"Richard Mueller [MVP]" wrote in
message ...

"FromTheRafters" wrote in message
...

"I.C. Greenfields" wrote in message
...
Some of us want to choose what "gets out" and what doesn't. And this
info doesn't work since there is nowhere to make such a change in the
Windows Firewall window that comes up. Configure it - HOW? Can someone
explain how it's configured to actually work without being a programmer
writing strange unknown confusing rules for everything that wants to
connect to the net? If not, can someone recommend a good free easy to
use two-way FireWall like ZoneAlarm that's compatible with Vista?
Thanks.


http://www.vistastic.com/2007/03/09/...und-filtering/
I bet you didn't know that Microsoft Windows Vista includes a two-way
firewall.

Windows Firewall with Advanced Security includes an API that allows
services, applications, and installers to write their own ticket through
the
firewall. In other words, they can add themselves to the exclusions list.

http://msdn.microsoft.com/en-us/libr...53(VS.85).aspx

So, it doesn't really do what most people think it does.

The key to not having programs make outbound connections, or opening up
ports for receiving unsolicited inbound traffic, is to not run those
programs on
the machine.

Third party firewalls don't make it *that* easy - but they don't make it
much
harder either. They provide the illusion that they can stop outbound
traffic.

Which is why I never use the Windows firewall. Every app thinks they are
special and should be able to contact big brother with news about me and
retrieve info on things they feel I need. Some companies are especially
bad. I know because I don't use Windows firewall so I see the requests and
deny them. Over the years it seems to have gotten much worse.

I think it comes down to trust. If you don't trust a program - don't execute
it.
If you *do* trust it, let it do whatever it is programmed to do. By all
means,
traffic should be logged - audit trails are good to have. Maybe an alert
from
a daemon, or even outright blocking of attempts to 'phone home' are a good
thing too. But this isn't really how one should judge the value of a
software
firewall.

On Sat, 14 Feb 2009 21:31:29 -0500, mayayana wrote:

Which is why I never use the Windows firewall. Every app thinks they
are
special and should be able to contact big brother with news about me
and
retrieve info on things they feel I need. Some companies are especially
bad.
I know because I don't use Windows firewall so I see the requests and
deny
them. Over the years it seems to have gotten much worse.

Have you had to update your tinfoil beanie or is the original one
working OK?

And this person is an MVP? He should not speak of FW technology that's
for sure. He must have been on Gibson's site all of this time and became
paranoid.

Why are people who want more privacy than you
do by definition paranoid and unbalanced? A PC is
private property. Why should any Tom, Dick, or Microsoft
be allowed to disrespect that boundary?

And what about the malware problem? How do you
think "bot herders" manage to maintain herds in the
hundreds of thousands? IE holes might get them onto
a PC, but the malware still has to call out if it's going
to follow the bot herder's orders. It's a safe bet that
those zombie boxes are not running 2-way firewalls.

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/m.../cc510323.aspx
*(read twice!)*

For another angle, some might find this
recent Wired article interesting:
http://blog.wired.com/business/2009/...ogles-sof.html

Appparently Google has decided it's not enough to
install "crapware-trackware" to anyone who's fool enough
to take it. Now they're installing their alleged software
updater as an always-running service ... without permission.

You are either misinformed or don't fully understand the issue.
Prior installing a program read the EULA and if you don't trust a
particular program than don't install it! Simple, really.

Kayman have said in previous article, that...

You are either misinformed or don't fully understand the issue.
Prior installing a program read the EULA and if you don't trust a
particular program than don't install it! Simple, really.

Not sure, if mentioned in thread,
but there also non security reasons,
why one can want to manage outgoing connections.

--
Poutnik

"FromTheRafters" wrote:

"Richard Mueller [MVP]" wrote

"FromTheRafters" wrote

"I.C. Greenfields" wrote

Some of us want to choose what "gets out" and what doesn't.
And this info doesn't work since there is nowhere to make such
a change in the Windows Firewall window that comes up.
Configure it - HOW? Can someone explain how it's configured to
actually work without being a programmer writing strange
unknown confusing rules for everything that wants to connect to
the net? If not, can someone recommend a good free easy to
use two-way FireWall like ZoneAlarm that's compatible with
Vista? Thanks.


http://www.vistastic.com/2007/03/09/...und-filtering/
I bet you didn't know that Microsoft Windows Vista includes a
two-way firewall.

