issue here. I'll let
    you know how the firewall does once it is up. It will offload
    from the server to clients just like the virus programs do.

    > any McAfee products in years although I'm willing to believe if a number

    of
    > you say so that their software has improved to it's pre-Cybermedia level.


    It has. I run it at home, and it updates every time I go online.
    I have yet to see anything get past it, plus it seems intelligent
    enough to spot "social engineering" hacks. McAffey and
    f-secure are essentially the same product as I remember
    from years past.

    > Comments? Anyone got one that isn't on the list of what I've tried in the
    > past that they feel is the best on a home PC? And by "best" I mean "most
    > secure" and "most easily configurable and intelligent"


    A firewall certainly isn't going to help you. It will nag the
    crap out of you until you are fed up with it. And you will
    most certainly leave some kind of access open. The best
    form of home computer protection is .. first a good anti-
    virus product, such as McAffee ... and then a big hard
    drive .. 80 gig or more ... split C - D .. and a disk imaging
    program such as PowerQuest2002, so you can keep
    copies of old images plus recent images. That lets you
    back away from a hack with no problem. AdAware and
    Spybot can help ... a little, but the ability to copy off
    favorites, email, and data and then restore your system
    fully in about 45 minutes is the best approach. Another
    good thing to do is stay the HELL off DSL ! I simply
    cannot believe home users would leave a connect open
    like that. Pure stupidity BIGTIME ! Use a 56k modem
    and have your ISP enable Postini on your email account.
    Big hacks simply can't get down quick enough that you
    can't turn your computer off. On DSL, you are doomed.

    > 2. I am not brand new to computers but I'm brand new to instant messaging.
    > Right now I am using latest version of AIM.


    If I catch anyone in my labs running AIM, I kick them out of
    there right then. I also gpedit the .exe so AIM cannot run ever.
    I've got a list of scumware that I have gpedited off my systems.
    You are wide open running that garbage.

    > not? I have set it to not accept files. Anyone ever have any trouble being
    > hacked or virused via AIM?


    Just commercial trash ... so far.

    > 3. Where are the best sources for certifications that will actually mean
    > something for someone with a BSc in Computers, but who wants to specialize
    > in computer security development or admin?


    Tech schools. CS can't seem to be bothered with PCs, and that
    is the dominant business out there. The tech school programs
    are getting the job done. CS is still about 10 years behind, but
    once you get to the job, self-training is the way to go. CS gets
    you in the door.

    johns
    johns, Apr 1, 2004
    #8
  9. His Boy Elroy

    *Vanguard* Guest

    "Rambler" said in news::
    >
    > Agreed - the main thing I like about Sygate is its logging
    > capabilities - with careful rule selection you can filter and log just
    > about anything. Another excellent feature is its ability to allow
    > trusted applications/services access, and just as easliy block them.
    > Much easier than fiddling with port tables. It doesn't go crazy when
    > my DSL connection has a heavy I/O load either.
    >
    > I agree with the Colonel re. grc.com too - lots of hype and hysteria,
    > not much substance. Hardly surprising that Mr.Gibson heartily
    > recommends ZoneAlarm, when he owns the company that markets it, though
    > he pretends he's just an enthusiastic user.


    Aw, did your feelings get bruised about a product that's not even yours? Sounds like a defensive developer when you tell them there's a bug in their code. So in your accusation that Steve Gibson owns ZoneAlarm, just where did you discover this? From some other Gibson basher? I don't see him listed on the board of directors at http://www.zonelabs.com/store/content/company/aboutUs/board.jsp. Don't see him listed on the management team at http://www.zonelabs.com/store/content/company/aboutUs/management.jsp. Don't see him listed as an investor at http://www.zonelabs.com/store/content/company/aboutUs/investors.jsp. Gee, I suppose if we follow the chain far enough down then we would find Gibson - as a customer! But then we'd find him a customer of BlackIce, Sygate, and several other firewalls.

