Avast or Zone Alarm using proxy server?

Discussion in 'Computer Security' started by Zak, Feb 13, 2005.

  1. Yes, his ideas would be fine for him, you, and me, who know how this
    stuff works, but not a good idea for, as an example, a granny who just
    got her first computer so she can email the family. I can not picture
    phoning up my 85 year old mother who lives 250 miles away, and telling
    her to uninstall the firewall, use Internet Explorer, and get a packet
    sniffer. I gave Mom her first-ever computer for her 80th birthday.
    I never said he was a wacko, just that his advice for newbies is
    insufficient.
     
    Beauregard T. Shagnasty, Feb 16, 2005
    #41
    1. Advertisements

  2. Zak

    Roger Wilco Guest

    He's not all wrong - and I wonder why he makes a distinction between
    XP's firewall and another. Anybody serious about security will have a
    dedicated firewall device not some software running on the machine that
    hopes to be protected. He is absolutely correct about not battling
    security with complexity.
     
    Roger Wilco, Feb 16, 2005
    #42
    1. Advertisements

  3. Zak

    Gerald Vogt Guest

    We never talked about a specific group in particular for which other
    means may be necessary and required. We talked about the average which
    is not completely computer-illiterate. And if you write that you "know"
    that an application does not send data into the internet because your
    out-going firewall did block something, that it is obviously about you
    and not your granny.

    And in respect to the group you focused on here, grannies and newbies, I
    strongly do not recommend the simple use of a commercial PFW: PFWs ask
    so many questions that no newbie can answer correctly. A newbie does not
    know much about security. He cannot accurately answer questions
    regarding security. I know of know PFW that does properly help newbies
    in particular. A newbie should have a computer that is closed down as
    far as possible. I should be set up in a way that he runs only as
    limited user, cannot install anything and cannot reconfigure the system.
    The security system basically should say nothing and just protect the
    user. The only reasonable messages would probably a AV messages when you
    downloads a virus or browses to an infected site. That would help the
    learning process, but only if the warning would include something like:
    "you were lucky this time. be more careful. the probability that the
    anti-virus will recognize the threat the next time is 50% so don't play
    russian roulette". Windows Update and similiar should just run fully
    automatically. This list goes on and on and on...

    A newbie computer has specific security requirements which by far are
    not answered by a PFW/AV. But that is what is sold: just install our
    software are you will be perfectly safe. And this does not promote what
    is most important in respect of security: the person sitting in front of
    the computer should be careful of what he does.

    You where the one who wrote "You surely have strange ideas, which I
    would not recommend to anyone." You were the one who wanted to give
    general advice to everyone. We never talked about a specific newbie or
    granny...

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #43
  4. Zak

    Gerald Vogt Guest

    Which firewall do you mean with "another"? If you mean a PFW then I
    mentioned that most/all PFWs deeply modify Windows, many of these
    changes cause often trouble with other software (I am not even talking
    about configuration problems that basic PFW users generally solve by
    temporarily turning it off.)

    In general, I would say you are right. I think a hardware firewall is
    preferable to a software one on your computer. But in this thread we
    started off with PFWs so this is the mainly focus. A general security
    concept does consist of many things. And in particular there is no
    security concept for all people. It always depends on the scenario. If
    you only have one computer and you want to browse a little and send a
    couple of e-mails you would for example not even need a firewall if you
    configure the computer properly and be careful.

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #44
  5. Zak

    Gerald Vogt Guest

    It is not about whether they work or not. It is about how you drive with
    airbags on board or not. In general, people tend to risk compensation.
    If they have some more security stuff they risk more because they have
    it. The overall security does not improve because of added risky
    behaviour. If you think that with your super-secure car that has airbags
    and all the other security "features" for $20000 you can drive with
    200km/h full frontal against the wall then you have a classic case of
    risk compensation.
    Yes. But was does the average joe does when his PFW does actually report
    that malware XYZ tries to send data to the internet? He is so happy that
    he has this fantastic feature, blocks the traffic and continues to
    browse for another P2P software to install next... Why bother, they are
    safe anyway. And he think he _knows_ because of that message for sure
    that you blocked the malware completely and that it does not tunnel
    information through IE for example. And once he one "successful" block
    of a data transmission he also assumes - for whatever reason - that any
    other malware will be blocked, too, which again is wrong because there
    is sometimes malware that is more clever.

