Security Basics mailing list archives
Re: Personal Firewall for Business use
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 30 Oct 2003 17:06:21 +0100
On 2003-10-29 Ivan Hernandez wrote:
Ansgar -59cobalt- Wiechers wrote:[ Windows TCP filtering ] "Application level protection" is ridiculous if the protecting agent is running on the same box. I keep wondering how people can expect software that allows user interaction (like most personal firewalls do) to prevent other (malicious) software from doint whatever it pleases.I would reccomend you to read the good information about on the Gibson Research site at http://www.grc.com Try the information leak utility that's very usefull with all the other toys written in assembly. It's a nice and educational site.
You're kidding me, right? You are not actually saying that you are using some software to protect some other software from the very same malware the other software is supposed to protect you from?
Windows Kernel Filtering will not stop a trojan from making connections on the internet, and that's one of the most important risks on a personal computer.
So what? Most so called personal firewalls (including Zone Alarm) won't do that reliable, so what's the point in using them? Besides I didn't say anything about Windows Kernel Filtering and we're talking about a *server* here.
Most worms are going via email today, and the filter will do nothing with that, but with some application level filtering, like Zone Alarm has, you can catch them before they go to the internet.
Have you even read what I was saying? No! You! Can't! At least not reliably. You probably could if the PF was running with escalated privileges AND your account weren't AND it had no interface to unprivileged users but rather rule-based configuration AND it the malware could not escalate it's own privileges AND wouldn't kill the PF. That's one hell of a lot preconditions for successfully using a software that's supposed to help secure your computer and AFAIK most PFs (including ZA) don't meet them. And I still fail to see why one would want to use a PF on a server. Regards Ansgar Wiechers --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Personal Firewall for Business use NR (Oct 27)
- RE: Personal Firewall for Business use Jonel Rienton (Oct 27)
- Re: Personal Firewall for Business use Meritt James (Oct 27)
- RE: Personal Firewall for Business use Jonel Rienton (Oct 27)
- Re: Personal Firewall for Business use Meritt James (Oct 27)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Oct 27)
- Re: Personal Firewall for Business use Simon Gray (Oct 27)
- Re: Personal Firewall for Business use Ivan Hernandez (Oct 27)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Oct 28)
- Re: Personal Firewall for Business use Ivan Hernandez (Oct 30)
- Re: Personal Firewall for Business use Ansgar -59cobalt- Wiechers (Oct 30)
- RE: Personal Firewall for Business use Dave Swink (dswink) (Oct 30)
- Re: Personal Firewall for Business use Ivan Hernandez (Oct 27)
- RE: Personal Firewall for Business use Jonel Rienton (Oct 27)
- RE: Personal Firewall for Business use David (Oct 28)
- <Possible follow-ups>
- RE: Personal Firewall for Business use Combs, Christopher (Christopher) (Oct 27)
- Re: Personal Firewall for Business use cc (Oct 28)
- RE: Personal Firewall for Business use Prez Misiak (Oct 27)
- Personal Firewall for Business use Sys Sec (Oct 28)
- Re: Personal Firewall for Business use Patrick Dickey (Oct 29)