Password vault software
Ed
talking
about what they claim about the length of key they use, but how
trustworthy
the supplier/developer is. Or, perhaps I should be asking how much
trust I
have to place on the supplier/developer. For example, what would keep
an unscrupulous supplier/developer from embedding a little piece of
code
to send all my passwords to him?
TIA
Ed
Vanguard
So are you saying that you have never heard of personal software
firewalls? If not, time to get one. Get one with outbound control,
like application rules. Then you can decide which applications can
make Internet connections and which cannot.
Comodo's firewall is top-rated amongst the free personal firewalls.
Todd H.
This is a worthy concern. Is it open source? Has the source been
made publicly available for vetting and comment? If not, I'm not
sure I'd be quick to trust it.
Password Safe is an open source alternative.
http://passwordsafe.sourceforge.net/
http://sourceforge.net/projects/passwordsafe/
http://en.wikipedia.org/wiki/Password_Safe
Best Regards,
--
Todd H.
http://www.toddh.net/
Ed
a software firewall would be redundant. I'll take a look at it and
see if I can disallow particular programs for Internet access.
Ed
Ed
I'll take a look at Password Safe.
Ed
Todd H.
> Thanks. I use a Netgear FM114P firewall router so I assume that
> a software firewall would be redundant.
No, it would be considered "defense in depth."
Vanguard
news:q%Fxi.57$JD...@newssvr21.news.prodigy.net...
>
>> So are you saying that you have never heard of personal software
>> firewalls? If not, time to get one. Get one with outbound
>> control, like application rules. Then you can decide which
>> applications can make Internet connections and which cannot.
>>
>> Comodo's firewall is top-rated amongst the free personal firewalls.
>
> Thanks. I use a Netgear FM114P firewall router so I assume that
> a software firewall would be redundant. I'll take a look at it and
> see if I can disallow particular programs for Internet access.
Firewalls in a personal router cannot provide application rules.
That's because the application (and its processes) aren't running on
the router. Router firewalls can provide some outbound control, like
on protocols, IP or MAC addresses, time of day, IP name/address
censoring, etc. They don't know what application generated what
traffic that is going out through them.
If you want to control which applications can connect OUT from the
host on which they execute, get a software firewall that runs on THAT
same host. Very nasty malware can circumvent firewalls but you aren't
talking about malware.
Didn't find an "FM114P" listed at netgear.com but did find "FR114P".
They mention "Network Software (e.g. Windows)". Is that a software
firewall that runs on each intranet host? Or is that just some local
app to provide a web-based interface to their router device? I saw no
mention of app rules (or inclusion of IPS to control what process can
call what program to make the connection). I did a very cursory scan
of the manual at
ftp://downloads.netgear.com/files/FR114P_FR114W_FM114P_RefGuide.pdf
but still saw nothing to control which applications (and their caller
processes) would be allowed a network connection, to what target
sites, for which ports, and for what protocols.
For example, with your Netgear router, how would you prevent the
wgatray.exe program from connecting to Microsoft when you start
Windows? (I actually stop it from loading by using an IPS, like
System Safety Monitor, but used to block its connection attempt in the
Comodo firewall.)
Ed
"Vanguard" <vang...@mail.invalid> wrote in message
news:jvCdnTvrLODqHlrb...@comcast.com...
Firewalls in a personal router cannot provide application rules.
> That's because the application (and its processes) aren't running on
> the router. Router firewalls can provide some outbound control,
> like on protocols, IP or MAC addresses, time of day, IP name/address
> censoring, etc. They don't know what application generated what
> traffic that is going out through them.
Thanks. That helps a lot.
> same host. Very nasty malware can circumvent firewalls but you
> aren't talking about malware.
What would you call a little piece of code embedded in a passworad
vault
that shipped the passwords back to the software provider? Sounds "mal"
to me.
>
> Didn't find an "FM114P" listed at netgear.com but did find "FR114P".
This router is probably among the no longer supported models. At it's
time
it was considered pretty good. But, you're right. Ther is no way to
specify
a particulzr app to block.