    Look into forums or newsgroups where people ask for help. They sometimes
    post hijackthis logs containing more than 20 viruses, ad/spywares etc.
    They write they don't understand how that happened. They installed a PFW
    and AV. Always blocked everything possible. Still they got infected and
    they don't know how. And then they read about Spybot, Ad-Aware and all
    this other stuff and ran it over their system. They used all available
    virus-scans on the internet. They cleaned everything that any of these
    programs suggested should be cleaned. But in the end, still they don't
    understand why there computer is still compromised. When you tell them:
    if your computer is compromised the only safe thing to do is to take the
    Windows CD, boot from it, and format the hard disk, they don't want to
    hear that either...
    That is a silly question. Anything can fail to any given time. A sniffer
    is a fairly simple device and if you put it into the wire, all traffic
    has to go through it. Due to the simplicity it is harder to make it all
    wrong. There may be bugs there, too, but that is true for any soft- and
    hardware, for anything actually.
    No. I do not condemn application firewalls. I said that the current PFWs
    do mess with the system. Again: look at your PFW. Look how many registry
    entries it created. Look how much DLLs and EXEs it installed. Look how
    much it modified in your system. It is a well established fact that PFWs
    in particular have a deep impact on the system. This has nothing to do
    with "application firewalls".

    The biggest problem is the concept to control traffic on the machine
    itself on which the malware runs at the same time and to believe this
    will work perfectly.
    You don't have XP SP2. Correct?

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #45
  6. Zak

    Martin Guest

    No, I just expect programs that make a certain claim to live up to that
    claim - oh, hang on, isn't that YOUR point???

    I run Zone Alarm Pro (because Windows XP SP2 Firewall wasn't doing the job I
    wanted or needed it to do), Ad-Aware and Spybot, and Avast Pro, all of which
    update regularly as does Windows XP using auto-update. On top of that all
    computers run behind a router anyway. Unless I know they are coming,
    attachments in e-mails are deleted or just not loaded off the server, and I
    don't just download anything and run it just for the hell of it!!

    I think you can say I don't just sit back and hope everything is OK and
    certainly don't just rely on any of the above to do the job for me - I am
    constantly monitoring things, checking logs, installing updates, etc.
    However I still like the extra features that ZA offers above what Windows FW
    does, and so far I have found ZA works far better with other things than WFW
    seems to! As I said, I turned off WFW and went back to ZA because even
    after SP2 it still failed to protect in some ways (don't ask me to remember
    full details, I really can't be bothered that much)... Yes, ZA does require
    more user intervention that WFW does, but as many have told you they seem to
    prefer to have that extra feature....
     
    Martin, Feb 17, 2005
    #46
  7. Zak

    Gerald Vogt Guest

    Then you are happy anyway. So good for you. All I said is that there are
    many things in your setup that you don't need. If you want it anyway,
    then you are free to do whatever you do. Many other people do use
    security software in a different way (e.g. thinking two security
    products make everything more secure than one.)
    a) the XP SP2 FW does work - as far I can tell and as far as I read
    reports from others in newsgroups and other places - exactly the way it
    is supposed to work and does exactly what it promises, nothing more, in
    a efficient way. If you, for example, set the SP2 FW to block all ports
    with no exception than all ports with no exceptions are blocked. The
    setting can only be changed by an administrator. (I do not say that
    other malware that the user runs locally and that exploits other
    security vulnerabilites may be able to gain administrator privileges and
    may reconfigure the FW. This is different problem and does not change
    the fact that the SP2 FW does what is promises and nothing else.)

    b) the XP SP2 FW does interfere in general less with other software on
    the computer than any PFW software.

    c) the PFW I had was - as long as I was running it - completely useless.
    It was basically just harassing me with messages of either incoming
    packets going to a dead end anyway or with outgoing connections of
    software checking for updates which I wanted anyway and for which I had
    to regrant permissions after each update. No software on my computer did
    actually unexpected data transmissions. I knew which software does
    connect and where to and how to configure in case I don't want it in
    which case the software did not communicate anymore. On top of that the
    PFW did surely consume 1 GHz of my 2GHz CPU.

    d) I have a backup strategy and am able to restore a working backup in
    case something actually does happen. I won't play around with a system
    that has been compromised and hope I got everything cleaned up. I know
    my system and I know the processes running on it.

