FIX for ZoneAlarm & KB951748 issue released

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 17:02:23 -0400, H.S. wrote:

> Paul (Bornival) wrote:
>>
>> I am amazed by how strongly people linked to MS state that outbound
>> filtering is unecessary or even countreproductive. Yet, other people, not
>> linked to MS, think otherwise. Why is it so ?
>>
>
> Looks like MS does not want to invest time and resources in developing a
> full firewall and is thus marketing and trying to convince its users
> that outbound control is unnecessary.
>
> Historically, MS has wanted their OS to be used by dumb average Joe
> users and thus tuned its system as such. Consequently, they compromised
> on multiuser features, restricted user usage habits and proper computer
> terminology. Result: Almost all users believe Windows must be run in
> admin mode. They do not gain any basic knowledge about computers which
> is commonplace among computer technologists (MS uses its own
> nomenclature, as you mentioned, probably based on recommendations by
> marketing drones). All this leads to significant ignorance of important
> issues related to computer security.
>
> But to be fair, these marketing strategies also resulted in the boom of
> personal computer.
>
> Also, the strict control over licenses also played a very important role
> in making Linux what it is today: secure, open source and, these days,
> with better GUI than Windows in many respects. Had Windows been "open",
> maybe there would not have been as much impetus in making Linux distros
> so user friendly. I have myself seen that current version of Ubuntu is
> much more easier to install than Windows!

You are completely wrong with your assumptions.
Educational reading not only for the Vista user:
Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx

 

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 17:39:08 -0500, Shenan Stanley wrote:

> Conversation in entirety:
> http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>
>
>
> <reference to the inbound/outbound argument parts only>
>
> This is one of those debates like *nix vs. Windows vs. OS X.
>
> Nothing is proven on any side, examples abound (some truthful and realistic
> from the single instance, some not so much) and nothing but emotions and
> egos get exposed.
>
> Personal experience and outside articles are quoted a lot. Some good for
> that single instance in time, others pulled from myth and legend and still
> others might actually hold up over scrutiny (the latter is often over-looked
> in the debate and glossed over at every turn by those opposed to the topic.)
>
> Ideas like "outbound only catches the stuff you already have and who says
> the application in question did not just change your outbound rules as you
> installed it so you still don't know you have it?" and "I like to know when
> something attempts to 'call home'" seem to cover most of the arguments.
> (Sound like "Windows has more security holes than other OSes" and "Macs just
> don't get viruses"...? Yeah - same type of arguments. heh)
>
> In the end - both are right, both are wrong. It's a personal preference.
> It's a way of computing, a mind-set, a need. I know many people who have
> ran many different OSes for many many years without a single instance of
> infection/infestation and they run no antivirus software and no antispyware
> software. They continuously (when someone finds out) get questions like
> "how do you know you actually don't have a virus or spyware/adware if you
> don't run anythign to prevent/check for it?"
>
> In the end - I just go by the idea that making things more complicated is
> seldom the proper course of action... Simplistic solutions are usually the
> most effective and the most eloquent.
>
> So which way do _I_ lean? Doesn't matter.
>
> Each person has their own reasoning behind whatever it is they do. I have
> used many different solutions (I do like to try things - see what I can
> learn and find) - and I do offer advice on the ones I tried that seemingly
> did their jobs without _over-complicating_ my life just to keep it working.
> However - I know that will be different for each person, and I cannot say
> which is less complicated for any one of them. Advice: Try each solution
> *if* this whole topic has any importance to you.
>
> All anyone here can offer is that someone practice some common sense. The
> world is dangerous - your computer gives you options the rest of the world
> does not (I cannot backup my car so that when I get in a wreck, I just
> reload for near instant recovery) - use them. Protect yourself when you can
> (Equate each of these to something on your computer: lock your doors to make
> it harder for intruders to get in while you are there *or* away, wear a coat
> when it is cold, wear sunglasses to protect your eyes, put on sunscreen to
> protect your skin, brush your teeth to prevent cavities, pick up 'your
> room', take out the garbage, cover your face when you cough/sneeze, store
> copies of important documents(life insurance, will, deeds, etc) far away
> from the originals, etc.)
>
> I know someone could pull one (or more) argument for one side or the other
> out of those - I could do it right now. heh
>
> The point - if the solution for everyone was obvious and one-sided - there
> would be no discussion. Being that each person is unique with differing
> experiences and external facts that help support their own experiences - the
> discussion is never-ending. Not one person here can definitively win their
> argument (even if you get rid of every actual 'crazy argument' -- although
> who decides that is yet another debate. hah)
>
> Interesting that a discussion about a particular patch that exasperated a
> problem in a particular piece of software could spawn a conversation along
> these lines... And the subject line stays the same through out. Amazing
> really.
>

