XP's Firewall

Discussion in 'Virus Information' started by B.W., Aug 22, 2006.

  1. B.W.

    Leythos Guest

    Yes, it's quite simple, all you have to do is try for yourself.

    the flaws in how Windows Firewall operates are clear, documented, and
    show an alarming threat to anyone that cares.
    Just as many users don't understand caller ID, all they know is that it
    works and tells them something in about/trying to intrude on their
    lives.

    If the firewall allows any application to make changes in the protection
    without the users permission, then it's not much of a firewall.
    All you have to do is prove they are opinions to get me to agree.

    A firewall that does not alert the user, doesn't provide logs, allows
    changes without the user knowing, those all make it worthless in most
    cases, and clearly make it a crappy firewall.
    So, you're stating that Users, regardless of understanding, don't need
    to know about anything trying to get into our out of their node?

    I suggest you go back to security class and get your understanding
    adjusted.
     
    Leythos, Aug 28, 2006
    1. Advertisements

  2. B.W.

    B. Nice Guest

    I suggest you stop reading my comments like the devil reads the
    bible...
     
    B. Nice, Aug 28, 2006
    1. Advertisements

  3. B.W.

    Leythos Guest

    Lets make this simple:

    1) Windows firewall allows applications to make changes to the rule sets
    (exceptions) without a WINDOWS OS change alert/approval by the user.

    2) Windows firewall, in any instance, on a network, unknown or know, is
    better than no-firewall at all.

    3) Firewalls that don't provide logging or real-time in/out bound
    traffic reporting don't allow the users to have any chance to understand
    what is going on with their network device.

    4) Users should expect to know what is happening with their network
    connection, even if they don't currently understand it, they will at
    least have a chance to learn.

    5) Any firewall that lets software make changes to the rules without
    express permission from the user is a crappy firewall.
     
    Leythos, Aug 28, 2006
  4. B.W.

    Robert Moir Guest

    Absolutely. So why is Windows Firewall any different to any other firewall
    on the machine that can be subverted by any bit of software running in the
    user context of an admin user?

    The Windows Firewall is only being targetted in this way because it's the
    only one guaranteed to be there, but this is very much the choice of the
    author of the installer. They -could- look for all kinds of firewalls and
    either switch them off or add exceptions to their ruleset.
    So why is Windows Firewall any different to any other firewall on the
    machine that can be subverted by any bit of software running in the user
    context of an admin user?

    I'm really not certain why you're picking on Windows Firewall when EVERY
    SINGLE software firewall is equally vulnerable. I want to underline the
    fact that I'm *not* defending the Windows Firewall, merely suggesting that
    if you're digging it a grave you need to make it big enough for all the
    other products that should join it.

    You run software on your system in the context of an admin user, and that
    software owns your machine and can subvert any software firewall /
    anti-spyware or anti virus program installed on that system, just by
    shelling out a batch script that runs a bunch of "net stop" commands to
    turn off their services.
    And thus would have been turned off, hence being even less use than you
    reckon it is now.

    And lets not forget this little matter of an anti-trust problem Microsoft
    have and that anyone can drag them back in front of a judge who might just
    be having a bad robe day for that hearing and make all kinds of crazy
    rulings. One might argue that this mitigates against making built in
    components that would be good enough to wipe out the competition in a
    market sector, too.

    --
    --
    Rob Moir, Microsoft MVP for Security
    Blog Site - http://www.robertmoir.com
    Virtual PC 2004 FAQ -
    http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
    I'm always surprised at "professionals" who STILL have to be asked:
    "Have you checked (event viewer / syslog)".
     
    Robert Moir, Aug 28, 2006
  5. B.W.

