any firewall yet?

Discussion in 'Windows 64bit' started by 64bit, Jul 3, 2005.

  1. 64bit

    64bit Guest

    anyone hear of a working firewall yet?
     
    64bit, Jul 3, 2005
    #1
    1. Advertisements


  2. Tiny Software have released a public beta of a 64-bit version their
    free Personal Firewall:

    http://www.tinysoftware.com/home/tiny2?s=5375286922906778942A1&&pg=content05&an=tf64_download

    I don't care for it quite as much as I liked Sygate's 32-bit Personal
    Firewall, but it'll do until something else comes along.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 3, 2005
    #2
    1. Advertisements

  3. Andre Da Costa [Extended64], Jul 3, 2005
    #3
  4. OK, I'm going to say this again. What do you _really_ need beyond Windows
    Firewall? I'm not saying there couldn't be a good case for a third party
    firewall, but let's be a bit realistic here. Very few people will actually
    need more than Windows Firewall provides. Especially in x64 Edition, since
    the most serious attacks would require a driver getting installed on the
    machine and the bad guys still use 32-bit drivers. ;)
     
    Charlie Russel - MVP, Jul 3, 2005
    #4
  5. Andre Da Costa [Extended64], Jul 3, 2005
    #5

  6. WinXP's built-in firewall is adequate at stopping incoming attacks,
    and hiding your ports from probes. What WinXP SP2's firewall does not
    do, is protect you from any Trojans or spyware that you (or someone
    else using your computer) might download and install inadvertently.
    It doesn't monitor out-going traffic at all, other than to check for
    IP-spoofing, much less block (or at even ask you about) the bad or the
    questionable out-going signals. It assumes that any application you
    have on your hard drive is there because you want it there, and
    therefore has your "permission" to access the Internet. Further,
    because the Windows Firewall is a "stateful" firewall, it will also
    assume that any incoming traffic that's a direct response to a
    Trojan's or spyware's out-going signal is also authorized.


    I've never heard of any malware needing to install or use hardware
    device drivers. Please provide more information on this new technology.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 3, 2005
    #6
  7. Andre Da Costa [Extended64], Jul 3, 2005
    #7
  8. If rogue software is already phoning home it is too late for a 3rd party
    firewall to do anything but alert you that your system is already owned.

    --
    Larry Samuels MS-MVP (Windows-Shell/User)
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone
    Unofficial FAQ for Windows Server 2003 at
    http://pelos.us/SERVER.htm
     
    Larry Samuels, Jul 3, 2005
    #8
  9. 64bit got up from the bar and shouted: :
    The windows one???
     
    Mark Gillespie, Jul 3, 2005
    #9
  10. Bruce Chambers got up from the bar and shouted: :
    Does it also stop programs reflashing your BIOS, or formatting your
    harddrive???


    Seriosuly, the only real protection is to not get that stuff on their in
    the first place....
     
    Mark Gillespie, Jul 3, 2005
    #10
  11. Andre Da Costa [Extended64], Jul 3, 2005
    #11
  12. Bruce -- First, in all my years of running various versions of operating
    systems, with and without firewalls, and often without AV (try finding an AV
    that will work in Beta 1 of an OS!), I have been hit exactly once by a
    trojan/spyware - a very early version of CWS that came along as a rider on
    another program. No firewall on earth would have stopped that, since I
    initiated the download. OTOH, MSAS would have nailed in before it ever got
    installed. And yes, an outgoing firewall would have told me it was there, but
    here's a clue -- I had no difficulty knowing it was there! Quite the
    contrary.

    My point? If you patch promptly, and you don't have any huge holes in your
    firewall that you added, and you exercise normal due caution and safe
    computing, you really aren't at risk from something like that. And many will
    end up getting caught by the no-execute bit, by the way. (Sasser, for
    example, would have been nailed by no-execute)

    Finally, if you're worried about others using your computer, give them a
    limited user account and don't let them run as admin.
     
