any firewall yet?

Discussion in 'Windows 64bit' started by 64bit, Jul 3, 2005.

  1. One thing to add to Bruce's synopsis, is if the AV software has been
    properly updated and the AV manufacturer is quick to add new definitions,
    then deliberately downloading a known "malware" package (Trojan, worm virus,
    etc) would be detected during the download and "should" prevent the
    download, but as Bruce points out should it become installed and tries to
    phone home, then the 3rd party software lets you know and if the user takes
    the proper intervention, should prevent spreading.

    --

    Star Fleet Admiral Q @ your Service!

    http://www.google.com
    Google is your "Friend"
     
    Star Fleet Admiral Q, Jul 4, 2005
    #21
    1. Advertisements

  2. The real risk factor to your computer is if someone or something can install
    itself at a level low enough to "own" the box. And hide its own existance.
    That requires administrator or local system privilege. Someone running as a
    regular user account, not local admin, doesn't have the permissions to do
    much damage to the PC. As it is now, in XP, it is annoying to run as a
    limited user account (aka, LUA), but it can be done. In the Longhorn time
    frame, I hope and expect we'll see intelligent privilege elevation that
    allows users to easily and effectively run as a LUA. Ideally, the browser
    will run at an even lower privilege level. Guest would be about right.
     
    Charlie Russel - MVP, Jul 4, 2005
    #22
    1. Advertisements

  3. 64bit

    Jud Hendrix Guest

    There was already a virus specifically for x64, shortly after the
    first beta's were released. The more we write in this group, shows
    that it might be interesting to write viruses for x64.
    So, now y'all be quiet ;-)

    jud
     
    Jud Hendrix, Jul 4, 2005
    #23
  4. 64bit

    Mike Guest

    I have been fortunate thus far even using Norton on an XP32 box and common
    sense to have had no viruses so far. The one thing I do miss about Norton
    firewall is it ad-blocking capabilities. Does anyone no of a 64 bit program
    that will do this as well as Norton or better?
     
    Mike, Jul 4, 2005
    #24
  5. 64bit

    John Barnes Guest

    If you have a good anti-virus program and keep it updated it won't get on
    your system to begin with and you don't then need a firewall which notifies
    you after the fact that one is there and sending something. Since Microsoft
    hounds you about having anti-virus protection on your system, do you think
    that may be why their firewall doesn't check outgoing packets?
     
    John Barnes, Jul 4, 2005
    #25
  6. Actually, it would be better to forget/ignore Gibson, unless one's
    looking for a laugh.

    Gibson is a very poor source for computer security advice. Gibson
    has been fooling a lot of people for several years, now, so don't feel
    too bad about having believed him. He mixes just enough facts in with
    his hysteria and hyperbole to seem plausible. Despicably, Gibson is
    assuming a presumably morally superior pose as a White Knight out to
    rescue the poor, defenseless computer user, all the while offering
    solutions that do no good whatsoever.

    Perhaps you should read what real computer security specialists
    have to say about Steve Gibson's "security" expertise. You can start here:
    http://www.grcsucks.com/


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #26
  7. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    Additionally, I might add, I never ever ever run as an administrator on
    my machine unless I'm doing maintenance or installing software.
    Otherwise I run as a user in the Power Users group with tight privacy
    settings in my browser. Also I have custom browser settings to disable
    Install On Demand for both IE and Other. These are just some of the
    settings that I have my browser set to. Another advanced setting that I
    have is, Do not search from the Address bar. This prevents me from
    typing a mistaken URL and ending up at a site which may be harmful.

    Moreover, I've disabled Use simple file sharing so that I can easily
    restrict or elevate my privileges to the files and folders I choose.

    Cheers,

    - --
    Steve Thompson
    Key ID: 0x495F423B http://pgpkeys.telering.at
    CBEC CFA9 94DB B835 5B86 4F7B 5EFF 6369 495F 423B

    Pre-Installation Guide to Windows XP Professional x64 Edition
    http://home.comcast.net/~stthomp/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCyU3pXv9jaUlfQjsRAm4WAJ9JSBOfNj1I+ZUE6dJOCG5I+qiNsQCfcLlf
    ltijNoZnXyOtM/FtUwruAB8=
    =1rSp
    -----END PGP SIGNATURE-----
     
    Steve Thompson, Jul 4, 2005
    #27

  8. Ah, I see. Yes, this is true, although I can point out any number of
    cases where users running with normal privileges (i.e., neither as
    administrators or as power users) have still managed to load all sorts
    of ad-ware and spy-ware. There's a great deal of malware out there that
    doesn't require elevated privileges to install and run. Granted, these
    annoyances are pretty much limited to the profile of the user who
    downloaded them, and are relatively easy to clean up, but they're still
    a great nuisance.


