How crucial to PC security is active content blocking by firewalls?

[q1aqza]

On my main PC I am using Outpost Pro and have been very pleased with it. I particularly like and use OP's advertisement and active content filter plugins.

Unfortunately my other PC is quite low spec and OP is little too heavy for it. I have been testing LooknStop 2.05 and Kerio 2.1.5 as they are both so light on resources. Both perform well on the lower spec PC and I think both are powerful programs. However neither of them have the functionality to block ADs or offer blocking of javascripts or VB scripts, etc compared to what the likes of OP, ZAP and Kerio v4 offer.

LnS and Kerio 2.1.5 have such high reputations but, as per the title of my thread, how crucial to PC security is it that you use a program that can block or filter javascript, VB scripts, referrers, cookie control, etc. ?

[pollux]

Quote:

Originally Posted by q1aqza

...how crucial to PC security is it that you use a program that can block or filter javascript, VB scripts, referrers, cookie control, etc. ?

Well, I'd say that filtering active content is a good idea but that it is not necessary to rely on a firewall program to do it.

In fact, there are many choices if you prefer LnS or Kerio 2.1.5. You could run a software proxy like Proxomitron or Privoxy to filter active content. You could also use a hosts file to block sites.

Or, you could use Firefox or Mozilla (to avoid ActiveX, to limit referrer information - set through "about:config," and to control cookies), uninstall Windows Scripting Host or use another filtering program like Script Defender (to avoid VBS), and then add the AdBlock extension to Firefox or Mozilla (to control some javascript per site as well as to block ads).

I've chosen the last of these approaches, with WSH uninstalled completely, along with Kerio 2.1.5, and it's working fine. Once I finished testing different programs and options and settled on the configuration I'm using now, I haven't had to mess around changing things - just the occasional change to AdBlock filters - for quite a while.

pollux

Places to get things:
Proxomitron
http://castlecops.com/modules.php?op...ownload&cid=19
Privoxy
http://sourceforge.net/project/showf...group_id=11118
Script Defender
http://www.analogx.com/contents/down...em/sdefend.htm
WSH Uninstaller
http://www.spywarewarrior.com/uiuc/resource2.htm#WSH-UN
Firefox and Mozilla browsers
http://www.mozilla.org
AdBlock and other browser extensions
http://update.mozilla.org

[Infinity]

Nice Pollux, another great freebie and userfriendly is webwasher another good one but payware is admuncher (onetime purchase - lifetime upgrades)

http://www.webwasher.com/

http://www.admuncher.com/

p.s. we gotta stick on topic here, easy to slip with this sugget though

[pollux]

Quote:

Originally Posted by INFINITY

we gotta stick on topic here

I think it's great to post other web-content filtering options. I tried Web Washer, too (forgot about it, though!), but not AdMuncher, although I've read a lot of good things about it.

However, the point is that it is absolutely not necessary to filter with a firewall.

The sole advantage to the Firefox/Mozilla + AdBlock setup is that it does not require additional resources - this is one of q1aqza's concerns. I share that concern, and that's why I chose a setup that does not involve having another program running all the time.

pollux

[Infinity]

to be quite honest to you both, I have the same setup as q1aqza and I do have a old laptop that cannot stand the 8mb of my Outpost in his small little memory.

so what I did is I installed Kaspersky anti hacker (2.5mb in mem) and I use another software to join him with a pacfile and a host block list. (like mvps or guru's one) this one I can have both of worlds and still not compromise that much (kaspersky also stealthed and progr. control)

Quote:

The sole advantage to the Firefox/Mozilla + AdBlock setup is that it does not require additional resources

this is so true. but IE will never be that safe BUT may I say that IE with sp2 will pass a lot more security tests then without sp2.
still long way to go. ffx/moz is good except for updating your OS if you have m$

Quote:

I share that concern, and that's why I chose a setup that does not involve having another program running all the time

again, so true.

[pollux]

Quote:

Originally Posted by INFINITY

...IE will never be that safe BUT may I say that IE with sp2 will pass a lot more security tests then without sp2.
still long way to go. ffx/moz is good except for updating your OS if you have m$

Well, I probably shouldn't have written that the "sole advantage" to Firefox/Mozilla is lower resource use (when compared to running a browser + a software proxy). There are many advantages to using an alternative browser.

Although it is also possible to learn to secure IE by changing zone options and putting sites in different zones as necessary, and this is another security option, I think it's more work than learning to use another browser. Everyone is different, though.

pollux

[Infinity]

correct Pollux, and a supplement or to complement (how do you want to put it?) is something a lot of people don't think about but like they say you can't fool old scool - I learned a lot with this: SAFE HEX. I guess this is one of the things you are saying. glad we speak the same language

http://www.claymania.com/safe-hex.html

[BlitzenZeus]

I use Kerio 2x, Firefox, and Avast AV. I don't need other programs running to protect me when I have common sense, however Avast is there to scan local disks, and downloads since you never know if that source is clean if its a 3rd party program.

