firewall,do your business,don't nag

Discussion in 'other firewalls' started by unnamed, Feb 12, 2008.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Watt, it seems that you can't seem to write an entire paragraph, so you take issue line by line. I hope you enjoy editing my post.

    LUA/SRP is very effective. To infect the machine the user must elevate to administrative to either run a program or more it to an area where it may be run with limited user privileges. Without elevating to administrator it simply can't be done. If you find otherwise, prove it.

    You are inconsistent in your analysis. To some points you attribute to the user a complete lack of sense, on others the user is a security expert able to deal with the most arcane of prompts. So, that makes it possible disagree with everything. OK, I don't have time for that.
     
  2. wat0114

    wat0114 Guest

    Are you upset because I have not agreed with all your statements? You have stated with an almost authoritative tone your dim view on the subject matter. I happen to disagree, at least in part. So what? Sorry, but I have seen real evidence that limited privileges do not outright stop all malware, though the damage can be, admittedly, minimized. No arguments there. As for providing evidence, short of delivering to you via courier the infected machines, it is pretty labor-intensive and impractacle to do so. I'm not making up some story. It happened.

    My apologies for not quoting you in this post, but I saw no need.
     
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Watt you could send me all the machines you want, so I can clean them up for a fee.

    By the way. don't confuse limited privileges with LUA/SRP. The later is much stronger.
     
  4. wat0114

    wat0114 Guest

    That's okay, they were cleaned professionally. You can send me one of those LUA/SRP machines and I'll find someone who can break it with malware :D
     
  5. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Well Comodo sure doesn't fall into this category. It definitely bugs you. I wentback to ZAAS which actually is very quiet. I was think of putting Threatfire along side it.
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden

    I can understand that a LUA/SRP machine can be infected if you willingly install something with admin rights.
    That can happen in even in Linux and MAC.

    You say you have seen it happen. Can you explain a bit more?

    If unnamed doesnt want outbound protection I would say that any firewall (or router) with app control disabled will do. There will be no nagging from the firewall. I personally use XP firewall only in my gaming snapshot. No nag, no problem.
    And If I was afraid that the hackers out there would target me, then I wouldnt use windows at all, I´d go for Linux.
    No nags from the firewall there :) but until I get seriously paranoid, LUA/SRP and a basic firewall will do fine.
     
  7. wat0114

    wat0114 Guest

    Hi sukarof,

    sorry, I can't go into detail and divulge information. The only info I can give - and it's really no help - is that social engineering was involved. Basically, a lack of judgement was involved. I would pm you with the details but I can't take any chances.
     
  8. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    Ok thanks wat0114. No need to go any deeper.
    With enough skilled social engineering - no security software, configuration or OS will save you.
    Maybe I am walking out on the limb here, but I feel pretty safe against that :p
    The important thing for me to know is that windows with LUA/SRP doesn't do anything unless I say so be it legit software or malware. Meaning nothing will sneak in behind my back.
     
  9. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    The trial version of this on my new PC 3 sure has not asked me anything a single time. I nosed around until I found the log and sure enough it is at least watching out for things. You are correct.
     
  10. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    No where near as bad as they use to be.
     
  11. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    This is getting to sound like George Clooney in Michael Clayton. I'm just the janitor. Its easier to clean up the mess if it is small. Then his Mercedes blows up. I feel like that all the time. All these secrets. I have this malware that can do anything. Just send US $5000 to secret bank account #4589745 in the Cayman Islands, and don't expect to hear from me again in this forum:)

    Anyone know what this is: \|/ ?
     
  12. wat0114

    wat0114 Guest

    To the OP, the advice given in posts 2 & 3 is probably the best for you, unless you can find a firewall that will scan your programs, set pre-defined rules for them and hopefully never bug you even once, thereafter.

    Diver, restricted client pcs using lua/srp or limited accounts via power user accounts work for the most part. However, if you consider a large, corporate environment consisting of ~ 2000 pcs, for example, spread across several departments ranging from clerical staff, to human resources, to desktop support, IT support, system technical support, then managers ranging from entry-level to upper tier, it becomes next to impossible to impose full restrictions on all pcs concerned. Even those who have their machines bound in a "nanny state" can often request - and obtain - temporary administrative access to install software required to do their job such as, for example, eprom burning software or a protocol analyer utility. The access is intended to be only for the purpose of installing the software in question for use related to the individual's job, and nothing else. Of course this is where the problems can start. If someone forgets to remove this access from the wrong hands...well, I'm sure you get the picture. It happens because everyone is busy with other things to do and lots on their minds. Even the corporate-level, resident av scanner can miss the malware.

    That is all I will say - and should need to say - on the matter.
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I will expose my personal posture regarding firewalls.
    First, we need to know that firewalls filter network packets first and foremost. Filtering implies applying a criteria/rule. Example, if you have a box of candy and want to filter them, you must establish a criteria (sweet, big, small, w/chocolate, w/fruit, etc). The same occurs with firewalls replacing the candy box with your network environment.
    This means that to successfully operate a firewall and obtain the highest benefits, you must create a precise ruleset according to the network traffic you expect/want. But, to achieve this, you must have a basic background in networking and most people don't have this knowledge. Even worse, nowadays some users expect that their firewall fix the architectural flaws of Windows (where execution rights are a given and code injection is commonplace) and stop a malicious process (which is already in memory) from phoning home/delivering its payload. Want more? The same users who request protection against leaktests request some form of AI (artifitial intelligence) because they become tired of answering pop-ups and/or don't know how to respond.
    Seriously, if you don't know/want (there's nothing wrong with this) to build a strict ruleset matching your network/Internet usage, forget about the leaktest nonsense and choose an option suitable to your needs:
    - An inbound-only firewall: NAT/NAT+SPI modem/router, XP/Vista firewall, Ghostwall/CHX-I/Injoy, etc.
    - Simple allow/deny firewalls: ZA free, OA in standard mode (IIRC), most suites.
    - A firewall with big whitelists (list of known, safe applications with pre-made rules) and IDS/exploit signatures. The best example is NIS.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.