    Now, I do find running WinXP with limited privileges annoying, but
    that's only because I'm accustomed to the convenience. For regular
    users, I don't think that it's all that inconvenient: they're not
    continually changing/modifying systems settings or experimenting with
    various utilities, etc.




    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #28
  9. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    As far as Steve Gibson himself goes, I don't follow his publishings and
    so on. I use the newsgroups that he offers which I have found to be
    quite useful. As with all of the postings on his groups, and as well as
    others, I can discern was is genuine or not. One can really learn a lot
    about security and privacy from the many individuals that post there.

    - --
    Steve Thompson
    Key ID: 0x495F423B http://pgpkeys.telering.at
    CBEC CFA9 94DB B835 5B86 4F7B 5EFF 6369 495F 423B

    Pre-Installation Guide to Windows XP Professional x64 Edition
    http://home.comcast.net/~stthomp/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCyVAZXv9jaUlfQjsRAk+sAJ0RhXUgjq8FwEkI8PAeUGGYr80fYACfQnF4
    gZ46SPVj1ZH+YgP5ijy7Jxo=
    =7cjp
    -----END PGP SIGNATURE-----
     
    Steve Thompson, Jul 4, 2005
    #29

  10. That's not necessarily true, at all. By it's very nature, an antivirus
    application is almost entirely reactive. It cannot protect against new
    threats that have not yet been discovered, reverse-engineered, and the
    necessary defense added to the virus definition mechanism. While a
    firewall isn't a cure-all, it's an added layer of protection.

    Remember: Most antivirus applications do not even scan for
    or protect you from adware/spyware, because, after all, you've
    installed them yourself, so you must want them there, right?


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 4, 2005
    #30
  11. 64bit

    Michael Zerr Guest

    The windows firewall works great, and is just as good as any other 3rd
    party firewall out there.

    If your really paraniod just pick up a $40 router with NAT and Firewall
    support and all your probems will be solved
     
    Michael Zerr, Jul 4, 2005
    #31
  12. Bruce Chambers got up from the bar and shouted: :

    I'm not questioning that a firewall is of no use, but the Microsoft
    firewall protecting incomming connections is all that is required,
    anything that originates from a PC inside your network, is YOUR
    responsibility. If you rely on a outgoing firewall to stop data being
    transferred to all and sundry by spyware/trojan/virus, how do you
    prevent any other kind of attack (hence the bios flashing/hdd wiping
    statement). The only real cure for this, is being vigilant and common
    sense practices, having a firewall protecting your outgoing data is not
    really fixing the real problem here, it's merely plugging one of many
    holes than can be eploited by having malware on your system..

    I have never bothered with any outgong firewall, simply relying on a
    decent AV solution, Windows Firewall, and my router NAT traversal. I
    regularly do a spyware and AV scan, and all incoming mail is scanned.

    I have never had spyware, virus or any other form of nasties, despite my
    system being online 24x7 and in pretty much constant use (but deal with
    other peoples problems on a daily basis)..

    If only someone would sell common sense in a box....

    Indeed, but as explained, a outgoing firewall is not fixing the root
    cause, only a symptom...
     
    Mark Gillespie, Jul 4, 2005
    #32
  13. Granted, these annoyances are pretty much limited to the profile of
    I'd say more of a minor nuisance. See how fast I can rip out a user's profile
    completely. And all the stuff that came with it. :)
    The issue is the difficulty of switching personalities when maintenance does
    need to be done. And all sorts of applications are seriously ill-behaved and
    can't even run without elevated privileges. But I know this is something that
    has had a lot of talk inside MS and I would be surprised if there were
    serious changes and improvements in this area going forward.

    Charlie.
     