Well, I don't think the discussion is about a particular software per se.
Rather the requirement of 'outbound control' after the introduction of NT.
Jesper M. Johansson wrote educational articles about this subject
extensively. It's an important security subject and the message is not easy
to convey, especially if one is blinded by the hype created by the makers
of 3rd party software.

--
Security is a process not a product.
(Bruce Schneier)

 

[Shenan Stanley]

Re: FIX for ZoneAlarm & KB951748 issue released

Conversation in entirety:
http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af



Shenan wrote:
<snip>
> Interesting that a discussion about a particular patch that
> exasperated a problem in a particular piece of software could
> spawn a conversation along these lines... And the subject line
> stays the same through out. Amazing really.

Kayman wrote:
> Well, I don't think the discussion is about a particular software
> per se. Rather the requirement of 'outbound control' after the
> introduction of NT. Jesper M. Johansson wrote educational articles
> about this subject extensively. It's an important security subject
> and the message is not easy to convey, especially if one is blinded
> by the hype created by the makers of 3rd party software.

Actually - if you read what I posted - this 'discussion' did start out as I
stated...
The subject line points this out quite readily. ;-)

It "spawned" into what you are speaking of.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[John John (MVP)]

Re: FIX for ZoneAlarm & KB951748 issue released

Kayman wrote:

> On Thu, 17 Jul 2008 17:39:08 -0500, Shenan Stanley wrote:
>
>
>>Conversation in entirety:
>>http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>>
>>
>>
>><reference to the inbound/outbound argument parts only>
>>
>>This is one of those debates like *nix vs. Windows vs. OS X.
>>
>>Nothing is proven on any side, examples abound (some truthful and realistic
>>from the single instance, some not so much) and nothing but emotions and
>>egos get exposed.
>>
>>Personal experience and outside articles are quoted a lot. Some good for
>>that single instance in time, others pulled from myth and legend and still
>>others might actually hold up over scrutiny (the latter is often over-looked
>>in the debate and glossed over at every turn by those opposed to the topic.)
>>
>>Ideas like "outbound only catches the stuff you already have and who says
>>the application in question did not just change your outbound rules as you
>>installed it so you still don't know you have it?" and "I like to know when
>>something attempts to 'call home'" seem to cover most of the arguments.
>>(Sound like "Windows has more security holes than other OSes" and "Macs just
>>don't get viruses"...? Yeah - same type of arguments. heh)
>>
>>In the end - both are right, both are wrong. It's a personal preference.
>>It's a way of computing, a mind-set, a need. I know many people who have
>>ran many different OSes for many many years without a single instance of
>>infection/infestation and they run no antivirus software and no antispyware
>>software. They continuously (when someone finds out) get questions like
>>"how do you know you actually don't have a virus or spyware/adware if you
>>don't run anythign to prevent/check for it?"
>>
>>In the end - I just go by the idea that making things more complicated is
>>seldom the proper course of action... Simplistic solutions are usually the
>>most effective and the most eloquent.
>>
>>So which way do _I_ lean? Doesn't matter.
>>
>>Each person has their own reasoning behind whatever it is they do. I have
>>used many different solutions (I do like to try things - see what I can
>>learn and find) - and I do offer advice on the ones I tried that seemingly
>>did their jobs without _over-complicating_ my life just to keep it working.
>>However - I know that will be different for each person, and I cannot say
>>which is less complicated for any one of them. Advice: Try each solution
>>*if* this whole topic has any importance to you.
>>
>>All anyone here can offer is that someone practice some common sense. The
>>world is dangerous - your computer gives you options the rest of the world
>>does not (I cannot backup my car so that when I get in a wreck, I just
>>reload for near instant recovery) - use them. Protect yourself when you can
>>(Equate each of these to something on your computer: lock your doors to make
>>it harder for intruders to get in while you are there *or* away, wear a coat
>>when it is cold, wear sunglasses to protect your eyes, put on sunscreen to
>>protect your skin, brush your teeth to prevent cavities, pick up 'your
>>room', take out the garbage, cover your face when you cough/sneeze, store
>>copies of important documents(life insurance, will, deeds, etc) far away
>>from the originals, etc.)
>>
>>I know someone could pull one (or more) argument for one side or the other
>>out of those - I could do it right now. heh
>>
>>The point - if the solution for everyone was obvious and one-sided - there
>>would be no discussion. Being that each person is unique with differing
>>experiences and external facts that help support their own experiences - the
>>discussion is never-ending. Not one person here can definitively win their
>>argument (even if you get rid of every actual 'crazy argument' -- although
>>who decides that is yet another debate. hah)
>>
>>Interesting that a discussion about a particular patch that exasperated a
>>problem in a particular piece of software could spawn a conversation along
>>these lines... And the subject line stays the same through out. Amazing
>>really.
>>
>
>
> Well, I don't think the discussion is about a particular software per se.
> Rather the requirement of 'outbound control' after the introduction of NT.
> Jesper M. Johansson wrote educational articles about this subject
> extensively. It's an important security subject and the message is not easy
> to convey, especially if one is blinded by the hype created by the makers
> of 3rd party software.

