How crucial to PC security is active content blocking by firewalls?

Discussion in 'other firewalls' started by q1aqza, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    On my main PC I am using Outpost Pro and have been very pleased with it. I particularly like and use OP's advertisement and active content filter plugins.

    Unfortunately my other PC is quite low spec and OP is little too heavy for it. I have been testing LooknStop 2.05 and Kerio 2.1.5 as they are both so light on resources. Both perform well on the lower spec PC and I think both are powerful programs. However neither of them have the functionality to block ADs or offer blocking of javascripts or VB scripts, etc compared to what the likes of OP, ZAP and Kerio v4 offer.

    LnS and Kerio 2.1.5 have such high reputations but, as per the title of my thread, how crucial to PC security is it that you use a program that can block or filter javascript, VB scripts, referrers, cookie control, etc. ?
     
  2. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    Well, I'd say that filtering active content is a good idea but that it is not necessary to rely on a firewall program to do it.

    In fact, there are many choices if you prefer LnS or Kerio 2.1.5. You could run a software proxy like Proxomitron or Privoxy to filter active content. You could also use a hosts file to block sites.

    Or, you could use Firefox or Mozilla (to avoid ActiveX, to limit referrer information - set through "about:config," and to control cookies), uninstall Windows Scripting Host or use another filtering program like Script Defender (to avoid VBS), and then add the AdBlock extension to Firefox or Mozilla (to control some javascript per site as well as to block ads).

    I've chosen the last of these approaches, with WSH uninstalled completely, along with Kerio 2.1.5, and it's working fine. Once I finished testing different programs and options and settled on the configuration I'm using now, I haven't had to mess around changing things - just the occasional change to AdBlock filters - for quite a while.

    pollux

    Places to get things:
    Proxomitron
    http://castlecops.com/modules.php?op=modload&name=Downloads&d_op=viewdownload&cid=19
    Privoxy
    http://sourceforge.net/project/showfiles.php?group_id=11118
    Script Defender
    http://www.analogx.com/contents/download/system/sdefend.htm
    WSH Uninstaller
    http://www.spywarewarrior.com/uiuc/resource2.htm#WSH-UN
    Firefox and Mozilla browsers
    http://www.mozilla.org
    AdBlock and other browser extensions
    http://update.mozilla.org
     
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Nice Pollux, another great freebie and userfriendly is webwasher another good one but payware is admuncher (onetime purchase - lifetime upgrades)

    http://www.webwasher.com/

    http://www.admuncher.com/

    p.s. we gotta stick on topic here, easy to slip with this sugget though
     
  4. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    I think it's great to post other web-content filtering options. I tried Web Washer, too (forgot about it, though!), but not AdMuncher, although I've read a lot of good things about it.

    However, the point is that it is absolutely not necessary to filter with a firewall.

    The sole advantage to the Firefox/Mozilla + AdBlock setup is that it does not require additional resources - this is one of q1aqza's concerns. I share that concern, and that's why I chose a setup that does not involve having another program running all the time.

    pollux
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    to be quite honest to you both, I have the same setup as q1aqza and I do have a old laptop that cannot stand the 8mb of my Outpost in his small little memory.

    so what I did is I installed Kaspersky anti hacker (2.5mb in mem) and I use another software to join him with a pacfile and a host block list. (like mvps or guru's one) this one I can have both of worlds and still not compromise that much (kaspersky also stealthed and progr. control)

    this is so true. but IE will never be that safe BUT may I say that IE with sp2 will pass a lot more security tests then without sp2.
    still long way to go. ffx/moz is good except for updating your OS if you have m$

    again, so true. ;)
     
  6. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    Well, I probably shouldn't have written that the "sole advantage" to Firefox/Mozilla is lower resource use (when compared to running a browser + a software proxy). There are many advantages to using an alternative browser.