> They mention "Network Software (e.g. Windows)". Is that a software
> firewall that runs on each intranet host?
Don't know.
I do have Panda AV software which offers a firewall. I've never
activated it
for (misguided) reasons stated previously. I will look to see what it
can do.
>
> For example, with your Netgear router, how would you prevent the
> wgatray.exe program from connecting to Microsoft when you start
> Windows?
Don't know hat that is.
Thanks. I need this kind of enlightenment. Don't want someone draining
my
retirement accounts...
Ed
Vanguard
news:L3Oxi.119$JD...@newssvr21.news.prodigy.net...
>
> "Vanguard" wrote ...
>> same host. Very nasty malware can circumvent firewalls but you
>> aren't talking about malware.
>
> What would you call a little piece of code embedded in a passworad
> vault
> that shipped the passwords back to the software provider? Sounds
> "mal" to me.
The malware has to target the specific software firewall. Most
malware doesn't even check for a firewall. They just try to connect.
I said "very" nasty malware, the type specifically aimed to defeat
software firewalls. Comodo is better than many in that it can block
any network connects until it loads (to eliminate that window of
opportunity) provided you enable that option. It is also more
difficult for malware to kill Comodo but not impossible (compared to
many of the other software firewalls).
> I do have Panda AV software which offers a firewall. I've never
> activated it
> for (misguided) reasons stated previously. I will look to see what
> it can do.
You might want to visit http://www.firewallleaktester.com/ to see how
well your Panda firewall resists leaks and termination. For example,
if you visit
http://www.firewallleaktester.com/termination_overview.php (click on
the Results button at the bottom) for the termination testing, you'll
see the free Comodo firewall fared equally or better to the paid
firewalls (and other free firewalls fared worse than Comodo). In the
summary, Comodo (free) was third with Outpost ($40) and Kasperksy
($80) taking 1st and 2nd place, respectively. Panda wasn't even
included in the test list (or did so poorly that it ranked at 14th
place, or worse, so as not to be included), or it simply repackages
another firewall (Computer Associates, for example, repackages
ZoneAlarm under their EzArmor product name). However, if you visit
their leak testing results at
http://www.firewallleaktester.com/tests_overview.php, Comodo only get
a mediocre rating. Also notice that ZoneAlarm Pro does well but the
free version does very poorly. Jetico was 1st in preventing leaks but
poor at preventing itself from being terminated. Outpost was 1st or
2nd in both tests. Note that these tests are over year old so there
has probably been some change in results (but don't expect a poorly
rated product to suddenly jump to the top; they usually just jostle
around within a few ranking positions of each other).
I use Comodo because it's hard to beat free unless the product's
quality and effectiveness equates to its price. I don't want a
firewall that can be easily terminated. I also want one that can
block connections until the full firewall is loaded. For the mediocre
leak protection, I rely on a layered approach to prevent malware
getting on my host in the first place, the utmost of which is an IPS
(intrusion prevention system) program, like System Safety Monitor
(also free although the paid version has more protections). If a
program can't get into real memory, it can't run. But an IPS is not
for the newbies or lazy users.
Comodo's firewall already includes IPS for apps and processes wanting
a network connection. Their next version anti-virus program is
supposed to also include IPS (by integrating their somewhat antiquated
BOClean product but improving it to meet with standard features found
in current IPS software). Right now the antivirus program is far too
bloated on memory consumption. For now, I use AVG for anti-virus
protection although I might go back to AntiVir although after Avira it
became bannerware; see
http://www.av-comparatives.org/seiten/ergebnisse_2007_02.php for
coverage comparisons (Panda isn't listed but maybe they bundle in
someone else's AV product that is listed, but Comodo's AV isn't
listed, either; also, they don't show std deviation so don't go by the
total score but instead check how consistent they are on coverage
across all categories but giving Windows virus the heaviest
weighting).
Sebastian G.
> "Ed" wrote in message
> news:L3Oxi.119$JD...@newssvr21.news.prodigy.net...
>> "Vanguard" wrote ...
>>> same host. Very nasty malware can circumvent firewalls but you
>>> aren't talking about malware.
