Main Area and Open Discussion > General Software Discussion

Stop Windows from calling home

<< < (7/11) > >>

Tuxman:
The Windows Firewall is a firewall-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
Wrong, because:

A firewall's main purpose is preventing access to the computer, not preventing the computer from reaching out-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
You can not protect a machine from unauthorized access when running a prevention system on it!


--- ---+------------------+
| teh internetz    |
+---------+--------+
          |
   +------+--------+
   | PROTECTION    |
   +----+----------+
        |
  +-----+------------+
  | The machine that |
  | shall be protec- |
  | ted from OUTSIDE |
  +------------------+
Now do this with a "software firewall". Good luck.

but iirc a limited user account on XP can't modify firewall rules, and on Vista/Win7 you get an UAC prompt?-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
People who use limited accounts and/or the UAC prompt will, like, never have serious system failures caused by malware. They just don't need any extra protection anyway.

Oh, I almost forgot: you've already spouted this nonsen.-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
I was right.

f0dder:
You can not protect a machine from unauthorized access when running a prevention system on it!-Tuxman (January 04, 2010, 05:59 PM)
--- End quote ---
See above:
3) what Josh said - besides the firewall gets the packets before passing them on to the application layer, which is... surprise surprise... the purpose of a firewall. As long as there isn't a severe bug in the TCP/IP stack or the firewall code, this is perfectly fine, even if you're silly and run your box DMZ.-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---

People who use limited accounts and/or the UAC prompt will, like, never have serious system failures caused by malware. They just don't need any extra protection anyway.-Tuxman (January 04, 2010, 05:59 PM)
--- End quote ---
See above:
ever considered what can happen on a LAN or WLAN if one computer gets infected and there isn't a software firewall running on the individual hosts?-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---

Oh, I almost forgot: you've already spouted this nonsen.-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
I was right.-Tuxman (January 04, 2010, 05:59 PM)
--- End quote ---
You were - and are - wrong.

Tuxman:
ever considered what can happen on a LAN or WLAN if one computer gets infected and there isn't a software firewall running on the individual hosts?-f0dder (January 04, 2010, 05:48 PM)
--- End quote ---
A LAN or a WLAN don't actually send data between the clients without requesting them. Infected clients in my network don't make my Windows more insecure. Still talking about nonsense?

f0dder:
Let's try to spell this out, then...

LAN has bunch of computers all without packet filters, and some OS with some 0day service exploit.

One computer gets infects with 0day malware - this can happen for a wide variety of reasons; I've seen the following reasons in real-life situations:

* Infected laptop is brought to school/work/friend's place.
* Moronic uneducated user clicks obviously bad email attachment.
* Uneducated user runs a video codec trojan.
* WLAN is breached - either with the purpose of infecting, or simply to leech internet access.
* User is hit by browser exploit - before blaming IE, consider that IE8 in UAC+Sandbox mode is pretty secure and that most holes are in flash or java.
* User is hit by intentionally inserted malware in warez.
There's a whole bunch of other possibilites as well, some of them more obscure than others, but these are reasons I've all witnessed. It takes one such slip to get an infected host on your LAN... and if that happens, your boxes aren't running PFs, and there's a service exploit... boom, game over. If you've ever tried bringing an XP box pre-SP2 on the internet without 3rd party PF or a NAT'ing router, you'll see how fast this happens with internet traffic.

Fortunately, service exploits aren't that common today - and even better, the PF differentiates between localhost, LAN and WAN... and has relatively reasonable defaults for what it lets get through to which services.

Now, for you a PF might not be of much use, especially if you don't run a WLAN, are the only user on your network, and don't have any friends. But throwing a blanket statement about PFs being useless is plain wrong.

Tuxman:
If you've ever tried bringing an XP box pre-SP2 on the internet without 3rd party PF or a NAT'ing router, you'll see how fast this happens with internet traffic.-f0dder (January 04, 2010, 06:38 PM)
--- End quote ---
Like that Sasser worm? I know it, yep ...  :-\
A well-configured machine is daily patched and does not run any services which just are not needed. Of course, there are always some (rare) exploits for needed services. But there are also exploits for common "firewall software", and I think there are more of them. So, actually, a LAN/WLAN system running a "personal firewall" and the default services is more probably vulnerable than a LAN/WLAN system running only the default services.

Navigation

[0] Message Index

[#] Next page

[*] Previous page