Before Windows XP what were people using? What were they using on NT4
and on Windows 2000? Just because XP got a firewall now anything else
has suddenly become unfit for use? Geez, I guess next the hype will be
that anything but One Care will be no good.

John

 

[H.S.]

Re: FIX for ZoneAlarm & KB951748 issue released

Kayman wrote:

>
> You are completely wrong with your assumptions.
> Educational reading not only for the Vista user:
> Managing the Windows Vista Firewall
> http://technet.microsoft.com/en-us/magazine/cc510323.aspx

Ah, I see, leaving no stones unturned to convince people to switch to Vista!

 

[H.S.]

Re: FIX for ZoneAlarm & KB951748 issue released

Kayman wrote:

>> Now, I have no idea why the application is trying to phone home. Why
>> should it? The only reason I would accept is if it is trying to find
>> updates. Well, in that case, I would rather do that myself, thank you
>> very much. Online help? No, don't need it. Any other reasons? Sorry, now
>> you are invading my privacy.
>
> The situation is very simple; If you don't trust an application then don't
> install it in the first place!

I have disabled the features of softwares I have no trust in. All is
fine. And no thanks to Windows firewall.

But please understand that I do realize Windows firewall is much better
than having no firewall at all. The MS marketing drones must have
finally listened to the developers (MS has some pretty nifty talent over
there) to include that when they saw Windows OSes getting powned within
minutes of being installed and while being patched and getting all the
negative publicity. Actually, it can still happen. It you really think
about it, it is quite hilarious.

I have learned from those reports and never ever install Windows with
the machine connected to the internet.

Now, there is no image lost due to no outbound firewall, hence no
outbound firewall. It is quite straightforward. If MS was so sensitive
to programmers and computer savvy people, it could have included it and
switched off by default thus letting users to choose.





> Read EULA prior installing software and if deemed to be 'trustworthy' find

Ah, the EULA again. It makes so many things complicated at so many
levels. Love open source for that though. No worries there at all.

 

[PA Bear [MS MVP]]

Re: FIX for ZoneAlarm & KB951748 issue released

CORRECTION:

> The Windows Firewall [IN VISTA] is inbound/outbound.