    Charlie Russel - MVP, Jul 4, 2005
    #12
  13. too true
     
    Charlie Russel - MVP, Jul 4, 2005
    #13

  14. True. I'm not really too worried about an immediate rush of 64-bit
    viruses (although they'll be along sooner than we like), but most
    ad-ware and spyware are 32-bit, and therefore supported on WinXPx64.
    Until the antivirus and anti-malware vendors catch up and provide a
    decent selection of 64-bit protective offerings, a good software
    firewall is key to early detection.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #14

  15. Which is all the warning needed to root out the malware.

    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #15
  16. No, of course not. That's not what a firewall is for. I suggest that
    you start boning up on the basics of computer security:

    There are several essential components to computer security: a
    knowledgeable and pro-active user, a properly configured firewall,
    reliable and up-to-date antivirus software, and the prompt repair (via
    patches, hotfixes, or service packs) of any known vulnerabilities.

    The weakest link in this "equation" is, of course, the computer
    user. No software manufacturer can -- nor should they be expected
    to -- protect the computer user from him/herself. All too many people
    have bought into the various PC/software manufacturers marketing
    claims of easy computing. They believe that their computer should be
    no harder to use than a toaster oven; they have neither the
    inclination or desire to learn how to safely use their computer. All
    too few people keep their antivirus software current, install patches
    in a timely manner, or stop to really think about that cutesy link
    they're about to click.

    Firewalls and anti-virus applications, which should always be used
    and should always be running, are important components of "safe hex,"
    but they cannot, and should not be expected to, protect the computer
    user from him/herself. Ultimately, it is incumbent upon each and
    every computer user to learn how to secure his/her own computer.


    To learn more about practicing "safe hex," start with these links:

    Protect Your PC
    http://www.microsoft.com/security/protect/default.asp

    Home Computer Security
    http://www.cert.org/homeusers/HomeComputerSecurity/

    List of Antivirus Software Vendors
    http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

    Home PC Firewall Guide
    http://www.firewallguide.com/

    Scumware.com
    http://www.scumware.com/


    So, you propose completely disconnecting the computer from all outside
    contact? That would work, of course, but also render the computer a lot
    less useful.

    If one is going to connect a computer to the Internet, then precautions
    need to be taken, and a good firewall is just one of those precautions.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #16

  17. Thank you for proving my point. You installed it yourself, and the
    Windows firewall could not even have warned you of its presence or
    activity. While no 3rd party firewall could have prevented your
    deliberately (if unknowingly) downloading the malware, it certainly
    would have alerted you to its presence.

    And you can guarantee will absolute certainty that you'll always be
    able to know that malware is present? How? Intuition?


    I agree that it's important to keep an OS patched, but that's hardly a
    panacea. Patches are very often reactive in nature: they're available
    only after (sometimes a long time after) a new vulnerability is
    discovered and exploited.


    Sorry, I don't see the relevance of this comment. Please explain.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #17
  18. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    And let's not forget http://www.grc.com and grc.security at news.grc.com


    - --
    Steve Thompson
    Key ID: 0x495F423B http://pgpkeys.telering.at
    CBEC CFA9 94DB B835 5B86 4F7B 5EFF 6369 495F 423B

    Pre-Installation Guide to Windows XP Professional x64 Edition
    http://home.comcast.net/~stthomp/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCyIr5Xv9jaUlfQjsRAo6XAJ9q88URj01kdqt4mKrRuruKzCQ5gwCeNkv1
    2cAMKqWenwWMAgSHsVHFJaw=
    =vDU1
    -----END PGP SIGNATURE-----
     
    Steve Thompson, Jul 4, 2005
    #18
  19. Most of us that know SG would rather forget GRC and his fearmongering.

    I have the utmost respect for Steve as a coder, but he is a joke as a
    security expert. Some good people do hang out in his forums though.

    --
    Larry Samuels MS-MVP (Windows-Shell/User)
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone
    Unofficial FAQ for Windows Server 2003 at
    http://pelos.us/SERVER.htm
     
    Larry Samuels, Jul 4, 2005
    #19
  20. Andre Da Costa [Extended64], Jul 4, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.