Windows Firewall with Advanced Security includes an API that
allows services, applications, and installers to write their own
ticket through the firewall. In other words, they can add
themselves to the exclusions list.

http://msdn.microsoft.com/en-us/libr...53(VS.85).aspx

Thanks for the information.

So, it doesn't really do what most people think it does.

The key to not having programs make outbound connections, or
opening up ports for receiving unsolicited inbound traffic, is
to not run those programs on
the machine.

Third party firewalls don't make it *that* easy - but they don't
make it much
harder either. They provide the illusion that they can stop
outbound traffic.

Apparently the makers of ZoneAlarm fixed such a problem by
preventing ZoneAlarm from being shut down. After that , I have never
heard an authoritative claim that an application snuck through
ZoneAlarm.

Which is why I never use the Windows firewall. Every app thinks
they are special and should be able to contact big brother with
news about me and retrieve info on things they feel I need. Some
companies are especially bad. I know because I don't use Windows
firewall so I see the requests and deny them. Over the years it
seems to have gotten much worse.

I think it comes down to trust. If you don't trust a program -
don't execute it. If you *do* trust it, let it do whatever it is
programmed to do.

Sounds like a symptom of the ones and zeros disease.

On Sat, 14 Feb 2009 09:55:40 -0600, "Richard Mueller [MVP]"
wrote:

Every app thinks they are special and should be able to contact big brother
with news about me

"news about you" - got any evidence of that or are you just being
paranoid?

and retrieve info on things they feel I need.

Like product updates that might be security related? You're just
shooting yourself in the foot.

Some companies are especially bad.

Then why do you use their products?

I know because I don't use Windows firewall so I see the requests and deny
them. Over the years it seems to have gotten much worse.

Stop whining, please.

On Wed, 18 Feb 2009 12:32:02 GMT, John Doe
wrote:

Apparently the makers of ZoneAlarm fixed such a problem by
preventing ZoneAlarm from being shut down.

What makes you believe shutting it down is the only possible way to
circumvent it? And why would malware writers choose a method which
makes you as a user suspicious to what is going on. No, no. They will
of course just circumvent your illusionware why letting you continue
to believe all is fine and well.

After that , I have never heard an authoritative claim that an application
snuck through ZoneAlarm.

LOL. Better check your "authoritative" sources then.

Which is why I never use the Windows firewall. Every app thinks
they are special and should be able to contact big brother with
news about me and retrieve info on things they feel I need. Some
companies are especially bad. I know because I don't use Windows
firewall so I see the requests and deny them. Over the years it
seems to have gotten much worse.

I think it comes down to trust. If you don't trust a program -
don't execute it. If you *do* trust it, let it do whatever it is
programmed to do.

Sounds like a symptom of the ones and zeros disease.

No. Sounds like a well considered response to a problem you don't seem
to fully understand.

On Sat, 14 Feb 2009 02:15:33 -0600, "I.C. Greenfields"
wrote:

http://www.vistastic.com/2007/03/09/...und-filtering/
I bet you didn't know that Microsoft Windows Vista includes a two-way
firewall.

Unfortunately, the outbound filtering has been disabled.

Who wrote this crap in the first place? That outbound filtering is
completely disabled by default in Vista is one of those lies that
continue to spread unhindered because of ignorance and "common
knowledge". Truth is, several outbound rules are enabled already by
default. Unfortunately, the fact that it doesn't pop up silly messages
like the ones people are getting used to from the usual PFW
illusionwares helps spreading that wrong impression.

Apparently the makers of ZoneAlarm fixed such a problem by
preventing ZoneAlarm from being shut down.

What makes you believe shutting it down is the only possible way to
circumvent it? And why would malware writers choose a method which
makes you as a user suspicious to what is going on. No, no. They will
of course just circumvent your illusionware why letting you continue
to believe all is fine and well.


That's quite a strong statement to make, implying
that 2-way firewalls are basically useless. If you're
going to claim that you should provide some evidence
and explanation. Otherwise you're just adding confusion.

In my experience, ZA has no trouble blocking unauthorized
software from going online. There is a wrinkle, though,
with XP. XP, and NT systems in general, are a security risk
in that they're designed as corporate workstations, with
various vulnerable network-related services that are
unnecessary on Win9x but are typically running, and may
even be critical, on NT (RPC, for example.)