 

[PA Bear [MS MVP]]

Re: FIX for ZoneAlarm & KB951748 issue released

Leonard Grey wrote:
> "Looks like MS does not want to invest time and resources in developing
> a full firewall..."
>
> Sheesh, they got into enough trouble for bundling a web browser and a
> media player. Now you want them to bundle a firewall?

<guffaw & chortle> Pass the screen & keyboard wipes, please.

 

[H.S.]

Re: FIX for ZoneAlarm & KB951748 issue released

PA Bear [MS MVP] wrote:
> CORRECTION:
>
>> The Windows Firewall [IN VISTA] is inbound/outbound.

Yup, that I can agree with

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 12:53:14 -0700, Paul (Bornival)
<PaulBornival@discussions.microsoft.com> wrote:

>"Root Kit" wrote:
>> Outbound protection (host based) is not for free. It comes at a cost
>> which can be hard for layman to asses. The added system complexity of
>> installing a bunch of potentially vulnerable code of questionable
>> quality and functionality and the cons that follow from that, must be
>> weighed against the possible pros.
>
>Can you be more specific in this. How much more resources are really needed
>to set up outbound protection in addition to inbound. What is the payload in
>terms of CPU and memory usage ?

I'm not addressing resource usage. I'm addressing system complexity.
You add a lot of highly questionable code to an already critical
network path. This leads to an increased risk of exploitable bugs as
well as risks of misconfigured. Complexity has always been an enemy of
computer security.

>> You make a computer secure by removing unnecessary stuff and fixing
>> what is broken - not by adding further potentially vulnerable code to
>> an already insecure code base.
>
>Again, not usre about that. If we were to follow you, the only solution is
>to stop using Windows at all and moving to Linux or Apple...

How can you draw that conclusion based on my statement? What I said is
true in general. Windows can be hardened, and if you believe apple
software is generally more secure, think again.

It's an indisputable fact that what isn't running can't be attacked.
The more code you set you run (including security software) the more
attack vectors you introduce. So the trick is to run only what is
needed and to make sure that "something" is robust (which rules out
software like IE) and kept patched.

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 13:07:01 -0700, Paul (Bornival)
<PaulBornival@discussions.microsoft.com> wrote:

>"Root Kit" wrote:
>
>> On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival)
>> <PaulBornival@discussions.microsoft.com> wrote:
>>
>> >The sucessfull attacks on WinXP computers I was were before the introduction
>> >of SP2. This was completely and effectively avoided after installing ZA.
>>
>> True - but could easily have been avoided by shutting down unnecessary
>> services, adding a simple packet filter or activating the build-in
>> one.
>
>- shutting down servies is nice ... but the trouble is that the MS
>documentatin is so poor that you never know what you really do when you shut
>down a service ...

Shutting down network services can be done in less than 1 minute using
the proper tools.

>untill someone comes and complain that things do not work
>any longer as they did before... Then you realize that you better not shut
>down any service ... (I could luch longer about that, but, believe me, ther
>are so many softwares that capitalize on existing "default" Windows services
>that you think twice before shutting one down...).

Well, I don't blindly shut down services....

>- packet filters are nice, but are you going to implement them on 30
>computers with different requirements ...

What makes you think it would be harder than implementing ZA on them?

>- the build-in firewall was so well hidden that I only discovered its
>existence by accident, and it was not very esay to master... I guess MS never
>advertised it because they knew how weak and inefficient it was. If what I
>say is not true, why did not advertise it ?

How did they not advertise it?

>> >When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
>> >ZA was eventually easier to adjust to our needs. This is why I remained
>> >faithfl to ZA (and I'm not the only one...).
>>
>> I wonder what your needs are.
>
>Oh simple... a workgroup with 30 computers in peer-to-peer configuration and
>in a very open environment (each computer ahs a PUBLIC IP address - do not
>ask me why, this is so - but each needs to be reachable from outside by me
>and a few other authorized persons...;

For what purpose do you need access to them? And why would that
require public IP's?

Without knowing your exact setup, it sounds like a potentially very
insecure environment to me.

>no domain as we had no one to be its
>administrator and if the domain server fails, evryting fails ...). Seems
>crasy, but since we got ZA on all machines, we simply have no more any
>problem ...