Referrers are not malicious, cookies are not malicious, and things like scripting should be controlled correctly by your browser, not your firewall... Programs that do this are security suites, not firewalls, even though they only carry firewall in the name.

Kerio 2x is a packet filtering firewall with application control, just like LnS, and a true firewall only does packet filtering. The term firewall has been so abused by software firewall makers, and bent into something its not...

[pollux]

Quote:

Originally Posted by BlitzenZeus

Referrers are not malicious, cookies are not malicious, and things like scripting should be controlled correctly by your browser, not your firewall...

Although I agree with everything else in your post, and I too run only a real firewall (as opposed to a suite) and an AV - thanks in part to your contributions in various forums, notably the Kerio forum at BBR - a couple of further words about the quote above:

While I don't think cookies and referrers are malicious, there are privacy benefits to controlling both. Refusing third-party cookies (often of the tracking sort) and removing the referrer for images only (which can also be used for marketing purposes) is at least worth considering. However, I thoroughly agree that it's much more sensible and economical to do this within a browser rather than with additional software. Mozilla and Firefox have multiple settings for both cookies and referrers, as I'm sure you know (but maybe others do not ).

pollux

[q1aqza]

Thanks for the replies. I do use Firefox nowadays but I'm still fairly new to it and haven't yet explored it's funcionality thoroughly - I really should have done.

I think what alerted me to the concern of scripts is reviewing the Outpost active content logs and seeing how much has been blocked.

With regard to LnS 2.0.5 and Kerio 2.1.5, they both seem to have similar strengths but obviously Kerio is free so I guess I'll go with that one on the second PC.

[pollux]

Quote:

Originally Posted by q1aqza

...obviously Kerio is free so I guess I'll go with that one on the second PC.

I highly recommend BlitzenZeus's replacement default configuration ruleset as a starting point for setting up Kerio 2.1.5. You can find the rules along with instructions at the Kerio forum at BBR:
http://www.dslreports.com/forum/remark,8023708~mode=flat

Have fun with it - learning to use Kerio has taught me a lot about how networking and TCP/IP works, although I'm still learning!

pollux

[pollux]

Quote:

Originally Posted by q1aqza

I do use Firefox nowadays but I'm still fairly new to it and haven't yet explored it's functionality thoroughly...

My opinion is that the best way to get into Firefox configuration is to learn to use the different configuration files (user.js, userChrome.js, userContent.css), which are not present in the default installation. This makes updating to new versions of Firefox much, much easier. For example, if you make changes to Firefox in user.js instead of by using "about:config" (typing that command into the address bar of Firefox will give you a list of all sorts of configuration settings that can be tweaked), then you can simply move the user.js file to a new profile as needed.

Here are some sites that explain how to use these configuration files and also give suggestions on useful settings:
http://texturizer.net/firefox/tips.html
http://www.tweakfactor.com/articles/...oxtweak/4.html

An overview of different security settings in Firefox that does not involve the configuration files but instead discusses the settings in "tools -> options," including those for javascript and cookies, can be found here:
http://www.spywarewarrior.com/uiuc/b.../ffox-opts.htm

pollux

[Paranoid2000]

Quote:

Originally Posted by pollux

Well, I'd say that filtering active content is a good idea but that it is not necessary to rely on a firewall program to do it.

In fact, there are many choices if you prefer LnS or Kerio 2.1.5. You could run a software proxy like Proxomitron or Privoxy to filter active content. You could also use a hosts file to block sites.

Proxy filters do usually offer more options and finer control than those offered by firewalls. Proxomitron is also the only one I know of capable of filtering HTTPS traffic (see The dangers of HTTPS for why this is important). However it is critical to ensure that only your browser can access the proxy - there are some firewalls (*cough* Sygate *cough*) which cannot restrict access to proxies so in these cases, running a proxy could allow malware to use it to gain Internet access.

Even if the firewall can be configured to restrict access to proxy servers, it is still possible for a proxy to be hijacked and used to redirect browsers without triggering any alerts (see the Outpost forum Proxomitron default ruleset question thread for a long discussion on this subtle exploit) - only a firewall that verifies incoming connections to local proxies can prevent this (Outpost 2.5 will do so) or a process monitor like ProcessGuard or SSM (which would prevent hijacking in the first place). Therefore using local proxies can require some extra security measures.