Official Computer Problems Thread

[skidoo]

Quote:

Originally Posted by Dark_Angers

Windows firewall hardly works, most programs get by it by accident.

By accident? How so?

Quote:

Also it takes a simple Registry entry to add your program to the allow list which is a snap.

Hmm. But for a program to manipulate your registry, it has to be authenticated. It has to be run under a user account with appropriate permissions. Sure, a trojan or something could edit the registry, but by that point you've already lost the battle.

Quote:

Windows firewall is also VERY VERY VERY basic.

In terms of bells and whistles, sure. But if you want comprehensive monitoring and logging and whatnot, I'm pretty sure the built-in XP firewall can be cajoled into spitting out syslog data. But yeah, most users don't give a rip, ya know? Just protect me.

Quote:

You don't get any control over ports,

Hmm. Actually, yes you do:

Quote:

traffic, or get to see any addresses that have tried to intrude.

I think you're right that there's not a nice UI for this info. But there's always the event log, and the flat-text logfile it can generate.

Quote:

All you can do is allow or disallow a program and nothing else.

Nah. You can get pretty granular. See above.

I think those other products offer some interesting bells and whistles, but I think for most users (who just want simple dummy-proof protection) the XP firewall works great. A lot of us have decent firewalls built into our cable modems or wireless routers anyway, and I personally think paying cashbucks for a firewall product over-and-above the perfectly adequate Windows feature is a little...well.

I should probably shut up.

[ipack]

It's a nice thought skidoo.

run windows firewall only and try to keep me from exploiting your ports. it won't happen

I would hit it up with an xmas tree port scan modified with all kinds of custom scripts..

edit: understand that i'm not saying it won't keep the basic nuisence out, but if someone wants in... they will find a way

[skidoo]

Quote:

Originally Posted by ipack

It's a nice thought skidoo.

Thanks.

Quote:

run windows firewall only and try to keep me from exploiting your ports. it won't happen

Wow. That's a hell of a claim.

Quote:

I would hit it up with an xmas tree port scan modified with all kinds of custom scripts..

An "xmas tree" scan? LMAO. Good luck with that. 1996 called. It wants its phone phreaking BBS forum dumps back.

Quote:

edit: understand that i'm not saying it won't keep the basic nuisence out, but if someone wants in... they will find a way

I'm just saying, I don't see any real advantage to paying for some buggy third-party product when the one that's built-in works just as well (minus a few bells and whistles).

[ipack]

listen, i don't claim to be some l337 haX0r, hell i was just a young kid when the blueboxing of the 80's was going on.

But i could access your ports running an xmas scan and a couple of custom scripts. An xmas scan is pretty basic, there's many more tools that could allow me to scan your ports without detection.

just because the technology is old doesn't mean it's not effective. TCP/IP has changed little to none since 1982

[skidoo]

Quote:

Originally Posted by ipack

just because the technology is old doesn't mean it's not effective. TCP/IP has changed little to none since 1982

No, but firewalls have. An xmas tree scan? Give me a break, dude. It's not like Windows firewall is just going to accidentally leave some random port open. And nevermind that xmas tree scans don't even really work on most Windows' TCP/IP implementations.

So, back to my question: Are any of these other products better than the built-in Windows firewall? That is, unless you're looking for traffic monitoring or keyword filtering or a bunch of pie charts and animated alert messages or whatever, isn't the built-in Windows feature a perfectly respectable desktop firewall?

[Dark_Angers]

Quote:

Originally Posted by skidoo

No, but firewalls have. An xmas tree scan? Give me a break, dude. It's not like Windows firewall is just going to accidentally leave some random port open. And nevermind that xmas tree scans don't even really work on most Windows' TCP/IP implementations.

So, back to my question: Are any of these other products better than the built-in Windows firewall? That is, unless you're looking for traffic monitoring or keyword filtering or a bunch of pie charts and animated alert messages or whatever, isn't the built-in Windows feature a perfectly respectable desktop firewall?

Ok u got me on the port part, but registry editing is easier done then said. 90% of windows users are admin level so poof 90% compromised.

And I have installed programs and they ask to update themselves windows allows them without asking me. The only time it does ask me if the program tries to use the internet to work, like a game would. (At least my experience)

Also me thinks Windows firewall only stops outbound traffic not inbound, so port scanning still works against windows firewall. Someone test this


And for the average user sys logs are a big hard to find, they want something they can click and find everything.

[skidoo]

Quote:

Originally Posted by Dark_Angers

Ok u got me on the port part, but registry editing is easier done then said. 90% of windows users are admin level so poof 90% compromised.

But like I pointed out before: If the trojan is already installed on your system, you're screwed anyway.

Quote:

And I have installed programs and they ask to update themselves windows allows them without asking me.

They're probably using HTTP GET. But sure, if you want granular control over your outbound traffic, then you'll have to use a third-party product. Again, most users don't.

Quote:

Also me thinks Windows firewall only stops outbound traffic not inbound, so port scanning still works against windows firewall. Someone test this

What? No. Totally wrong. Coming and going, that's just wrong. Any firewall closes ports to INbound traffic. And a scan looks for ports accepting INbound connections, obviously. So basically, you're just pulling stuff out of your ass. You don't actually know anything about Windows Firewall in particular, or even firewalls in general, do you?

Quote:

And for the average user sys logs are a big hard to find, they want something they can click and find everything.

Yeah, which dovetails with my point that most users don't care about those sorts of features. But if you do, those other products are out there.