    Leythos Guest

    In the case of every PFW I've used and people I know have used, the
    malware or threats have caused a reaction from the PFW software. I know
    that they can still be compromised without warning, but every one of the
    non-Windows XP firewalls that I have experience with warned the user
    before they made the mistake.
    Yes, they could, and Microsoft could have made it impossible for
    Software to add exceptions and designed it so that it required a USER to
    create exceptions - they could also have build a reporting tool and
    real-time monitor GUI for it, but they failed in that too.
    Already answered above - same question from you, same answer from me.
    First, lets understand, I'm not "Picking" on the Windows Firewall, it
    may seem that way, but it has some serious flaws that are not exploited
    the exact same way as many of the non-XP Firewall solution is.
    No reporting
    No authorization to make changes
    No notice of changes made
    No real-time view of connections in any direction
    Yes, but that's not what we're talking about, but I completely agree.
    Turned off is easy to detect on many third party firewall products, and
    even if stopped, their icon in the task bar disappears - not so with the
    Windows XP Firewall.
    Look, I use XP Firewall on this laptop, but I also have another
    installed, I use one or the other, depending on the environment. I have
    never had a single compromised machine that we manage, ever, and I'm not
    about to start now, but I don't trust something that is only half-
    implemented by design.
     
    Leythos, Aug 28, 2006
  6. B.W.

    Robert Moir Guest

    But they can't do that if you run the equivilant of kill -9 on the
    appropriate bit of code. This is noticable, but only if you look for it. I
    don't know many people who keep one eye on the system notifcation area
    while using their computer. I tend to have the autohide turned on for as
    much as possible on my system, personally.

    If I thought it was intentional, I might suggest that the only thing
    Microsoft are doing here is actually being the only company to be honest
    about the viability of a host based firewall in the face of an attack from
    software running as administrator on the host box.
    Given my point of view above, I would say that all Microsoft are doing is
    being honest by providing a recognised interface for adding exceptions
    programatically, and saving the installer software running as admin with
    the rights to do anything it wants the effort and bother of "hacking" the
    firewall.
    They might argue that the security centre handled this. And you'd probably
    counter that it was somewhat inadequate (and I'd agree with you) but
    arguably it *is* there.

    [snip]
    Poor choice of words on my part. Sorry if I caused any offence.
    I understand that. I just feel the cost difference to code running on the
    system is negligable at this point. My feeling is that the battle is
    already over the moment malicious code was run in an admin context, and
    we're just waiting to see how the coup de grâce will be administered. You
    can't really trust the system from this point onwards.

    [re-arranged the order of your list below slightly to group for comments]
    Quite so. Possibly a weakness. Possibly a strength when looking after
    inexperienced users who do not know and do not wish to know what is
    happening on a realtime basis.

    With the first and last of your 3 points above, it's interesting to note
    that Apple use pretty much the same model for their software firewall with
    very little comment or complaint. I suspect their user community would be
    very annoyed by the sort of "look at me" popups that the majority of 3rd
    party windows software firewalls use.
    This could perhaps be handled better. Of course, it could be suborned by
    malware.
    Ok. I feel it is what we're talking about, because I'm trying to address
    while I feel outbound filtering on a software firewall is worth far less
    than people think.
    Security Centre? Big Red shield and a popup?
    Absolutely. I don't disagree at all. I'm just simply saying that I believe
    that all host-based firewalls are just as crippled when it comes to
    outbound filtering for the reasons I've already presented, and that I
    think the worse Microsoft can be accused of here is an attack of honesty!

    Either way, thanks for an interesting debate, by the way.

    Regards
    Rob Moir
     
    Robert Moir, Aug 28, 2006
  7. B.W.

    Dan Guest

    Rob, do you know if Microsoft will have Vista so that it has a minimal
    surface area of attack. I refer to having all points of access to the
    operating system closed until needed by a verified and safe program. Do
    you think the NT (New Technology) source code has a strong enough
    foundation to resist the attacks of the 21st century? Chris Quirke,
    talks about the lack of a true maintenance operating system with XP
    because it lacks MS-DOS. (Microsoft Disk Operating System) Will this be
    remedied with Vista or in a later Microsoft operating system? Why is
    there the constant focus about Windows 98 Second Edition not being a
    secure operating system if according to the secunia web site the XP
    operating system suffers from many more serious vulnerabilities? Thanks
    for your thoughts.

    http://cquirke.mvps.org/whatmos.htm
     
    Dan, Aug 29, 2006
  8. B.W.

    Leythos Guest

    You are welcome and I enjoyed looking at it from your perspective too.
     
    Leythos, Aug 29, 2006
  9. B.W.

    PA20Pilot Guest

    Thanks! I'll look into those and see what falls out.