    If Gibson owned ZoneAlarm, why doesn't he have a link to it, especially on his sell page at http://grc.com/purchasing.htm? Why, for those developers that fixed their leaky firewalls, does he applaud Sygate, TPF, and some others? ZoneAlarm was the one that from the start of his testing proved not to be leaky. So because he applauded ZoneAlarm first for passing his LeakTest that makes him an owner of ZoneAlarm? Gee, I must own a lot of companies. Better hurry, "I like Microsoft." Great, now I'm as rich as Bill. "I like Adobe." Great, now I own that one, too.

    Yep, "lots of hype and hysteria" - by idiots claiming to know something they don't. Let's see your proof! If you have independent proof showing Gibson owns ZoneAlarm as you claim, yeah, that will color my opinions of his testing. Otherwise, stop polishing your bishop. As I recall, Gibson found Sygate leaky and then they fixed it and he applauds it, so why are you so upset? Because he was brazen enough to announce their **** up in the first place?

    > I used to believe that grc.com did a good job, but no longer. I notice
    > that Mr.G "reveals" that your browser "can send any information it
    > likes about you or your computer". Oh yeah? Like your credit card
    > number, maybe? No, the best example he can come up with of a "security
    > breach" is your screen resolution!


    And your testing had the browser running AFTER your firewall, right? The browser test is just that, a *browser* test. If your firewall is blocking Referrer than obviously Gibson's test, or anyone else's, won't see it. Boy, do you stretch the truth - to the point of a lie! Your browser can send information that IT has. Obviously all the HTTP headers are available because YOU connected to HIS web site. So when you go to his Shields Up web page and click on the button to interrogate what your browser will reveal itself (which your firewall may or may not block some of it), just where on that page do you see him discuss credit card information?

    Fact is, his browser test isn't very complete. He is just showing you what every web site can see in your HTTP headers when you connect to them. http://bcheck.scanit.be/bcheck/ provides a much better test but it goes beyond just what your browser will report; it also checks its "features". In fact, when running their test, Windows Media Player loaded (twice) because they tried to proffer audio content (and I have IE configured to NOT play music within it but instead using WMP separately) and another time to run a script through it (failed). I also got a prompt window to push a .vbs download to my host (obviously a security issue but the prompt blocks the auto-download attempt, so make sure your Internet security zone is properly configured). The test also opened the Search frame within IE, changed window focus, and other nasty effects. Based on this test, and because I had already read the KB article on how to add the "My Computer" local zone to the security zones displayed in Internet Options -> Security, I changed the setting from Enabled to Prompt for active scripting. That eliminated the high security threat they noted on my system. However, it also means that I have to keep answering Okay to a prompt when, for example, I open a help file and navigate around the help file by using links presented in a topics list. I'm not sure yet what to do about their medium security risk assessment regarding javascript and the the Search bar. The Search bar did appear but nothing got ran, or it was one of those prompts to ask me to run something that I clicked Cancel or No. You can find more browser security checks, like http://browsercheck.qualys.com/index.php, by doing a Google search on "browser security". Gibson's test just shows the HTTP headers that are available to any web site that wants them. He does NOT say your credit card information is at risk. He doesn't test for it.

    --
    ______________________________________________________________________
    Post replies to newsgroup. Share with others. E-mail not accepted.
    ______________________________________________________________________
    *Vanguard*, Apr 1, 2004
    #9
  10. His Boy Elroy

    *Vanguard* Guest

    "Colonel Flagg" said in
    news::
    > "stealth" is a non-term. it's meaningless, much as all of grc is.


    Guess you have a real problem understanding that stealth means NO response is returned where open and closed ARE responses. Reporting a port as closed clearly identifies that there is a host at that probed IP address. That in itself identifies to the hacker that a host DOES exist at that IP address. Stealthed, in returning NO RESPONSE, tells the hacker nothing! They don't know if a host is there or not. Filtered ports that return a status of "closed" are obviously telling whomever probed the port that someone is actually at that IP address. Closed is a status just like Open. So call it "Go away" and "Come on in". BOTH still get reported back to the hacker.

    A mad killer comes to your locked house and bangs on the door and demands entry. Yeah, you could say, "Sorry, no one is home". Well, gee, how stupid is that? You just told the mad killer that someone IS as home! So now the mad killer wanders around your house looking for a break-in point (i.e., your windows).