>> What would you call a little piece of code embedded in a passworad
>> vault
>> that shipped the passwords back to the software provider? Sounds
>> "mal" to me.
>
> The malware has to target the specific software firewall.
Why? No need.
> Most malware doesn't even check for a firewall. They just try to connect.
No. They just hook a trusted process like iexplore.exe or firefox.exe.
> Comodo is better than many in that it can block
> any network connects until it loads (to eliminate that window of
> opportunity) provided you enable that option.
Ehm... isn't that a triviality?
> It is also more difficult for malware to kill Comodo but not impossible
> (compared to many of the other software firewalls).
Nonsense, it's always trivial. Hooking some little kernel functions won't
help ever.
> You might want to visit http://www.firewallleaktester.com/ to see how
> well your Panda firewall resists leaks and termination.
LOL.
> For example, if you visit
> http://www.firewallleaktester.com/termination_overview.php (click on
> the Results button at the bottom) for the termination testing, you'll
> see the free Comodo firewall fared equally or better to the paid
> firewalls (and other free firewalls fared worse than Comodo).
For example, if you visit this website, you'll see that Comodo firewall is
listed. Thus, it's obviously a highly defective software.
> I use Comodo because it's hard to beat free unless the product's
> quality and effectiveness equates to its price.
LOL? Even the Windows Firewall is better.
> I don't want a firewall that can be easily terminated.
Then don't run with admin rights, you stupid fool.
> I also want one that can block connections until the full firewall is
> loaded.
Well, isn't that trivially a standard behaviour?
> For the mediocre leak protection, I rely on a layered approach to prevent
> malware getting on my host in the first place,
<img src="https://www.malware.org/malware.exe">
> the utmost of which is an IPS (intrusion prevention system) program, like
> System Safety Monitor
Still it doesn't prevent you from brabbling bullshit.
> If a program can't get into real memory, it can't run.
<img src="https://www.malware.org/malware.exe">
Vanguard
but got rid of it. Although it might have higher coverage than AVG, I
couldn't take the constant banner crap. They'd spew out a large
window telling you the free version doesn't include anti-spyware
protection. A window appears during the daily update that will push
you out of any game and be on top of all other windows (i.e., it
forces their banner window in your face).
When you install, you get a 3-month trial period. They say the
license will extend itself for another 4 weeks but it then goes into
"demo" mode (you'll see "Key expired [DEMO Mode]" in the update
report). That means it will detect but not disinfect (i.e., it
becomes worthless). After expiration, you don't get any more
signature updates (i.e., the product goes dead and can detect only the
old malware). Then you have to buy the Personal Premium version
($27). You could save a partition image before installing AntiVir and
then restore it after the expiration to again install AntiVir but then
you lose any other changes made to that partition over that 3-month
interval. AntiVir was a good product until Avira got their hands on
it and fucked it up.
I knew there were reasons why I dumped Avira's demoware. Not
interested in popup windows (i.e., banners), especially when they
interfere with other programs. Not interested in trialing an AV
product for just 3 months whereupon it becomes crippled for another
month and then it stops accepting sig updates. Freeware it is not.
Demoware it be. Not interested in self-destruct software.
Note:
AVG also has a banner but also an option to turn it off.
The free versions don't have all the features testing in the
av-comparatives report. For example, the free version of Avast does
not include script blocking. If you just look at the average of
Windows and macro viruses (what Avast can handle), Avast is 97.01%
versus 94.46% for AVG. I can't tell if AVG includes script blocking
(no option to configure it). Avast is much more configurable than
AVG. I can run AVG using a command line so I can use the far superior
options in Task Scheduler rather than the scheduler included in AVG.
Alwil says their Avast doesn't have a CLI (command-line interface).
Either AVG or Avast will do you well. I can't tell how well Panda's
AV works.
You might decide not to stick with Panda and use one of the freebie AV
alternatives which means you definitely don't need to stick with what
firewall is included in Panda's suite.