    ---==X={}=X==---

    Jim Self

    AVIATION ANIMATION, the internet's largest depository.
    http://avanimation.avsupport.com

    Your only internet source for spiral staircase plans.
    http://jself.com/stair/Stair.htm

    Experimental Aircraft Association #140897
    EAA Technical Counselor #4562
     
    PA20Pilot, Aug 29, 2006
  10. B.W.

    B. Nice Guest

    I suggest you don't make that kind of statements - because you cannot
    possibly be certain.
    You cannot possibly know that.

    <snip>
     
    B. Nice, Aug 29, 2006
  11. B.W.

    Leythos Guest

    Just because you can't be certain of your methods and security doesn't
    mean others can't. I stand by the statement above, without any wavering
    on my part.
    How the heck would you have any clue? I made a statement, clear, simple,
    and I stand by it, no wavering on my part.

    What you can't do is make a statement that "You cannot possibly know
    that" because there is no way for you to know what I know.
     
    Leythos, Aug 29, 2006
  12. B.W.

    B. Nice Guest

    The application needs the appropriate rights to do so. I might just as
    well argue that by installing or running a program with the nescessary
    rights, you have already authorized it. Whether you want to be alerted
    in the end comes back to personal preference.
    When running as admin you should'nt expect any security product to
    protect you from anything.

    Windows allows applications to delete, copy or add any file without a
    WINDOWS OS change alert/approval by the user.

    Windows allows applications to make changes to the registry without a
    WINDOWS OS change alert/approval by the user.

    Windows allows applications to make changes to ........ well, I hope
    you get the point.
    No need to start that discussion again.
    Whether a user wants that is a matter of personal preference. And the
    windows firewall does provide some logging, BTW.

    With the pop-ups I have seen from numerous personal firewalls I would
    really question to what extent they give a non-techie any chance to
    understand what is going on with their network device.

    Again, the windows firewall does what it claim it does. If you are a
    techie wanting more features - you are free to install something
    else. BTW, if I wanted to know what was going on with my network
    device, I might consider some of the utilities from sysinternals or
    DiamondCS instead of installing a third party personal firewall to
    tell me.
    You are making the assumption that users are a homogenious mass being
    very interrested in networking. Most users I know don't really care.
    All they care about is being protected while doing other, to them,
    more important tasks. They have close to no understanding of
    networking and no intention to learn.

    And again I question the ability of personal firewalls to be good ways
    of understanding your networking.
    Any firewall running on the same machine as it is supposed to protect
    is crappy to some extent.
     
    B. Nice, Aug 29, 2006
  13. B.W.

    B. Nice Guest

    Discussing with you is pointless. That you for making that clear once
    again.
     
    B. Nice, Aug 29, 2006
  14. B.W.

    Dan Guest

    Since the Windows Firewall is there with the operating system in XP SP
    2, wouldn't this cause people to target it the most since it is on the
    computer by default.
     
    Dan, Aug 29, 2006
  15. B.W.

    B. Nice Guest

    How difficult do you think it is for malware to figure out which
    firewall is running on your computer?
     
    B. Nice, Aug 29, 2006
  16. B.W.

    Leythos Guest

    Actually I should expect the firewall, since this is a new addition to
    Windows, to protect anyone running as Administrator. They could do it,
    but they don't.
    Yes, but we're talking a new part of the OS, a firewall, something that
    was ADDED to protect users. This has nothing to do with the new Firewall
    function.
    Yes, but we're talking a new part of the OS, a firewall, something that
    was ADDED to protect users. This has nothing to do with the new Firewall
    function.
    Yes, but we're talking a new part of the OS, a firewall, something that
    was ADDED to protect users. This has nothing to do with the new Firewall
    function.
    No, it's a matter of preference if you can disable/enable to the logs.
    In the case of windows firewall there is no preference ability.
    But, as you say, at least they give the non-tech a chance to see what is
    going to happen, even if they don't understand it. Some would block,
    some would allow, some would check first to understand, others would
    not. So, it seems that following the generic odds, users that are
    alerted, even if they don't understand, have a better chance of
    remaining protected than with Windows firewall.
    No, the windows firewall does not do what it claims it does, at least
    not on the surface of it's claims - the claim is that you are protected
    if you use it, and we both know that users are not protected if using
    Windows XP firewall, it's a crapshoot from the start and even more so as
    they install applications that make use of networking.
    No, I'm not making any assumptions - I'm stating that users, like other
    types of things in the world, will take information and run with it. If
    they never see anything from their firewall they (most) will never be
    aware of anything else about it. If users see alerts, flags, etc... they
    will (most) start asking questions and start learning about it - it's
    basic human nature (most people) to try and learn about something
    new/unknown.
    I never said anything about them being a good way to understand
    "Networking", just that they are a means to understand what is going on
    (in/out) of your node.
    I agree 1000%.

