Good firewall prog?

OK. I have my single grain of salt right here. . .

Y'know 2 consecutive conjunctions are not necessary

--indeed, to BEGIN a sentence, you don't need a conjunction at all. . .

As I pointed out in an earlier post in this thread, FIREWALLS DON'T NEED TO BE UPDATED. All they ever add to these thing is BLOAT. Once you have one that works for you, it's good for life.

It appears that Jim Thompson shook an Etch A Sketch before scribbling:

You can block all outbound ports, but then you can't make any connections. It's useful for blocking well-known outbounds, but if you are really worried about programs dialing home, you really need a software firewall that can look at the *application* that is connecting out, because you have to have some ports available for outbound on the router, and a smart program is going to find them based just upon the ports your browser and email programs use.

Sorry for the confusing words there. I did not mean that following those would cause damage, but that RELYING on that (and doing nothing else) would leave you vulnerable.

YES to closing the ports, NO to dispensing with the firewall and router.

I hope it's not that same ONE THING nonsense again. That is, saying you can have only one form of protection.

I once had some spyware try to connect to port 25 (SMTP) on some unknown computer. That particular instance of spyware did no damage because of the firewall.

Otherwise, consider that you don't need to know any burglars personally for it to be worth locking your front door.

--
105 days until the winter solstice celebration

"Today, the theory of evolution is an accepted fact
for everyone but a fundamentalist minority, whose
objections are based not on reasoning but on
doctrinaire adherence to religious principles"
-- James D. Watson

Updates are doing that sort of thing all the time.

I just SAID a year.

--
105 days until the winter solstice celebration

"Today, the theory of evolution is an accepted fact
for everyone but a fundamentalist minority, whose
objections are based not on reasoning but on
doctrinaire adherence to religious principles"
-- James D. Watson

I always block ports 135-139 and 445. These are security problems if allowed on the internet.

--
105 days until the winter solstice celebration

"Today, the theory of evolution is an accepted fact
for everyone but a fundamentalist minority, whose
objections are based not on reasoning but on
doctrinaire adherence to religious principles"
-- James D. Watson

You never know when a program will disable a sw firewall either. And antivirus sw. There are many nasties out there that do for a number of different firewalls and av products. In fact, that's far more likely than creating a service and opening a port. If you know of any nasties that actually do this, let me know.

Art

Garbage. Windows update doesn't do anything of the kind.

I've never had any.

Art

Every time a program tries to access the internet, Zone alarm will ask your permission, but it also has a box for "remember this program" to automatically grant permission.

Netscape and Mozilla's Firefox and Thunderbird all asked for permission to access the net. If I rarely use a program, I don't check the box. If I use it daily, I do.

--
?

Michael A. Terrell
Central Florida

First I've heard about that. I'm sure you don't need IE. But the Windows computers here use ZA only for its outbound features in case of infection, as inbound is secured elsewhere. Even then, it still pays to look through the ZA allowed list once in a while - I found rundll32 in there once! That can be used to run almost anything else...

More confusing language. I guess you mean relying on closing ports. That dioes not leave you vulnerable.

A user who has closed all ports gains no increased security by using a firewall.

I never ever said anything like that. You're making up stories.

So the firewall didn't _prevent_ you from getting hit by spyware. That's the point. Prevention. You make a claim that one _must_ use a firewall, and that's just plain wrong. I went for many years without one, on line all day with DSL service, and never had a problem.

And again, there are many malwares that disable sw firewalls. Once you allow malware to run, software protection goes down the tubes.

Now, I've seen many posts on the virus lists that start off with, "I just disabled my firewall for a short time and ... ", they take hits. If those users had secured their OS in the first place, they wouldn't be dependent on the sw firewall to protect them from inbound. That's that's where I'm coming from, you see?

Using a sw firewall without hardening is like putting a paint job on a auto that needs a engine overhaul. Using a sw firewall after hardening is icing on the cake. No doubt high risk users will gain something by using one after hardening because of situations like you described ... catching spyware trying to call out, etc.