Complicating matters, Microsoft shrouds a number of
services in the svchost.exe process, which can run in
multiple instances. So if you allow svchost through the
firewall it's not so easy to know exactly what you're
allowing. And ZA can't differentiate between the actual
processes running under the svchost "hat".

That wouldn't be a problem if you just block svchost altogether,
except that if you block svchost and use highspeed then you
may block a service critical to your connection! So in most
cases it's difficult to really block Microsoft's stuff and control what
goes out on NT systems. (NT4,2000,XP,Vista.)

Another complication involving different ZA versions:

If you use the earlier ZA versions that were compatible
with XP (v. 2.6.x) you can block svchost, but as noted above,
that might be a problem on highspeed.

With later versions of ZA, ZoneLabs apparently cooperated
with Microsoft and will override your settings. Later versions will
put svchost into the allowed list without telling you, and
put it back again if you remove it. However, I think that someone
using dial-up, and using ZA 2.6 could block all outgoing MS
processes. (Though I don't know whether v. 2.6 runs on Vista.)

I haven't tried more recent versions of ZA. It bloated from
a 2 MB program to a monstrosity of 50 MB in recent versions.
Personally I'd look elsewhere these days if I felt a need for a
new firewall and for some reason didn't think ZA 2.6 was
adequate.

+Bob+ wrote:
On Wed, 18 Feb 2009 10:18:05 -0500, "mayayana"
wrote:

Complicating matters, Microsoft shrouds a number of
services in the svchost.exe process, which can run in
multiple instances. So if you allow svchost through the
firewall it's not so easy to know exactly what you're
allowing. And ZA can't differentiate between the actual
processes running under the svchost "hat".


Oh, but you don't have to worry about that anymore, because MS's
magical Vista firewall will figure out that programs are hiding as
svchost and stop them! (Right after the Easter Bunny drops in on a
flying pig and brings you your chocolate eggs).




Is this suppose to be some kind of a joke here, because you seem serious?

It's not a host based packet filer/FW's job to figure out what is
running on the computer, which those snake-oil solution personal
firewalls try to figure out, stop things, and they can't.

A host based packet filter such a Vista FW/packet filter's job is to
stop unsolicited inbound traffic by port, protocol, IP etc. And it does
the same on outbound by setting outbound rules.

"John Doe" wrote in message
...
"FromTheRafters" wrote:

"Richard Mueller [MVP]" wrote

"FromTheRafters" wrote

"I.C. Greenfields" wrote

Some of us want to choose what "gets out" and what
doesn't.
And this info doesn't work since there is nowhere to
make such
a change in the Windows Firewall window that comes up.
Configure it - HOW? Can someone explain how it's
configured to
actually work without being a programmer writing
strange
unknown confusing rules for everything that wants to
connect to
the net? If not, can someone recommend a good free
easy to
use two-way FireWall like ZoneAlarm that's compatible
with
Vista? Thanks.


http://www.vistastic.com/2007/03/09/...und-filtering/
I bet you didn't know that Microsoft Windows Vista
includes a
two-way firewall.

Windows Firewall with Advanced Security includes an API
that
allows services, applications, and installers to write
their own
ticket through the firewall. In other words, they can
add
themselves to the exclusions list.

http://msdn.microsoft.com/en-us/libr...53(VS.85).aspx

Thanks for the information.

So, it doesn't really do what most people think it
does.

The key to not having programs make outbound
connections, or
opening up ports for receiving unsolicited inbound
traffic, is
to not run those programs on
the machine.

Third party firewalls don't make it *that* easy - but
they don't
make it much
harder either. They provide the illusion that they can
stop
outbound traffic.

Apparently the makers of ZoneAlarm fixed such a problem by
preventing ZoneAlarm from being shut down. After that , I
have never
heard an authoritative claim that an application snuck
through
ZoneAlarm.

Which is why I never use the Windows firewall. Every app
thinks
they are special and should be able to contact big
brother with
news about me and retrieve info on things they feel I
need. Some
companies are especially bad. I know because I don't use
Windows
firewall so I see the requests and deny them. Over the
years it
seems to have gotten much worse.

I think it comes down to trust. If you don't trust a
program -
don't execute it. If you *do* trust it, let it do
whatever it is
programmed to do.

Sounds like a symptom of the ones and zeros disease.

When there is no "grey area" ones and zeroes describe things
accurately.