    > "filtered" is more appropriate and it's less secure than closed.
    > closed means NOTHING is listening. "filtered" means "something"
    > *could* be listening, but "something" is _in_between_ you and the
    > target, whether it's running in front of or on the machine in
    > question, "something" is filtering the traffic between the outside
    > and inside machines. filtered is also a tell-tale sign for hackers to
    > try harder and to walk your router, your firewall, etc. and attempt
    > enumeration of the LAN beyond. "closed" means nothing is listening
    > and therefore, isn't worth the effort of most hacks.


    Yes, closed means most hackers will go away. Most. Not all. Do you deter spam by using their opt-out web pages? Do you tell the spammer that you have a valid and monitored e-mail address in begging them to stop sending you their crap as though they had any socal morals. You don't respond! The same works on hackers. Why lure ANY hackers by reporting that you even exist?

    Okay, so you want to bash Steve. I guess then you'll also bash Symantec and all other firewall vendors, too. From Symantec definition page (http://snipurl.com/5gfa):

    *Closed port*
    A port that is blocked by a firewall. If a computer receives incoming communication on a closed port, it responds to the sender by refusing the connection. See also port, open port, port scan, and stealth port.

    *Open port*
    Open ports are ports that are not blocked by a firewall. Computers accept incoming communication on open ports. See the definitions for port, closed port, stealth port, and port scan.

    *Stealth port*
    Giving the impression of not existing; not responding to requests for information. A firewall can be configured to "stealth" ports, so that anyone performing a port scan will not be able to determine that a computer exists at that address.

    Hence, open and closed ports BOTH send a response. Stealthed ports never do. For closed ports, the hacker still finds your host but simply finds nothing is listening on that port. That is NOT the same as never finding the host in the first place. If you want to stand stoic while someone hurls a lump of juicy crap at your face and then rely on a teflon coating to keep you clean, go for it. The rest of us would prefer to duck out of the way.


    --
    ______________________________________________________________________
    Post replies to newsgroup. Share with others. E-mail not accepted.
    ______________________________________________________________________
    *Vanguard*, Apr 1, 2004
    #10
  11. His Boy Elroy

    Bit Twister Guest

    On Thu, 1 Apr 2004 16:49:02 -0600, *Vanguard* wrote:
    > "Colonel Flagg" said in
    > news::
    >> "stealth" is a non-term. it's meaningless, much as all of grc is.

    >
    > Guess you have a real problem understanding that stealth means NO
    > response is returned where open and closed ARE responses. Reporting
    > a port as closed clearly identifies that there is a host at that
    > probed IP address. That in itself identifies to the hacker that a
    > host DOES exist at that IP address. Stealthed, in returning NO
    > RESPONSE, tells the hacker nothing!


    Sorry you do not understand.

    The fact that there is no response tells us that there is a computer
    on and it is not responding. If the computer was off/not connected,
    that computer's gateway will tell me there is not a computer at that address.



    PS:
    It would be considerate of you to set Microsoft Outlook Express to
    line wrap at 72 characters. Feel free to use any of the over 400
    test newsgroups (groups ending in .test) to fixe it.
    Bit Twister, Apr 2, 2004
    #11
  12. His Boy Elroy

    *Vanguard* Guest

    "johns" said in news:c4hrdl$2ir$:
    >> 1. I've been thinking of trying out F-Secure as my Firewall,

    >
    > We are using f-secure virus software running off our "virus"
    > server that is updated by f-secure constantly. It has been
    > first rate, and we chose it because ALL of the other brands
    > failed in our tests. We are now working on f-secure firewall.
    > This is a big lan, and security is a serious issue here. I'll let
    > you know how the firewall does once it is up. It will offload
    > from the server to clients just like the virus programs do.


    Hmm, did you ever publish your analysis. I'd be interested in reading it. I'd like to know how the other failed, and what the others were.

    <snip>
    > good thing to do is stay the HELL off DSL ! I simply
    > cannot believe home users would leave a connect open
    > like that. Pure stupidity BIGTIME ! Use a 56k modem
    > and have your ISP enable Postini on your email account.