Bogwitch
Hi Vanguard,
I have Avira Antivir PersonalEdition Classic loaded onto one of my lab
machines. It is bannerware but it is _NOT_ crippleware. It has been
running succesfully for well over a year with full updates and no
license timeout. I don't know if this is something that has changed
since you last used it. Yes, the banner is annoying but I have found
detection rates to be excellent, better than a lot of the commercial
A/V. It is the product I have recommended to home users within my family
and friends. I have no experience of it in it's commercial clothes -
they would not provide the commercial version for my lab - I may ask
again. :)
I was put off AVG some time ago when they used to have updates only once
a fortnight for the home version - I am reliably informed that they have
changed the policy on this and now provide daily updates but it's
difficult to forgive and forget - the same as you with Avira, I guess!
IMHO, the detection rates with Panda are dismal. (comparitively speaking)
Do you have any experience of submitting virus reports to any of the AV
companies? I have had mixed success from AV companies but the response
from Avira has been excellent, only surpassed by Sophos and don't get me
started about McAfee!
Bogwitch.
Vanguard
> Vanguard wrote:
>
>> "Ed" wrote in message
>> news:L3Oxi.119$JD...@newssvr21.news.prodigy.net...
>>> "Vanguard" wrote ...
>>>> same host. Very nasty malware can circumvent firewalls but you
>>>> aren't talking about malware.
>>> What would you call a little piece of code embedded in a passworad
>>> vault
>>> that shipped the passwords back to the software provider? Sounds
>>> "mal" to me.
>>
>> The malware has to target the specific software firewall.
> Why? No need.
So you expect malware to kill every process hoping to hit those for
the firewall? You think all firewalls respond to a common method
called via API or CLI so they can all be asked to disable or unload?
Yes, malware can target multiple firewalls to terminate them but they
are still targeting specific firewalls based on vulnerabilities of
each.
>> Most malware doesn't even check for a firewall. They just try to
>> connect.
> No. They just hook a trusted process like iexplore.exe or
> firefox.exe.
Not if you use a firewall that checks who is the caller process.
Comodo does that. Some others, too, but not all. I said most don't
*check* for a firewall and instead just connect. I didn't say HOW
they try to connect. Many firewalls don't include IPS. Some do.
>> Comodo is better than many in that it can block any network
>> connects until it loads (to eliminate that window of opportunity)
>> provided you enable that option.
> Ehm... isn't that a triviality?
That a process can connect before the firewall loads? So it can
connect before any rules from the firewall can be applied against that
process? If it is so trivial, why don't all firewalls provide this
function?
I was suggesting personal software firewalls based on the OP's
question. He certainly doesn't look to be searching for an
enterprise-level solution or a firewall appliance (which is still
separate and doesn't have app control on the host).
>> It is also more difficult for malware to kill Comodo but not
>> impossible
> Nonsense, it's always trivial. Hooking some little kernel functions
> won't help ever.
DiamondCS has their tool to attempt several different methods to kill
a process. The testing mentioned used it and some other kill tools.
So what are YOUR *specific* tools that go beyond these recognized
tools? Apparently you think there is a long list of other kill
methods not touched by these tools.
Did I say that Comodo passed every kill test? You actually saw me say
that somewhere? It's a *software* firewall so obviously it is not
absolutely impervious to every attack. The idea was to provide some
level of app control that a separate firewall appliance cannot
provide.
>> For example, if you visit
>> http://www.firewallleaktester.com/termination_overview.php (click
>> on the Results button at the bottom) for the termination testing,
>> you'll see the free Comodo firewall fared equally or better to the
>> paid firewalls (and other free firewalls fared worse than Comodo).
>
> For example, if you visit this website, you'll see that Comodo
> firewall is listed. Thus, it's obviously a highly defective
> software.
Oh, I see. If I had recommended Outpost then the results for Outpost
are somehow obvious in showing Outpost is defective software. Since a
large number of personal software firewalls are listed, they must all
be defective, uh huh. Did you miss the part that they are *software*
firewalls which means they are also running on the SAME host as the
malware? I wasn't discussing separate firewall appliances.
>> I use Comodo because it's hard to beat free unless the product's
>> quality and effectiveness equates to its price.