Anyway, this is all much ado about nothing in the eyes of a majority of users who are interested in file/printer sharing. Those users should be using a external router/firewall. And the use of a sw firewall as well does add a little icing on the cake for high risk users who often get hit with spyware and malware, since certainly far from _all_ malware disables sw firewalls :)

Art

Hot fixes, service packs and the rollup? No!Not that I recall ever seeing. Only when adding or activating some new functionality and service need the user beware of the implications along these lines. I point out an example of that sort of thing (activating MSDTC) in my article.

Art

Y'Know, it's unneccesary to say "not necessary" when "unnecessary" suffices.

Art

It appears that Jim Thompson shook an Etch A Sketch before scribbling:

And just as soon as you open outbound ports, those can be used by malicious programs without the router ever knowing about it. All the router knows about is your computer's IP address and what port it is requesting to use. It has no idea what program is making the request.

It appears that Jim Thompson shook an Etch A Sketch before scribbling:

Doh! I thought I had already said I have a Barricade also. The port filtering is not all that different from other routers. I do like the "Deny all except..." or "Allow all except..." starting rules.

In your case, try setting "Deny all..." and then try using a program, such as your browser. You can then go into the Toolbox and View the log to see what port it wants, then set it up in the Outbound Filter rules. Then try another application and do the same thing. Eventually you will have opened a few standard ports and anything else will be blocked (and logged) when access is attempted on a port with no Allow rule.

The advantage to a software firewall over this is that you will be notified

*immediately* when an unknown program tries to access ANY port, even one that you have opened on your router.

I've got one of these.

They work most of the time - but if you've got kids making multiple peer to peer connections, the modem router just dies and has to have its power recycled. Not enough internal memory I guess. I wouldn't buy another one - but then I can't recommend another as they all seem to have undesireable features.

| >>On Sun, 11 Sep 2005 08:24:26 GMT, Robert Baer | >> wrote: | >>

| >>> I know very little about how attacks are actually done. | >>> However, i have prevented a number of processes, and have a long list | >>>in my HOSTS file. | >>> As a result, the GRC ShieldsUP tests show only two open ports for a | >>>Win2k computer: 135 (RPC) and 1025 (COM/DCOM); and show others for the | >>>present Win98SE computer: stealthed 106, 108, 109, 111; open 139 (NetBios). | >>> Now it seems that GRC has a DCOMbobbulator program that might fix the | >>>port 1025 problem. | >>> But what about the others? | >>> If i close the open ports, then would i be very safe? | >>

| >>Yes. If you don't have multiple PCs on a LAN you can close all ports | >>and dispense with a firewall and router. Here's my article with | >>instructions for Win 2K: | >>

| >>

| | >And this is unsafe. You never know when a program will open a port. It | >could do so at any time. | | You never know when a program will disable a sw firewall either. And | antivirus sw. There are many nasties out there that do for a number | of different firewalls and av products. In fact, that's far more | likely than creating a service and opening a port. If you know of any | nasties that actually do this, let me know. | | Art | |

Surenuff, the IRC Trojan that floated around sometime back which used some Mirc DLLs would run a remote control program, open up some ports and send IRC messages to announce it's successful invasion, then remote control software was used to control the system (rconnect.exe seems to ring a bell as the remote control program that was used).

This all happened when I was playing around a bit one night and turned off my firewall (Kerio) for some testing, and forgot to turn the firewall back on, and maybe it was just 1 or 2 nights and the machine was attacked. I am not certain how the Trojan was introduced to the system, tho it might be due to a weak account/password. I do not use the system for any other tasks other than as a router to share a broadband connection. I do not use Mirc for IRC. There you go, one example of how a software firewall that blocks outgoing connections could have prevented an infection. Granted, the lame user account name and weak password were also perhaps part of the problem, but had I not disabled the firewall, the attack would never have succeeded because the port would never have been opened, and the outgoing IRC contact could not have taken place to the perpetrators.

Really? By the time DOS was available they had upgraded the motherboards to 256 KB of RAM. The only IBM PCs I saw with 16 KB were the first five slot cases that used a cassette drive for program and data storage.

--
?

Michael A. Terrell
Central Florida

WOW! Thanks a lot!!

Ther *is* no ethernet connector on my computer, so i will have to see if i can find a serial port router, which i did not know existed. Thanks.