    Oh, yeah, like I'm going back to super-slow dial-up access. Not! Smarter to just disable your network connectoid when you leave and reconnect it when you return. You can follow http://support.microsoft.com/?kbid=262265 on how to use commands for shortcuts to disable your LAN connection. However, obviously you then don't believe you have a very good firewall if you have to instead kill the connection to protect your firewall from doing its job.

    > Big hacks simply can't get down quick enough that you
    > can't turn your computer off. On DSL, you are doomed.


    Neither can anything else get down quick. Downloads, web browsing, e-mail, and every other reason you decided to get on the Internet.

    > If I catch anyone in my labs running AIM, I kick them out of
    > there right then. I also gpedit the .exe so AIM cannot run ever.
    > I've got a list of scumware that I have gpedited off my systems.
    > You are wide open running that garbage.


    I don't use IMs, either. As I recall, MSN Messenger had the option to permit uploads and downloads presumably using its own ports and maybe even proprietary protcols. This made a backdoor for virus infiltration. I've never felt enamored as are other in instant messaging. I didn't want a beeper, either, when those were big. Now it's cell phones and I don't want that, either, so I can be at someone else's beck and call.




    --
    ______________________________________________________________________
    Post replies to newsgroup. Share with others. E-mail not accepted.
    ______________________________________________________________________
    *Vanguard*, Apr 2, 2004
    #12
  13. His Boy Elroy

    *Vanguard* Guest

    "Bit Twister" said in news::
    > On Thu, 1 Apr 2004 16:49:02 -0600, *Vanguard* wrote:
    >
    > Sorry you do not understand.
    >
    > The fact that there is no response tells us that there is a computer
    > on and it is not responding. If the computer was off/not connected,
    > that computer's gateway will tell me there is not a computer at that
    > address.



    How does a gateway or anything upstream know the difference between:

    1. A computer that does not exist so obviously it cannot respond.
    2. A computer that exists but is disconnected so it obviously cannot respond.
    3. A computer that is connected but is turned off so obviously it cannot respond.
    4. A computer turned on and connected but does not respond.

    If the there is no response, how do you know it is there? It's not my job to wander into the offices of my ISP and modify their network to provide a firewall for their gateway. They'll have to take care of their own security. I can only protect myself up to the service point for the Internet connection.

    In each case, there was no response. So what "backdoor" are your referring to that can find a computer despite the lack of any response? I'd really like some details or explanation rather than vague statements. I'm willing to learn but you need to convince me.

    exists but is turned off, and one that is turned on but never responds?
    *Vanguard*, Apr 2, 2004
    #13
  14. In article <>, no-email@post-reply-in-
    newsgroup.invalid says...
    > "Bit Twister" said in news::
    > > On Thu, 1 Apr 2004 16:49:02 -0600, *Vanguard* wrote:
    > >
    > > Sorry you do not understand.
    > >
    > > The fact that there is no response tells us that there is a computer
    > > on and it is not responding. If the computer was off/not connected,
    > > that computer's gateway will tell me there is not a computer at that
    > > address.

    >
    >
    > How does a gateway or anything upstream know the difference between:
    >
    > 1. A computer that does not exist so obviously it cannot respond.
    > 2. A computer that exists but is disconnected so it obviously cannot respond.
    > 3. A computer that is connected but is turned off so obviously it cannot respond.
    > 4. A computer turned on and connected but does not respond.
    >
    > If the there is no response, how do you know it is there? It's not my job to wander into the offices of my ISP and modify their network to provide a firewall for their gateway. They'll have to take care of their own security. I can only protect myself up to the service point for the Internet connection.
    >
    > In each case, there was no response. So what "backdoor" are your referring to that can find a computer despite the lack of any response? I'd really like some details or explanation rather than vague statements. I'm willing to learn but you need to convince me.
    >
    > exists but is turned off, and one that is turned on but never responds?
    >
    >




    There are situations when computers with filtered and/or closed ports
    whereby a malicious person, using a specially crafted script/exploit can
    hit a firewall/computer on certain ports in a particular sequence then
    get said firewall/computer to open another port. The ports that are
    sequentially hit are NOT open, the kernel and/or firewall program
    listens to all ports, some are not responded to, some are not passed on,
    yet the core piece of software for the firewall or the kernel itself
    monitors the ports, the sequence is the key. If the sequence is exact,
    within a certain amount of time, port X opens and runs a daemon process
    or allows passage, allowing the malicious user to enter the system or
    network.