I'm dubious of the claims I see that Windows firewall sucks or is insecure or whatever. Lacking bells and whistles? Sure.

[Liquidtruth]

Just get a router.

[skidoo]

Quote:

Originally Posted by Liquidtruth

Just get a router.

What? Why?

[Dark_Angers]

Quote:

Originally Posted by skidoo

What? No. Totally wrong. Coming and going, that's just wrong. Any firewall closes ports to INbound traffic. And a scan looks for ports accepting INbound connections, obviously. So basically, you're just pulling stuff out of your ass. You don't actually know anything about Windows Firewall in particular, or even firewalls in general, do you?
.

Yes it blocks ports, but a a ping hits the port and the computer responds to the ping. Windows firewall doesn't stop the computer from responding to the pings it still responds yes open no closed. That is what I mean by inbound, sry didn't specify. A third party will stop the computer from responding making it harder to scan the system.

Quote:

Originally Posted by skidoo

They're probably using HTTP GET. But sure, if you want granular control over your outbound traffic, then you'll have to use a third-party product. Again, most users don't.

The point of a firewall is to stop things from getting though it without you knowing. If some malware uses HTTP GET to communicate with the outside world then what is the point to the firewall if it doesn't tell you something is up.

Quote:

Originally Posted by skidoo

If the trojan is already installed on your system, you're screwed anyway.

A trojan is only good if it can communicate with the outside world, so you are not compromised if u get one. You are compromised if your firewall doesn't stop it. And since Windows Firewall is easy to get around you will be compromised.



To the average user a cheap third-party firewall is the best, but windows firewall is by now to well exploited and got around easily.



Routers for multiple users uses NAT which makes it almost impossible to port scan the computers behind it. It also makes it hard for trojan that are poorly made to communicate.

[skidoo]

Quote:

Originally Posted by Dark_Angers

Yes it blocks ports, but a a ping hits the port and the computer responds to the ping. Windows firewall doesn't stop the computer from responding to the pings it still responds yes open no closed.

Oh jeeze. Why do you even keep responding? Fascinating....

Quote:

That is what I mean by inbound, sry didn't specify. A third party will stop the computer from responding making it harder to scan the system.

Dude, just give it up. Seriously. This is getting uncomfortable.

Quote:

The point of a firewall is to stop things from getting though it without you knowing. If some malware uses HTTP GET to communicate with the outside world then what is the point to the firewall if it doesn't tell you something is up.

The point? Shuts down your ports, helping keep the bad things out.

Quote:

A trojan is only good if it can communicate with the outside world,

That's not really true, but I understand what you're saying.

Quote:

so you are not compromised if u get one.

Wrong. You've already been compromised. If you get an executable running on your system (especially in the context of your own user account), you're pretty much screwed. See my previous messages.

Can a firewall alert you about suspicious processes trying to access the Internet? Sure. But again, you're missing the point.

Quote:

You are compromised if your firewall doesn't stop it.

That's what your anti-spyware software is for. Like Windows Defender.

Quote:

And since Windows Firewall is easy to get around you will be compromised.

You still haven't shown that Windows Firewall is "easy to get around." So far you've just demonstrated that you like to wade in over your head when it comes to this subject.

[ipack]

why must we continue to babble on about whether or not Windows firewall is an effective security agent.

@Skidoo, after calling up a buddy with xp and having him disable all his other protections leaving only the windows firewall enabled. i attempted to scan him (obviously he gave me his IP address).

I now concede the point to you FOR NOW, that windows firewall is an acceptable defense for most users. However, there are always ways around waiting to be found. windows firewall has not been immune from attack from day 1. But you happen to be right about the xmas scan or UDP or SYN scans not really doing shit.

now.. can we stop fucking arguing about something like a damn firewall, both of you.

Dark_Angers-skidoo knows what he's talking about and happens to be right in this particular case.

skidoo- no need to start calling out people and trying to demean their technical skills. I've spoken with Dark_Angers before and he does know what he's talking about. very technically sound.

goddamn i could have sworn this thread was to help people with computer problems

[skidoo]

Quote:

Originally Posted by ipack

I now concede the point to you FOR NOW, that windows firewall is an acceptable defense for most users. However, there are always ways around waiting to be found. windows firewall has not been immune from attack from day 1. But you happen to be right about the xmas scan or UDP or SYN scans not really doing shit.

Quote:

Dark_Angers-skidoo knows what he's talking about and happens to be right in this particular case.

Quote:

skidoo- no need to start calling out people and trying to demean their technical skills. I've spoken with Dark_Angers before and he does know what he's talking about. very technically sound.

Er, hmm....

Quote:

goddamn i could have sworn this thread was to help people with computer problems

Misinformation isn't help, know what I mean?

[ipack]

it just seems to me the way you go about it is a bit hostile and demeaning, I'm sorry if that is not your intention. It's obvious Dark_Angers believes (as did I) something different about windows firewall than you do. Maybe he's misinformed, maybe he's mistaken completely. So by this reasoning, it would be him that needs help correct?

I dunno, i guess i just think there are better ways of "helping" people than the manner in which I perceived your posts

again, if you were trying to be nice and helpful and not sarcastic and demeaning in any way.. i apologize and it's my mistake.

[Dark_Angers]

w/e I will drop it I am to tired to argue right now. I still think windows firewall is not good because my level of basic is not the same as what others peoples basic. So for me WF doesn't fit for me.

Side note:

The best Rootkit finder- http://www.rku.xell.ru/?l=e&a=main

Second best- http://www.blogcn.com/user17/pjf/index.html (very slow site loading)