    Thus, I never had a case where the SP2 FW failed me to protect and I
    still don't see why in general this should happen except on initiative
    of the user itself.

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #47
  8. Zak

    Julian Guest

    I wouldn't go so far as this, although a couple of years ago I used to
    say it, too. Even if that's all you want to do, there are still various
    things exposed in Windows that can be exploited by an attacker. If
    Microsoft can't even work out how to make Windows safe until after the
    event, how is even the most techno-savvy user supposed to know?
     
    Julian, Feb 17, 2005
    #48
  9. Zak

    Gerald Vogt Guest

    Which things are "exposed"? What do you have in mind?

    At least on XP Prof. it is possible to prevent limited users from
    installing software or DLLs, and configure access rights accordingly to
    prevent most damage. Certainly root exploits may still be possible but
    in most cases root exploits work in a way that no firewall can do
    anything against it. And even then it is still not a compromise of the
    firewall or due to the absence of the firewall.

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #49
  10. Zak

    Julian Guest

    I'm thinking about things like LSASS and UPNP. Okay, those holes have
    been closed now, but who knows if there aren't others? Since they are
    services, they are not necessarily contained by security or policy
    restrictions placed on the user. In any case, few people have sufficient
    understanding of Windows security to lock their systems down.

    Even if they do, many applications, and especially games, don't work
    properly when run under such restrictions. What you are advocating is
    possible only in an organization running XP Pro with a strictly
    controlled environment. For home users (perhaps I've lost the thread,
    but I thought they were mostly what this was all about) that just isn't
    practical.
     
    Julian, Feb 17, 2005
    #50
  11. Zak

    Gerald Vogt Guest

    Few people have sufficient understanding. But they could read
    http://www.ntsvcfg.de/ntsvcfg_eng.html and use the script provided
    there. Regarding lsass und upnp: you do not need them for a simple
    machine for some e-mail and web browsing that is most likely connected
    directly to the internet. If you need them you are in a local network
    and should have a router with firewall installed which won't let traffic
    to these services... But the latter is always the problem: if you need
    a service or if you run a server (let's say your own web server) this
    server may always have security holes. But you should know about the
    risk before you offer a server to the internet and try to keep the thing
    updated. This is a general problem and cannot be avoided.
    It depends on what you want to do and how much your security is worth.
    If you do a whole lot of sensitive stuff on your computer like internet
    banking etc. you should just think about what else you do on that
    machine. And I don't see the limitations in practicality. If you run
    your computer directly linked to the internet you don't need these
    services. Why do you want to use UPnP on the internet? Why do you want
    to use file sharing on the internet? Neither UPnP nor file sharing are
    designed for that and it is just stupid to do so. You won't need these
    services in that scenario. If you have a LAN and you want to use UPnP
    and file sharing etc. then you cannot shut down these services. Get a
    router or use the SP2 firewall to close the ports towards the internet.

    Summary: if you intentionally want to use a service you have to consider
    about the security of this service because you want it. If you run a
    internet server it is your own problem and you should know what you do.
    But generally, for a simple e-mail&browsing computer that you were
    refering to you don't need these services and you can shut them down or
    configure them in a way that they do not accept connections from the
    internet.

    Never just install some PFW software and think this software will make
    everything secure, whatever it will be what you are doing.

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #51
  12. Zak

    Julian Guest

    I agree with you in theory, especialy with regard to the problems caused
    by PFW applications, but that's because I'm a fairly techno-savvy guy
    who doesn't use IE or OE and never visits dodgy websites.

    However, I have a fair bit of experience of dealing with the problems of
    ordinary users. The trouble is, they are so ignorant of the risks they
    face they don't even know that they *should* think about the security
    risks of what they are doing, never mind have the *ability* to think
    about it if someone told them to.