    Charlie Russel - MVP, Jul 4, 2005
    #33
  14. Andre Da Costa [Extended64], Jul 4, 2005
    #34
  15. Andre Da Costa [Extended64], Jul 4, 2005
    #35

  16. How? It pays absolutely no attention to unauthorized out-bound
    traffic. From this viewpoint, the WinXP firewall is *not* "good enough.
    It's absolutely useless.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Jul 5, 2005
    #36
  17. 64bit

    Jed Guest

    I have to say am very surprised at the near majority of responses in
    this group stating that antivirus with no firewall or only the Windows
    XP firewall is sufficient protections for the average user. Or,
    arguments that x64 is so new, there can't possibly be any viruses or
    trojans or root kits available for it yet and probably won't be any
    time soon. Let's see, Google just launched a streaming video service
    recently and within 24 hours, it had been hacked. I'm sure their
    security was pretty high right off the bat. Some hacks are done for
    profit, most probably are done for prestige and hacking x64 would be a
    coup and someone is likely working on it right now.

    Have I imagined the reports of zombied proxy machines being used by
    hackers to spew spam or to anonymize their attacks on other machines?
    Have I imagined the news reports of widespread virus infections?

    I've heard the anti-firewall refrain before but primarily from
    Linux/Unix bigots who don't think anyone should be using Windows in
    any form. I'm surprised to see it here. I'm worried that because
    Windows in all its forms has been attacked so often, sometimes without
    merit, for its security flaws that there may be a defensiveness that
    has some overestimating the ability of the XP firewall.

    In defense of my comments, I'll note that, other than dabbling in
    Linux and BeOS on my home machines, and working with Solaris and BSD
    machines at work, I've always had Windows on my home machines starting
    with 3.1.

    How many average users know it's not wise to connect directly to their
    DSL or cable modem rather than through a router? I note that the x64
    Security Center now nags you if you don't have antivirus installed or
    the firewall turned on. I assume that's in SP2 for 32-bit as well. I
    wonder however what the depth of SP2 upgrades is among most users.
    Comcast, my provider, has a justifiable reputation as having the most
    zombied (oWneD) machines of all providers spewing spam and probes all
    over the net. Yet simply adding a router and enabling an
    incoming/outgoing firewall makes your machine(s) pretty safe.

    I wonder how many have taken a look at sites like the Internet Storm
    Center:

    http://isc.incidents.org/

    which documents the frequency and intensity of various hacking
    attacks. It's hard to believe that after doing a little research one
    would not want to have all the protection possible, both incoming and
    outgoing.
     
    Jed, Jul 5, 2005
    #37
  18. Hi Jed,

    It could be that most of us stating that the XP firewall is sufficient KNOW
    how to protect ourselves as we deal with security issues on a daily basis.

    Why would I need a 3rd party firewall to alert me to outbound connection
    attempts when the system logs provide the same info?

    You are logging your system, aren't you? Read the logs and you will find all
    the info you need.

    --
    Larry Samuels MS-MVP (Windows-Shell/User)
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone
    Unofficial FAQ for Windows Server 2003 at
    http://pelos.us/SERVER.htm
     
    Larry Samuels, Jul 5, 2005
    #38
  19. 64bit

    Jed Guest

    I'd like to think that I know how to protect myself as well, as in the
    last ~17 years of being online, I've never had a Windows system
    compromised. But over the last 6 years or so, the stakes seem to
    changed with many more attempts and more widespread unprotected
    broadband connections.
    Yes, I log, but I prefer knowing with a bit more immediacy when such
    attempts are made. A firewall provides nearly instantaneous
    notification of unauthorized incoming/outgoing attempts. For example,
    I downloaded a demo of a invoicing system for small businesses
    recently. On startup, the program attempts to call home. Probably for
    legitimate reasons, but perhaps not, so the firewall notifies me of
    this attempt while blocking it until I OK it or block it. Using the
    system logs, I would see that the connection was made after the fact
    and could block future connections but by then, the damage could have
    been done. I also use tcpview and networkActiv as occasional checks on
    current network activity.

    I don't think I'm particularly paranoid and I don't see where an extra
    level of protection can be seen as superfluous or unnecessary.
     
    Jed, Jul 5, 2005
    #39
  20. No one that I saw suggested that no firewall was required. What was
    suggested, and I was the first, was that the Windows Firewall was actually
    quite good and sufficient for the vast majority of users. After reading the
    ensuing thread, I haven't changed that opinion one iota.
     
    Charlie Russel - MVP, Jul 5, 2005
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.