    "stealthed" is a popular term coined recently, not by networking
    professionals, by those in marketing, to feed the masses of ignorant
    computer users that don't really understand closed, open and filtered.
    just because you found a definition for it that you understand, that
    relates to computers, doesn't mean it's been there forever and it's a
    real world term.

    the term "stealth" itself doesn't mean "completely hidden", it means
    "something that's there, but hard to see". duh? closed means it isn't
    there, open means it's there, filtered means it's there, but not
    everyone can get to it.


    stealth (st lth)
    n.
    The act of moving, proceeding, or acting in a covert way.
    The quality or characteristic of being furtive or covert.
    Archaic. The act of stealing.

    adj.
    Not disclosing one's true ideology, affiliations, or positions: a
    stealth candidate.
    Having or providing the ability to prevent detection by radar: a stealth
    bomber; stealth technology.


    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Apr 2, 2004
    #14
  15. His Boy Elroy

    Rambler Guest

    He would, wouldn't he - and who are YOU anyway?


    On Thu, 01 Apr 2004 18:31:56 GMT, David Postill <>
    wrote:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >In article <>, on Thu, 01 Apr 2004 17:36:25 +0100, Rambler
    ><> wrote:
    >
    >| On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <>
    >| wrote:
    >
    ><snip />
    >
    >| Hardly surprising that Mr.Gibson heartily
    >| recommends ZoneAlarm, when he owns the company that markets it, though
    >| he pretends he's just an enthusiastic user.
    >
    >Your evidence please?
    >
    >I note that regardless of your opinions (just who are you anyway?)
    >Steve clearly states he has no connection with any firewall company.
    >
    >On <http://grc.com/lt/leaktest.htm> he says:
    >
    >"My Role
    >It is for all of these reasons that I have decided to assume an active and vocal position as an
    >unbiased third-party
    >evaluator of the technology and security of personal software firewall products.
    >
    >For the record, I have NO INTEREST in any of these vendors.
    >I have NO undisclosed relationship of any sort with any person,
    >company or entity, and no hidden agenda creating bias of any kind."
    >
    ><davidp />
    Rambler, Apr 2, 2004
    #15
  16. His Boy Elroy

    Rambler Guest

    On Thu, 1 Apr 2004 15:39:30 -0600, "*Vanguard*"
    <> wrote:
    <snip>
    And your testing had the browser running AFTER your firewall, right?
    The browser test is just that, a *browser* test. If your firewall is
    blocking Referrer than obviously Gibson's test, or anyone else's,
    won't see it. Boy, do you stretch the truth - to the point of a lie!
    Your browser can send information that IT has. Obviously all the HTTP
    headers are available because YOU connected to HIS web site. So when
    you go to his Shields Up web page and click on the button to
    interrogate what your browser will reveal itself (which your firewall
    may or may not block some of it), just where on that page do you see
    him discuss credit card information?
    <snip>

    I didn't see anything about credit card information, what I saw was
    >>>

    your browser "can send ANY information it LIKES about YOU or your
    computer" (My caps)
    >>>


    It sends what it's asked to, with very strict limitations. It's hardly
    a security breach, for a webserver to know my browser name, or screen
    resolution. I wasn't talking about the results of the test, just what
    he says on that page. It's hysteria.

    -------------------------
    Rambler, Apr 2, 2004
    #16
  17. His Boy Elroy

    *Vanguard* Guest

    "Rambler" said in news::
    > your browser "can send ANY information it LIKES about YOU or your
    > computer" (My caps)
    >
    > It sends what it's asked to, with very strict limitations. It's hardly
    > a security breach, for a webserver to know my browser name, or screen
    > resolution. I wasn't talking about the results of the test, just what
    > he says on that page. It's hysteria.


    The other sites I provided show that the restrictions are not very limited. Depends on how you configure the browser and what updates you have applied.