    It's easy to fall into the trap of thinking that what works for us will
    work for other people. It won't, because they don't think like we do. I
    hate PFWs, and think that a lot of what they do, they do because the
    marketing department wants to create an application that looks clever
    and technical and constantly reminds the customer that it's doing the
    job they paid for. The Windows firewall just gets on with the job,
    quietly. (And my SMC router does the same job just as well, with the
    added advantage that no bit of rogue software can quietly disable it
    when I'm not looking.)

    But PFWs *do* help to protect ignorant users from themselves, and it's
    easier to get across the message "use a PFW" than it is to educate
    people to the level where they can avoid the risks by knowing what they
    are doing.

    The PC is an appliance for most people now, like the video, and they
    don't want to know any more about it than what buttons to push to get it
    to do what they want to do.
     
    Julian, Feb 17, 2005
    #52
  13. Zak

    Gerald Vogt Guest

    Those people can install their PFWs and other gadgets and learn it the
    hard way, may it even be the police standing in their door because
    someone is distributing child porn from their computer (which has
    happened). If they want to ignore the signs or just rely on others or a
    particular software it is their own fault (and irresponsible).
    Not in my experience. Most people I know are willing to learn if you
    tell them. They are willing to accept that it is better without a PFW
    and are doing fine. The lack of this extra flashy thing puts a extra
    amount of caution into their actions. No problems there. The only
    problems are those who insist to have a PFW installed: "I cannot print,
    I cannot do browser, I cannot do whatever while the FW is on. Help!".
    And "What is this service? What is that? Do I have to block this? Can a
    admit that?". Well, maybe I just know the wrong people, but the last
    time I looked, the only real problems where with those people that had a
    PFW. The other ones were actually more cautious...
    I believe this "education" is generally not so hard if people are
    willing to accept that it is a learning curve and they should take it
    step by step. Certainly, if the first thing you want to do in the
    internet is find all this cool free xxx sites...

    But to rely on PFWs to protect people from themselves... Does it
    actually matter if their computer is compromised within two days or
    within two weeks? The result is the same: once compromised any security
    software on that system is quickly absolutely useless. Once compromised
    it does not make any difference anymore. In my experience, the only
    thing that PFW really do is to make people think they are safe (and
    invulnerable). They do not look out for "the signs" of a compromise
    because they think if there was something their PFW/AV would tell them.
    Those people without a PFW a more sensitive to what happens. They notice
    if there is frequent network traffic and hard disk activity although
    they are not doing anything. (Worst even, sometimes PFW actually
    produces exactly that, too). With PFWs people don't notice and then
    their compromised computer is actually longer on the internet to do its
    harmful play.

    Make a test: send a hand-written "test"-virus to the people you know. I
    predict: those with all the flashy security software more likely go for
    it and execute it if it comes from your email address than those with a
    proper configuration of their computer.

    So, my opinion: let the ignorant be ignorant. They can buy PFWs or not.
    It does not make a difference. In the worst case, they buy a new
    computer every year because after a year your computer becomes so
    terribly slow with all that undected malware on it. (Where have I read
    that story again...).
    Well, it is time to learn, that it is not. A computer is an extremely
    complex machine. Some people read the manual of their microwave to
    understand how to operate it and that is pretty easy. A computer is kind
    of like all electrical devices in the household combined: the
    super-generic all-purpose machine. Why do they think it's a toaster?

    Gerald
     
    Gerald Vogt, Feb 17, 2005
    #53
  14. Zak

    Julian Guest

    The trouble is, people are sold this complex computer when that isn't
    want they need, or want. What they want is an appliance, something like
    a digital satellite set-top box that just does the things they want, not
    an OS that tries to be all things to all people and was designed in the
    days (and for the kind of environment) when you didn't have to think
    about how any feature might be exploited to cause harm.

    The problem is Bill Gates' plan for world domination and a Windows PC in
    every home. That's not what people need. But that's what they've got. So
    we're stuck with applying band-aids like AV software, and anti-spyware,
    and PFWs in order to make things work.

    Contrary to your experience, many people *don't* want to learn about the
    workings of a computer. And they don't want to accept the constraints of
    safe operating practice like using a non-Microsoft web browser, or
    logging in as a limited user, under which their favorite games don't work.
     