None that you noticed, that is..

>> >Note that turning off WinXP network services was not possible (or largely
>> >unpractical) given our needs of communication between computers.
>>
>> How do you expect ZA to protect services you need to make available?
>
>Well, did YOU really tested ZA ?

Ohh, on several occasions. How about answering my question?

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 17:06:50 -0400, "H.S."
<hs.samREMOVEMEix@google.com> wrote:

>Kerry Brown wrote:
>> I don't think very many people that understand security think outbound
>> filtering is not a useful thing to do. Many people that understand how
>> computers work think that relying on a software firewall to stop
>> something that is running on the same computer and has the same or
>> higher privileges as the firewall isn't a good thing or even possible.
>> Outbound filtering is very useful for some situations. Outbound
>
>Here is another one: I do not like that every time I open an MS
>application (Word, Excel, Windows ... ), it tries to talk to Microsoft.

Then use something else.

>My firewall warns me about it and I deny it.

Yes. That's called self-denial-of-service.

>Now, I have no idea why the application is trying to phone home.

Exactly. So why assume it's bad? After all, since you installed and is
running it on your machine you must fully trust it.

>Why should it?

You better find that out instead of blindly shooting yourself in the
foot. When you have found out, you may even realize it's configurable.

>The only reason I would accept is if it is trying to find updates.

Finally some sense.

>Well, in that case, I would rather do that myself, thank you
>very much. Online help? No, don't need it. Any other reasons? Sorry, now
>you are invading my privacy.

The usual paranoid BS.. Unless you know exactly what data is sent back
and forth you have no reason to assume it's an invasion of privacy.

If you don't trust a product, you better not run it at all. It's that
simple.

 

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 21:35:36 -0300, John John (MVP) wrote:

> Kayman wrote:
>
>> On Thu, 17 Jul 2008 17:39:08 -0500, Shenan Stanley wrote:
>>
>>
>>>Conversation in entirety:
>>>http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>>>
>>>
>>>
>>><reference to the inbound/outbound argument parts only>
>>>
>>>This is one of those debates like *nix vs. Windows vs. OS X.
>>>
>>>Nothing is proven on any side, examples abound (some truthful and realistic
>>>from the single instance, some not so much) and nothing but emotions and
>>>egos get exposed.
>>>
>>>Personal experience and outside articles are quoted a lot. Some good for
>>>that single instance in time, others pulled from myth and legend and still
>>>others might actually hold up over scrutiny (the latter is often over-looked
>>>in the debate and glossed over at every turn by those opposed to the topic.)
>>>
>>>Ideas like "outbound only catches the stuff you already have and who says
>>>the application in question did not just change your outbound rules as you
>>>installed it so you still don't know you have it?" and "I like to know when
>>>something attempts to 'call home'" seem to cover most of the arguments.
>>>(Sound like "Windows has more security holes than other OSes" and "Macs just
>>>don't get viruses"...? Yeah - same type of arguments. heh)
>>>
>>>In the end - both are right, both are wrong. It's a personal preference.
>>>It's a way of computing, a mind-set, a need. I know many people who have
>>>ran many different OSes for many many years without a single instance of
>>>infection/infestation and they run no antivirus software and no antispyware
>>>software. They continuously (when someone finds out) get questions like
>>>"how do you know you actually don't have a virus or spyware/adware if you
>>>don't run anythign to prevent/check for it?"
>>>
>>>In the end - I just go by the idea that making things more complicated is
>>>seldom the proper course of action... Simplistic solutions are usually the
>>>most effective and the most eloquent.
>>>
>>>So which way do _I_ lean? Doesn't matter.
>>>
>>>Each person has their own reasoning behind whatever it is they do. I have
>>>used many different solutions (I do like to try things - see what I can
>>>learn and find) - and I do offer advice on the ones I tried that seemingly
>>>did their jobs without _over-complicating_ my life just to keep it working.
>>>However - I know that will be different for each person, and I cannot say
>>>which is less complicated for any one of them. Advice: Try each solution
>>>*if* this whole topic has any importance to you.
>>>
>>>All anyone here can offer is that someone practice some common sense. The
>>>world is dangerous - your computer gives you options the rest of the world
>>>does not (I cannot backup my car so that when I get in a wreck, I just
>>>reload for near instant recovery) - use them. Protect yourself when you can
>>>(Equate each of these to something on your computer: lock your doors to make
>>>it harder for intruders to get in while you are there *or* away, wear a coat
>>>when it is cold, wear sunglasses to protect your eyes, put on sunscreen to
>>>protect your skin, brush your teeth to prevent cavities, pick up 'your
>>>room', take out the garbage, cover your face when you cough/sneeze, store
>>>copies of important documents(life insurance, will, deeds, etc) far away
>>>from the originals, etc.)
>>>
>>>I know someone could pull one (or more) argument for one side or the other
>>>out of those - I could do it right now. heh
>>>
>>>The point - if the solution for everyone was obvious and one-sided - there
>>>would be no discussion. Being that each person is unique with differing
>>>experiences and external facts that help support their own experiences - the
>>>discussion is never-ending. Not one person here can definitively win their
>>>argument (even if you get rid of every actual 'crazy argument' -- although
>>>who decides that is yet another debate. hah)
>>>
>>>Interesting that a discussion about a particular patch that exasperated a
>>>problem in a particular piece of software could spawn a conversation along
>>>these lines... And the subject line stays the same through out. Amazing
>>>really.
>>>
>>
>>
>> Well, I don't think the discussion is about a particular software per se.
>> Rather the requirement of 'outbound control' after the introduction of NT.
>> Jesper M. Johansson wrote educational articles about this subject
>> extensively. It's an important security subject and the message is not easy
>> to convey, especially if one is blinded by the hype created by the makers
>> of 3rd party software.
>
> Before Windows XP what were people using?