> LOL? Even the Windows Firewall is better.
This from someone claiming "Even further, there's no need for running
Windows Firewall with a proper network configuration" but never
addresses application control. The Windows firewall does nothing
regarding outbound control for any apps. The Windows firewall is what
you start with during and just after the Windows install. Then you
get something *better*.
So beyond all this hoopla over malware, has anyone yet declared that
the vault software mentioned by the OP is actually malware? If not,
it's just another normal application that could easily be controlled
by a software firewall with app rules.
>> I don't want a firewall that can be easily terminated.
> Then don't run with admin rights, you stupid fool.
Sure, uh huh, no one ever needs to run under administrator rights
under any situation. For example, try using WinRunner for install and
uninstall testing. If the malware is there, and since there ARE times
when users need admin rights to do something, like installs or manage
user profiles or take ownership of files, BOOM, the malware is still
there when the user has to go into an admin account. Those accounts
don't stop users from downloading files, or stop them from running
them when logged on even if only occasionally under an admin account.
Users can always thwart security. You think the user that believes
they are downloading some security software which turns out to be
rogueware won't be logging in under Administrator to then install that
rogueware? The user will circumvent that protection at the earliest
inconvenience. Relying on a non-admin account to protect you from
malware is like relying on "Do Not Enter" sign to keep the pets from
escaping through an unlocked door. Whether the user or admin, the
Administrator account is unlocked to anyone with the password who then
runs the infected software to install it.
> > I also want one that can block connections until the full firewall
> > is
> > loaded.
> Well, isn't that trivially a standard behaviour?
No, since many software firewalls do NOT include this functionality.
> > For the mediocre leak protection, I rely on a layered approach to
> > prevent
> > malware getting on my host in the first place,
> <img src="https:// www. malware. org/ malware. exe">
Did you have a point here? That there is no such file to download
from there? That even this guy recommends using a firewall
(http://www.malware.org/faq/faq.htm#how_protect)?
Vanguard
news:CY2yi.11374$mZ5....@newsfe6-win.ntli.net...
>
> I have Avira Antivir PersonalEdition Classic loaded onto one of my
> lab machines. It is bannerware but it is _NOT_ crippleware. It has
> been running succesfully for well over a year with full updates and
> no license timeout.
Just before posting, I ran a test of AntiVir in a VM under VMWware
Server. After the install (and reboot) done today (Aug 2007), I did a
sig update. I then moved the clock forward to 2 weeks beyond the
3-month trial period and rebooted. The sig update still occurred but
the log showed that AntiVir was now in DEMO mode. Something must
change regarding the functionality of a product that switches from
full to demo mode. I then moved the date ahead to Mar 2008, rebooted,
and an attempt to run a sig update now showed in the log showed
"invalid license key" plus the sig update failed (so it still showed
the last update was back in Aug 2007 when it was first updated). I
saw the product change to DEMO mode after the 3-month trial period but
before the extended month had elapsed. At 7 months out, it refused to
retrieve sig updates complaining about an invalid license and still
showed the 7-month old sig datestamp. This was tested using AntiVir
version 7.00.04.15 (since that's what the download is today) under
Windows XP Pro SP-2 but under VMWare Server 1.0.3.
It is unclear what exactly happens when AntiVir goes into DEMO mode
but it does happen after the 3-month trial. I suspect that you don't
get program updates in the 4th month but still get sig updates (but I
had their latest version so there were no program updates to retrieve
to test). I've seen many posts by other AntiVir users who complain
that their last signature update was sometime before the trial
expiration; i.e., after the trial expires then no more updates.
If it weren't for the banners and the expiration then I'd be using
AntiVir (free version). I just removed AVG (free) and put in Avast
which consumes twice the memory (real + virtual) of AVG: 3.3MB real +
37.1MB virtual for AVG, 41.7MB real + 41.1MB virtual for Avast. There
are several features of Avast that I like but it definitely consumes
more memory. Hopefully another 40MB won't matter with 2GB real RAM.