    Julian, Feb 17, 2005
    #54
  15. Zak

    bassbag Guest

    Correct.But who knows what microsofts future platforms might entertain?.I
    admire your convictions ,though i would disagree with them.Ill leave it
    at that.
    regards
    me
     
    bassbag, Feb 17, 2005
    #55
  16. Zak

    Gerald Vogt Guest

    You don't read properly. I am not talking about "convictions". If you
    want to be safe, get a secure Linux distribution. This thread was
    related to Windows security and about Windows users. My comment was an
    attempt to point out what kind of security is possible even on Windows
    if you spend some time (instead of simply spending the time to buy the
    PFW box). Most people are not interested in switching to Linux, which I
    also assumed here. Thus, in the context of this thread we are on Windows.

    You are the Windows fanatic who has to use Windows and needs a PFW to
    protect yourself from yourself and what you are doing (although your
    argument is that you don't trust Microsoft). So, here is my real advice:
    switch to Linux! Are you happy now? You will tell my, "no, I can't
    because I need this&that". But that is again all you own problem.

    So in the context of this thread I pointed out that the SP2 FW does give
    all the security that is really possible. Certainly, there may be
    flaws in that, too. But from the software design point of view I believe
    that the very simple SP2 FW, which implements a very simple but
    extremely crucial aspect of network security, is much safer than the
    huge giant of PFW which is the attempt to put all possible and
    impossible security solutions into one big huge thing. The latter is
    suposed to be much more errorprone that the first. The latter does on
    top of that involve in immense amount of user interaction while the
    first one doesn't. The number of code lines of the SP2 FW is magnitudes
    lower than that of a PFW.

    But the bottom line is: if you need the PFW because you rely on it you
    rely on something that is conceptionally flawed and cannot provide you
    with what the marketing department of the PFW vendor does tell you. It
    is impossible to protect the user from himself in a standard windows
    installation - with or without a PFW.

    Gerald
     
    Gerald Vogt, Feb 18, 2005
    #56
  17. Zak

    Roger Wilco Guest

    XP's firewall. To me XP's firewall is a PFW - just not an aftermarket
    one. Is there something sprcial about XP's firewall that makes it any
    more "real" than any other software running locally?
    I can see how XP's firewall might integrate better. I just wondered how
    XP's could be considered any "better" if you consider that neither are
    "real" firewalls. I understand now the integration with the OS is the
    reason.
    If you know what you are running and what you are exposing to the
    outside, keeping up with whatever security problems come to light with
    them is the hardest thing to do. Aside from that, configuration
    (minimalist) is all you need (and being careful of course).

    PFW's do come with a lot of nifty security related features in addition
    to control of ports, like application control, logging, packet
    inspection etc...but a real firewall sits between and if it gets
    compromised it is THAT machine not the protected one being compromised.
     
    Roger Wilco, Feb 20, 2005
    #57
  18. Zak

    Gerald Vogt Guest

    Sorry I don't follow. "XP's firewall and another" with another = "XP's
    firewall"?
    It's not preferable to a HW FW. But it is magnitude better than a
    standard commercial PFW that does protect the user against everything
    and anything including himself. From the software design point of view
    the XP SP2 FW is much more likely to do what it is supposed to to and
    less vulnerable than a PFW.
    Yes, but these features only work in limited scenarios and are never
    100% secure. The problem is, people rely on things like application
    control and are extremely surprised when you demonstrate how easy it is
    for an application to send data out although the PFW is running. The PFW
    does nice things but you have to know what is actually does and can
    accomplish. The marketing people of PFWs won't tell you that...

    Gerald
     
    Gerald Vogt, Feb 21, 2005
    #58
  19. I do a lot of security work and have never found ZoneAlarm to be the
    problem. Gurus, when consulted by the consumer, always blurt out "firewall"
    before they have a clue.
     
    ROBERT S AMP BA Drake, Feb 21, 2005
    #59
  20. I'll add that a firewall doesn't totally protect you - raises the bar a
    little higher and makes it harder for the perpetrator.
     
    ROBERT S AMP BA Drake, Feb 21, 2005
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.