I don't know but *I* was using a 3rd party (so-called) firewall application
and (incidentally) Registry Cleaner

> What were they using on NT4 and on Windows 2000?

I don't know.

> Just because XP got a firewall now anything else has suddenly become
> unfit for use?

Well, these are throwaway words; If you were more open-minded' in relation
to OS's and read (*and* comprehend) through pertinent write-ups (even in
this thread), than it'd be obvious to you - and no, I am not a techie

> Geez, I guess next the hype will be that anything but One Care will
> be no good.

Irrelevant (but it's your guess, I guess). You may wish to communicate with
Carey Frisch on this particular issue.

What is relevant, noticeable and very encouraging is that some technically
savvy MVP's expressing their doubts and/or speaking against of the use of
3rd party (so-called) firewall software application on WinXP and Vista
platforms. I can only assume that the articles published by respected
authors with outstanding credentials such as Jesper Johansson and Steve
Riley may have triggered this recent phenomenon (though some articles are
relatively dated). Not so long ago, this issue was avoided/sidelined by
most MVP's.
(And no, I can't provide any statistics but as a frequent lurker, these are
my observations).
In fact, whenever B.Nice (aka Straight Talk and now Root Kit) was touching
this issue he was attacked from left, right and center, incl. MVP's; They
were over him like a bad rash!
I reiterate, the change of direction by some MVP's is a most welcome
development and will without any doubt be beneficial for all lurkers and
newcomers who'll be thinking twice before installing Illusion Ware

 

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 19:31:09 -0500, Shenan Stanley wrote:

> Conversation in entirety:
> http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>
>
>
> Shenan wrote:
> <snip>
>> Interesting that a discussion about a particular patch that
>> exasperated a problem in a particular piece of software could
>> spawn a conversation along these lines... And the subject line
>> stays the same through out. Amazing really.
>
> Kayman wrote:
>> Well, I don't think the discussion is about a particular software
>> per se. Rather the requirement of 'outbound control' after the
>> introduction of NT. Jesper M. Johansson wrote educational articles
>> about this subject extensively. It's an important security subject
>> and the message is not easy to convey, especially if one is blinded
>> by the hype created by the makers of 3rd party software.
>
> Actually - if you read what I posted - this 'discussion' did start out as I
> stated...
> The subject line points this out quite readily. ;-)
>
> It "spawned" into what you are speaking of.
>
Yes Shenan, you're right actually!