    I'm still trying to find Gibson's web page that says what you said it did. When I go to Shields Up and click on the button for the browser test (unfortunately he doesn't want anyone linking into his web site so I cannot provide a URL), so you'll have to tell me your navigation to whatever page it was where you saw this statement. From the home page, to the one when you click the Shields Up, to the one with the test button panel, to the one after clicking on the Browser Headers test button, there was no find when searching on "likes". I did a Google site search on "likes" and still found nothing stated by him that you claim.

    If Gibson made such a statement, it is wrong but only in that in one sentence such a statement is obviously not meant to encompass all the details, so context is always important in any communication. If you can find where this statement exists on his web site, and if you don't want to, then I'll send Steve an e-mail telling him that it is too wild a one-sentence statement.

    So show me, please.
    *Vanguard*, Apr 2, 2004
    #17
  18. His Boy Elroy

    *Vanguard* Guest

    "Rambler" said in news::
    > He would, wouldn't he - and who are YOU anyway?


    He's someone asking you to independently validate your claim that Steve owns ZoneAlarm. And still you don't provide proof. Yep, another unsubstantiated Gibson basher.
    *Vanguard*, Apr 2, 2004
    #18
  19. In article <>, on Fri, 02 Apr 2004 19:21:52 +0100, Rambler
    <> wrote:

    please don't top post.

    | He would, wouldn't he - and who are YOU anyway?

    You have not answered my question - I asked for your evidence that Steve Gibson
    owns the company that markets Zone Alarm.

    As for who I am, I use my real name when posting.

    | On Thu, 01 Apr 2004 18:31:56 GMT, David Postill <>
    | wrote:
    |
    | >-----BEGIN PGP SIGNED MESSAGE-----
    | >Hash: SHA1
    | >
    | >In article <>, on Thu, 01 Apr 2004 17:36:25 +0100, Rambler
    | ><> wrote:
    | >
    | >| On Thu, 1 Apr 2004 10:27:44 -0500, "billh" <>
    | >| wrote:
    | >
    | ><snip />
    | >
    | >| Hardly surprising that Mr.Gibson heartily
    | >| recommends ZoneAlarm, when he owns the company that markets it, though
    | >| he pretends he's just an enthusiastic user.
    | >
    | >Your evidence please?
    | >
    | >I note that regardless of your opinions (just who are you anyway?)
    | >Steve clearly states he has no connection with any firewall company.
    | >
    | >On <http://grc.com/lt/leaktest.htm> he says:
    | >
    | >"My Role
    | >It is for all of these reasons that I have decided to assume an active and vocal position as an
    | >unbiased third-party
    | >evaluator of the technology and security of personal software firewall products.
    | >
    | >For the record, I have NO INTEREST in any of these vendors.
    | >I have NO undisclosed relationship of any sort with any person,
    | >company or entity, and no hidden agenda creating bias of any kind."
    | >
    | ><davidp />

    <davidp />

    --
    David Postill
    David Postill, Apr 3, 2004
    #19
  20. His Boy Elroy

    Jim Watt Guest

    On Fri, 02 Apr 2004 19:21:52 +0100, Rambler <> wrote:

    >He would, wouldn't he - and who are YOU anyway?


    top posting sucks.

    I also recommend ZoneAlarm and like Steve Gibson's
    website and software. I own neither and don't feel so
    insecure as to to hide behind an alias.

    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Apr 3, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dale Brisket

    A couple of T-Bird questions

    Dale Brisket, Oct 2, 2005, in forum: Firefox
    Replies:
    2
    Views:
    447
    Dale Brisket
    Oct 2, 2005
  2. Thomas
    Replies:
    0
    Views:
    430
    Thomas
    Jan 30, 2004
  3. Bill Matherly Jr

    Re: Couple of newbie Firewall questions

    Bill Matherly Jr, Aug 18, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    484
    Akkrid
    Aug 19, 2003
  4. Mark F
    Replies:
    4
    Views:
    386
    Don Stauffer in Minnesota
    Mar 27, 2008
  5. Mark
    Replies:
    3
    Views:
    351
Loading...

Share This Page