    Although it is also possible to learn to secure IE by changing zone options and putting sites in different zones as necessary, and this is another security option, I think it's more work than learning to use another browser. Everyone is different, though.

    pollux
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    correct Pollux, and a supplement or to complement (how do you want to put it?) is something a lot of people don't think about but like they say you can't fool old scool - I learned a lot with this: SAFE HEX. I guess this is one of the things you are saying. glad we speak the same language ;)

    http://www.claymania.com/safe-hex.html
     
  8. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I use Kerio 2x, Firefox, and Avast AV. I don't need other programs running to protect me when I have common sense, however Avast is there to scan local disks, and downloads since you never know if that source is clean if its a 3rd party program.

    Referrers are not malicious, cookies are not malicious, and things like scripting should be controlled correctly by your browser, not your firewall... Programs that do this are security suites, not firewalls, even though they only carry firewall in the name.

    Kerio 2x is a packet filtering firewall with application control, just like LnS, and a true firewall only does packet filtering. The term firewall has been so abused by software firewall makers, and bent into something its not...
     
  9. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    Although I agree with everything else in your post, and I too run only a real firewall (as opposed to a suite) and an AV - thanks in part to your contributions in various forums, notably the Kerio forum at BBR - a couple of further words about the quote above:

    While I don't think cookies and referrers are malicious, there are privacy benefits to controlling both. Refusing third-party cookies (often of the tracking sort) and removing the referrer for images only (which can also be used for marketing purposes) is at least worth considering. However, I thoroughly agree that it's much more sensible and economical to do this within a browser rather than with additional software. Mozilla and Firefox have multiple settings for both cookies and referrers, as I'm sure you know (but maybe others do not :)).

    pollux
     
  10. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks for the replies. I do use Firefox nowadays but I'm still fairly new to it and haven't yet explored it's funcionality thoroughly - I really should have done.

    I think what alerted me to the concern of scripts is reviewing the Outpost active content logs and seeing how much has been blocked.

    With regard to LnS 2.0.5 and Kerio 2.1.5, they both seem to have similar strengths but obviously Kerio is free so I guess I'll go with that one on the second PC.
     
  11. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    I highly recommend BlitzenZeus's replacement default configuration ruleset as a starting point for setting up Kerio 2.1.5. You can find the rules along with instructions at the Kerio forum at BBR:
    http://www.dslreports.com/forum/remark,8023708~mode=flat

    Have fun with it - learning to use Kerio has taught me a lot about how networking and TCP/IP works, although I'm still learning!

    pollux
     
  12. pollux

    pollux Registered Member

    Joined:
    Jan 6, 2004
    Posts:
    84
    Location:
    Grenoble, France
    My opinion is that the best way to get into Firefox configuration is to learn to use the different configuration files (user.js, userChrome.js, userContent.css), which are not present in the default installation. This makes updating to new versions of Firefox much, much easier. For example, if you make changes to Firefox in user.js instead of by using "about:config" (typing that command into the address bar of Firefox will give you a list of all sorts of configuration settings that can be tweaked), then you can simply move the user.js file to a new profile as needed.

    Here are some sites that explain how to use these configuration files and also give suggestions on useful settings:
    http://texturizer.net/firefox/tips.html
    http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html

    An overview of different security settings in Firefox that does not involve the configuration files but instead discusses the settings in "tools -> options," including those for javascript and cookies, can be found here:
    http://www.spywarewarrior.com/uiuc/btw/ffox/ffox-opts.htm

    pollux
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Proxy filters do usually offer more options and finer control than those offered by firewalls. Proxomitron is also the only one I know of capable of filtering HTTPS traffic (see The dangers of HTTPS for why this is important). However it is critical to ensure that only your browser can access the proxy - there are some firewalls (*cough* Sygate *cough*) which cannot restrict access to proxies so in these cases, running a proxy could allow malware to use it to gain Internet access.

    Even if the firewall can be configured to restrict access to proxy servers, it is still possible for a proxy to be hijacked and used to redirect browsers without triggering any alerts (see the Outpost forum Proxomitron default ruleset question thread for a long discussion on this subtle exploit) - only a firewall that verifies incoming connections to local proxies can prevent this (Outpost 2.5 will do so) or a process monitor like ProcessGuard or SSM (which would prevent hijacking in the first place). Therefore using local proxies can require some extra security measures.
     
Loading...
Thread Status:
Not open for further replies.