    Any firewall that allows changes without alerting the user, that has no
    reporting, that has no monitoring functions, is a very crappy firewall.
     
    Leythos, Aug 29, 2006
  17. B.W.

    Leythos Guest

    If you can't help telling me what I can say, or what I know, then you
    are not discussing things here.

    For you to say I can't know something, without knowing me, after I've
    already stated that I do know something, is just posturing and trying to
    distract on your part.

    If you can dispute what I've said, then do so, if you can't, you can say
    you don't believe me, but you can't say that I don't know something I've
    clearly said I do know.

    In this discussion it's been proven how worthless Windows XP Firewall
    really is. It's been proven that any other firewall, since they have
    more chance to inform the user of changes/actions of their system is
    going to be a better option than the Windows XP Firewall.

    Other than bugs in software, which Windows is not immune too, I see no
    reason why third-party firewall applications are not better than Windows
    XP firewall. At least with third-party firewall solutions you have a
    chance to know that something is happening as/before it happens, with
    Windows XP Firewall you don't have a chance to know anything as/before
    it happens.
     
    Leythos, Aug 29, 2006
  18. B.W.

    B. Nice Guest

    You have'nt proved anything. Normally you yourself will not accept
    anything unless all facts are present. Former discussions in c.s.f.
    clearly shows that. Therefore you have'nt proved anything. You have
    mentioned your personal opinion on the windows firewall - that's all.
    And that's okay. But it's clearly not a proof.

    But on the other hand it's of course easy to prove something if you
    yourself define the criteria.
    And since you seem to believe in the nonsense of controlling something
    already allowed to run (in awfully many cases with admin rights) we
    will never come to an agreement.
     
    B. Nice, Aug 29, 2006
  19. B.W.

    Leythos Guest

    Lets see, I've clearly stated what Windows Firewall allows to happen,
    what it fails to provide, and not once have you stated that I was wrong.

    How can you say I've not proven anything if you have not said I'm wrong.

    You keep trying to argue Opinion, but I stated specifics with you have
    not said are false.
    You are the one stating Opinion, I've made the failings of windows XP
    quite clear and something that anyone can see on their own, no special
    tools required by anyone. You've also not said I was wrong, in fact,
    you've agreed with the failings as being stated, but you just throw your
    Opinion in stating that it doesn't matter.
    Either you can't read or you're blind - I clearly stated the failings,
    multiple times, of the Windows XP firewall.
    And you fail to understand that it doesn't have to be as it currently
    is, it could have been a real firewall service that doesn't provide open
    access to its functions/methods/rules.

    If fails in all cases, and you've agreed, but you keep wanting people to
    believe that Windows XP Firewall is good because that's your Opinion.

    Show where the statements I've clearly defined concerning the Windows XP
    firewall are not true and we'll have something to discuss.

    Anyone can see that the statements I've made are true, it would take a
    MAC user to miss the truth.
     
    Leythos, Aug 29, 2006
  20. B.W.

    Dan Guest

    I do not think it is difficult at all but remember it is a person who
    writes malware and guess what is there by default on an XP computer. It
    is the Windows Firewall and so naturally this will make a tempting
    target especially since a computer user who does not have any or only a
    little knowledge of firewalls will hopefully enable this firewall and be
    done with it because they do not want to spend the time protecting
    themselves or figuring out what their computer is doing. I compare it
    to users who like and use AOL because they do not want to spend the time
    figuring out their computer and so a person is more likely to target
    their software since they are seen as a novice.
     
    Dan, Aug 29, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.