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 17:02:23 -0400, "H.S."
<hs.samREMOVEMEix@google.com> wrote:

>Paul (Bornival) wrote:
>>
>> I am amazed by how strongly people linked to MS state that outbound
>> filtering is unecessary or even countreproductive. Yet, other people, not
>> linked to MS, think otherwise. Why is it so ?

Just for the record, I'm in no way connected to MS. I'm just able to
distinguish between what makes sense and what doesn't.

BTW, can someone point me to a list of personal firewalls for Linux?

>Looks like MS does not want to invest time and resources in developing a
>full firewall and is thus marketing and trying to convince its users
>that outbound control is unnecessary.

First of all, and once again for the record: Outbound control can make
good sense and is *not* considered unnecessary. Repeating this false
statement doesn't make it right. Host based outbound application
control on a windows OS as a security measure against malware on the
other hand is *nonsense*.

So to answer your question, a more likely but of course much less
exiting explanation is that MS actually know their own OS well enough
to know that such a thing as outbound application control would be
waste of code.

For such a concept to make sense it would have to be implemented as a
core integrated part of an OS with very strong restrictions on what
applications are allowed to do.

>Historically, MS has wanted their OS to be used by dumb average Joe
>users and thus tuned its system as such.

If you're unhappy about that feel free to use something else.

<snipped the usual MS bashing>

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 17:39:08 -0500, "Shenan Stanley"
<newshelper@gmail.com> wrote:

>In the end - both are right, both are wrong.

So there is no such things as indisputable facts?

>It's a personal preference.

A preference which should be based mainly on facts instead of gut
feelings.

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Thu, 17 Jul 2008 21:35:36 -0300, "John John (MVP)"
<audetweld@nbnet.nb.ca> wrote:

>Before Windows XP what were people using? What were they using on NT4
>and on Windows 2000? Just because XP got a firewall now anything else
>has suddenly become unfit for use?

That hasn't really been the topic of discussion. The discussion has
been about the value of outbound control. To the best of my knowledge
no one has questioned the value of inbound protection.

>Geez, I guess next the hype will be
>that anything but One Care will be no good.

I doubt it. But a good technical discussion about the abilities of
security software in general would probably be of value.

 

[Shenan Stanley]

Re: FIX for ZoneAlarm & KB951748 issue released

Conversation in entirety:
http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af



