Re: Plethora of nasties

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View



[...]

Quoted text here. Click to load it

If your computer is compromised by malware, and your firewall settings
look okay, what conclusions can you draw from this?



Re: Plethora of nasties




Quoted text here. Click to load it

Factoring in the speed of the malware attack, the switched off firewall and
switched off firewall alert notice, the letters used in the randomly named
dll file and the number of pages of paper my printer wasted before I managed
to get rid of everything the conclusion I draw is that it will probably snow
again today.
--
Dave Baker



Re: Plethora of nasties



erratic@nomail.afraid.org says...
Quoted text here. Click to load it

What does a firewall have to do with compromised computers?

If the firewall doesn't block ALL inbound and ALL outbound connections
then the firewall is not the cause of the problem.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Plethora of nasties



wrote:

Quoted text here. Click to load it

It seems like a firewall that blocks "ALL inbound and ALL outbound
connections" is functionally equivalent to a disconnected network
cable. :)


Re: Plethora of nasties



Quoted text here. Click to load it

...that's another way of saying it. :o)

Answer: Nothing, but malware running on the machine can make your tools
appear to lie to you. Affecting changes to a firewall by using tools in
a compromised environment may not be actual changes, only lies. I'm just
saying Dave's suggestion is only the half of it - it is futile either
way. The thing to do is to remove the active malware so that you can
trust the tools, then check your settings.



Re: Plethora of nasties



erratic@nomail.afraid.org says...
Quoted text here. Click to load it

Isn't that why you don't trust a firewall on the computer you actually
use?

The general security rule is that a firewall, to be effective, is
installed on a stand-alone machine that is not used by anyone and has no
shared account authentication with your users.

While many firewall products, real that as Appliances, can filter
content (files) out of HTTP and FTP and SMTP sessions, you really have
to understand how to do that in order to protect your network and
systems.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Plethora of nasties



Quoted text here. Click to load it

Indeed! The simplest of firewall appliances is better than an 'all bells
and whistles' personal firewall application running on the machine it
hopes to protect. I mispoke when I didn't qualify that the discussion
was likely about personal firewall applications and not actual
firewalls. I used to be a real stickler about there being an important
distinction there.



Re: Plethora of nasties



wrote:

Quoted text here. Click to load it

So your position is that only somebody as steeped in knowledge as an
IT professional (like you?) can effectively use a firewall.  Those
'rules' (and my firewall Look 'n' Stop has about 20 of them) are of
little or no importance?  Or perhaps they only take care of the 'easy'
cases--say 50% or less of the total?

Interesting if that's your position--and certainly that's not what the
marketers of firewalls tell casual users like myself...

RL


Re: Plethora of nasties



wrote:

Quoted text here. Click to load it

So your position is that only somebody as steeped in knowledge as an
IT professional (like you?) can effectively use a firewall.

***
I'm a hobbiest, not an IT professional. When an IT professional tells me
that a personal firewall application is a *real* firewall and a NAT
router with basic firewalling capabilities (SPI) is *not*, I know enough
to *know* he is wrong.
***

Those 'rules' (and my firewall Look 'n' Stop has about 20 of them) are
of little or no importance?

***
No, they can be helpful (or entertaining).
***

Or perhaps they only take care of the 'easy' cases--say 50% or less of
the total?

***
Don't know, but if you are talking about outbound filtering or
application control, then we are no longer talking about a firewall in
the sense that a router as described above is a firewall. Disallowing a
trojan from accessing the internet can be a good thing, but you are
correct in assuming that this would be an "easy" case.
***

Interesting if that's your position--and certainly that's not what the
marketers of firewalls tell casual users like myself...

***
Toothpaste companies always show *lots* of toothpaste on the brush - do
you think that much is *really* needed? Why would they want to teach the
users to be conservative, after all, they *are* in business to make
money.
***



Re: Plethora of nasties



Quoted text here. Click to load it

Indeed! The simplest of firewall appliances is better than an 'all bells
and whistles' personal firewall application running on the machine it
hopes to protect. I misspoke when I didn't qualify that the discussion
was likely about personal firewall applications and not actual
firewalls. I used to be a real stickler about there being an important
distinction there.


Quoted text here. Click to load it



Site Timeline