Re: Unknown download activity in background - how to determine what it is?
"John John" <audetweld@nbnet.nb.ca> wrote in message
news:evGvOsY0HHA.4568@TK2MSFTNGP03.phx.gbl...
> Kerry Brown wrote:
>
>> "John John" <audetweld@nbnet.nb.ca> wrote in message
>> news:%23mmjLjX0HHA.4568@TK2MSFTNGP03.phx.gbl...
>>
>>> Kayman wrote:
>>>
>>>
>>>> and scroll down to:
>>>> Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.
>>>
>>>
>>> That article itself is baloney. It is true that any malware can
>>> circumvent a firewall's outbound protection but it is also true that a
>>> lot of malware is detected by firewall outbound monitoring. The
>>> outbound monitoring also alerts you when otherwise legitimate software
>>> is trying to call home. Perhaps you like it better when things like
>>> Media player call home without your knowledge, a pesky annoyance that
>>> you should be aware of things like that.
>>>
>>> The article states:
>>>
>>> "Speaking of host firewalls, why is there so much noise about outbound
>>> filtering? Think for a moment about how ordinary users would interact
>>> with a piece of software that bugged them every time a program on their
>>> computer wanted to communicate with the Internet..." What a pile of
>>> baloney!"
>>>
>>> Firewall have rules, it appears no one at Microsoft knows this, which
>>> isn't really surprising to tell you the truth. Microsoft's logic is
>>> that "you don't need seat belts if you have airbags". And you don't
>>> need to know what it is that things like Media Player doing. Baloney
>>> indeed!
>>>
>>
>>
>> There is no way a software firewall can guarantee it will stop outbound
>> traffic on the computer it is running on regardless of the OS. Software
>> firewalls can be useful for stopping programs communicating outbound
>> through normal channels. That's it, period. The fact that some firewalls
>> notify you about malware communicating out is a function of how poorly
>> the malware is programmed not the firewall. Intel motherboards can
>> communicate though the onboard NICs at the BIOS level with no OS present.
>> Rootkits can easily modify all traffic going through any NIC in the
>> computer. Malware running in Windows can easily corrupt traffic from
>> legitimate programs. Malware can even create it's own TCP/IP stack and
>> bypass Windows (or other OS') networking stack altogether. Virtual server
>> software is capable of spoofing a MAC and getting multiple IP addresses
>> for one NIC from a DHCP server. What makes you think malware can't do the
>> same type of thing?
>
> All that you say is true and I never said or argued otherwise. But
> software firewalls that monitor outbound connections can be useful and can
> help to keep some applications in check, just because the Microsoft
> firewall can't do it doesn't mean that all others are not good.
>
You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic
to be Safe." was baloney. It is not. You are talking about privacy not
safety. Software firewalls do nothing to improve your safety. They may
actually decrease your safety by giving you a false sense of security. They
can as you say be used to protect your privacy. You went on to say this:
"Firewall have rules, it appears no one at Microsoft knows this" which is
also false. All of the firewalls in Microsoft OS' use rules. Some of them
don't monitor outgoing traffic but they all use rules.
--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca