"Joshua Reed" <joshua.reed@gmail.com> wrote in message
news:1141595274.196243.156490@u72g2000cwu.googlegroups.com...
> Wow, that's a lot of vitriol.
>
> So, "all ports 'running'" is clearly a colloquialism. By that I of
> course mean all the *default* ports on a Windows system, particularly
> the most common targets like tcp 445 and 135. Without disabling
> sharing, NBT, UPnP, Term Svcs, and the like, there's a lot of services
> running, listening, waiting for connections, for credential guessing.
You'll have to forgive the posting name but I can only see your post with OE
that as this name, because Thunderbird can't see you for some reason.
If you're going to say it, then say it right. The other way makes it look
like you don't have a *clue*.
>
> Now, as for what a FW has to do with browser settings and what sites
> one visits, the connection should be obvious to anyone who cares to
> think before composing invectives. The connection between the two is
> indirect, but well-known nonetheless.
Talk to someone who doen't know this.
> The average user with insecure
> browser settings in IE, who visits certain sites, is actually using the
> number one vector for remote exploit, the IE browser. So, once the
> browser allows something to be installed on the system or remotely
> exploits something in the browser that allows the system to be
> controlled, a bidirectional firewall would actually alert such a user
> that outbound connections are being made, connections that they
> wouldn't otherwise be aware of with a inbound-only packet filter.
All they got to do is configure the O/S and the Internet application not do
allow the install. You know by not surfing the internet with Admin rights.
And maybe the PFW will alert and maybe it won't. I know I wouldn't lean on
something like that like a crutch like it's some kind of stops all and ends
all solution.
What's Application Control got to do with some kind of bidirectional
anything? At best, all it's doing is stopping a program for doing something
and that's not a FW function. And it's only good as long as you don't boot
the machine for in 3rd party PFW solution as they are not an integrated NT
service that has been set as a dependency to any NT service being used by
the NT based O/S.
What that means to you is that the PFW is not being started first in the
start sequence on the NT based O/S and therefore the 3rd party PFW is can
and is being beaten to the TCP/IP connection before the 3rd PFW solution can
even start to stop anything it's by malware.
The only PFW that can get there first is the XP FW that is set as a
dependency of NT the NT service that makes the TCP/IP connection available
and it must wait for the XP FW to be up and active before TCP/IP connections
are allowed.
>
> Basically, it gives them a heads-up, potentially, that there's a piece
> of software on their machine making outbound connections. This could be
> a rootkit, this could be a trojan that was installed from an e-mail
> attachment and is sending a password list out...
It may or may not work and can be cricumvented and defeated by malware. The
worthless Application Control is just that, worthless.
>
> While it's not often a *preventative* measure, it's certainly an
> important *detective* measure.
I wouldn't count on it period like a crutch.
>
> Learn first, flame second...
You can find my name in the NG. :)
Duane :)