<actual posting being responded to in its whole form - as intended>
Shenan Stanley wrote:
> <reference to the inbound/outbound argument parts only>
>
> This is one of those debates like *nix vs. Windows vs. OS X.
>
> Nothing is proven on any side, examples abound (some truthful and
> realistic from the single instance, some not so much) and nothing
> but emotions and egos get exposed.
>
> Personal experience and outside articles are quoted a lot. Some
> good for that single instance in time, others pulled from myth and
> legend and still others might actually hold up over scrutiny (the
> latter is often over-looked in the debate and glossed over at every
> turn by those opposed to the topic.)
>
> Ideas like "outbound only catches the stuff you already have and
> who says the application in question did not just change your
> outbound rules as you installed it so you still don't know you have
> it?" and "I like to know when something attempts to 'call home'"
> seem to cover most of the arguments. (Sound like "Windows has more
> security holes than other OSes" and "Macs just don't get
> viruses"...? Yeah - same type of arguments. heh)
>
> In the end - both are right, both are wrong. It's a personal
> preference. It's a way of computing, a mind-set, a need. I know
> many people who have ran many different OSes for many many years
> without a single instance of infection/infestation and they run no
> antivirus software and no antispyware software. They continuously
> (when someone finds out) get questions like "how do you know you
> actually don't have a virus or spyware/adware if you don't run
> anythign to prevent/check for it?"
>
> In the end - I just go by the idea that making things more
> complicated is seldom the proper course of action... Simplistic
> solutions are usually the most effective and the most eloquent.
>
> So which way do _I_ lean? Doesn't matter.
>
> Each person has their own reasoning behind whatever it is they do.
> I have used many different solutions (I do like to try things - see
> what I can learn and find) - and I do offer advice on the ones I
> tried that seemingly did their jobs without _over-complicating_ my
> life just to keep it working. However - I know that will be
> different for each person, and I cannot say which is less
> complicated for any one of them. Advice: Try each solution *if*
> this whole topic has any importance to you.
>
> All anyone here can offer is that someone practice some common
> sense. The world is dangerous - your computer gives you options
> the rest of the world does not (I cannot backup my car so that when
> I get in a wreck, I just reload for near instant recovery) - use
> them. Protect yourself when you can (Equate each of these to
> something on your computer: lock your doors to make it harder for
> intruders to get in while you are there *or* away, wear a coat when
> it is cold, wear sunglasses to protect your eyes, put on sunscreen
> to protect your skin, brush your teeth to prevent cavities, pick up
> 'your room', take out the garbage, cover your face when you
> cough/sneeze, store copies of important documents(life insurance,
> will, deeds, etc) far away from the originals, etc.)
>
> I know someone could pull one (or more) argument for one side or
> the other out of those - I could do it right now. heh
>
> The point - if the solution for everyone was obvious and one-sided
> - there would be no discussion. Being that each person is unique
> with differing experiences and external facts that help support
> their own experiences - the discussion is never-ending. Not one
> person here can definitively win their argument (even if you get
> rid of every actual 'crazy argument' -- although who decides that
> is yet another debate. hah)
>
> Interesting that a discussion about a particular patch that
> exasperated a problem in a particular piece of software could spawn
> a conversation along these lines... And the subject line stays the
> same through out. Amazing really.
<breaking it into fragments leave out the whole idea>
<which was done below>

Shenan Stanley wrote:
<extremely snipped>
> In the end - both are right, both are wrong.
<extremely snipped>

Root Kit wrote:
> So there is no such things as indisputable facts?

Shenan Stanley wrote:
<extremely snipped>
> It's a personal preference.
<extremely snipped>

Root Kit wrote:
> A preference which should be based mainly on facts instead of gut
> feelings.


Response to:
> So there is no such things as indisputable facts?

I covered that in the whole...

> Personal experience and outside articles are quoted a lot. Some
> good for that single instance in time, others pulled from myth and
> legend and still others might actually hold up over scrutiny (the
> latter is often over-looked in the debate and glossed over at every
> turn by those opposed to the topic.)

Whether or not a fact is *actually* indisputable seldom has the effect of
those emotional charged in the opposite manner stopping their refuting of
said fact.

In other words - no matter what you do, people will believe what people will
believe. Obstinance is a distinctly human trait. Seldom do you see other
animals refusing to believe that the mountain that lies before them actually
lies before them. ;-)


Response to:
> A preference which should be based mainly on facts instead of gut
> feelings.

Without a doubt and pretty much what I said.

> Advice: Try each solution *if*
> this whole topic has any importance to you.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Fri, 18 Jul 2008 15:24:04 +0700, Kayman
<kaymanDeleteThis@operamail.com> wrote:

>In fact, whenever B.Nice (aka Straight Talk and now Root Kit) was touching
>this issue he was attacked from left, right and center, incl. MVP's; They
>were over him like a bad rash!

"All truth goes through three stages. First it is ridiculed. Then it
is violently opposed. Finally, it is accepted as self-evident."
-Schoepenhouer

 

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Fri, 18 Jul 2008 10:20:55 GMT, Root Kit wrote:

> On Fri, 18 Jul 2008 15:24:04 +0700, Kayman
> <kaymanDeleteThis@operamail.com> wrote:
>
>>In fact, whenever B.Nice (aka Straight Talk and now Root Kit) was touching
>>this issue he was attacked from left, right and center, incl. MVP's; They
>>were over him like a bad rash!
>
> "All truth goes through three stages. First it is ridiculed. Then it
> is violently opposed. Finally, it is accepted as self-evident."
> -Schoepenhouer

Very true indeed