Unfortunately I've had several more false positives with Avast than
with AVG. I understand why the false positives on the Nirsoft
utilities but not why on the .vdmk files for the VMs in VMWare (which
are base OS installs with no other software, like Windows XP Pro SP-2,
Solaris 10, and Fedora 7). For AVG, I could schedule an on-demand
scan using the command-line in a Task Scheduler event (the schedulers
suck that are in AV products) but the ashCmd.exe for command-line
access to Avast is missing in the free version. I can run
"ashQuick.exe c:\ d:\" to scan my 2 drives but it halts on a detection
(even a false one) so it is worthless for scheduling a scan when no
one will be at the host.
I suppose that eventually I'll have to abandon the freebies and get
the commercial versions. Oh joy, then I get to trial all the
commercial versions to compare them against each other.
> I was put off AVG some time ago when they used to have updates only
> once a fortnight for the home version - I am reliably informed that
> they have changed the policy on this and now provide daily updates
> but it's difficult to forgive and forget - the same as you with
> Avira, I guess!
From what I've seen from using AVG (free) for several months, you get
one update per day for the free version. You get to schedule it to
occur within a selected 2-hour slot so you can vary the time of day
when it happens. The default for Avast (free) is 4 hours although you
can change it. I gave up on the AntiVir retest when I saw it
interferring with my fullscreen apps with its popover banner windows,
saw it go into DEMO mode after the 3-month trial expiration, and
couldn't get sig updates after the 3+1 trial period, so I don't know
what are the scheduling options for updates in AntiVir.
> Do you have any experience of submitting virus reports to any of the
> AV companies? I have had mixed success from AV companies but the
> response from Avira has been excellent, only surpassed by Sophos and
> don't get me started about McAfee!
I figure if the AV program tells me about a virus then there is no
point to report it. They already know. Last time I submitted any
suspect files was to Symantec who started a discussion within 3 days.
That was several years ago (and for false positives). It's been so
infrequent that a virus or malware made it to my host that I can't
remember when I last had any show up. Despite all the security
software (which I've pared down to IPS, AV, firewall, and anti-spyware
where only 1 of each is running since I still want a usable host), I
figure the final protection is at the user. All the security software
in the world cannot circumvent an ignorant or corruptive user since
their general-purpose computer must still be usable to them.
Vanguard
which state that I need to download and also install the hbdev.key (a
license file). After installing AntiVir, I need to copy this file
into AntiVir's install directory and reboot. Despite the install
generating a random serial number, apparently you need this newer
license file. So I did the following in a virtual machine:
- Download latest version of AntiVir.
- Download new hbdev.key file.
- Install Antivir but choose to NOT do any updates (so they'd be
available later since never applied yet).
- The product's status says it license expires on 11/30/2007.
- I set the clock ahead to 12/14/2007, two weeks after the expiration
and supposedly within the 1 month extension.
- Rebooted the VM.
- Tried to do an update.
- The update failed with "no valid license key" and "key expired [DEMO
Mode]".
So feel lucky that you have an older version and/or a license key that
pushes the expiration out a long ways for you. I can only get a
3-month trial of AntiVir Personal Classic (the free version).
Sebastian G.
> So you expect malware to kill every process hoping to hit those for
> the firewall?
No. It doesn't need to deactivate it at all.
> You think all firewalls respond to a common method
> called via API or CLI so they can all be asked to disable or unload?
No. But the OS does.
> Yes, malware can target multiple firewalls to terminate them but they
> are still targeting specific firewalls based on vulnerabilities of
> each.
There is a trivial vulnerability: You're running with admin rights.
>>> Most malware doesn't even check for a firewall. They just try to
>>> connect.
>> No. They just hook a trusted process like iexplore.exe or
>> firefox.exe.
>
> Not if you use a firewall that checks who is the caller process.
Caller? We're talking about IPC.
> That a process can connect before the firewall loads? So it can
> connect before any rules from the firewall can be applied against that
> process? If it is so trivial, why don't all firewalls provide this
> function?
So, you can name some counterexamples?
> I was suggesting personal software firewalls based on the OP's
> question. He certainly doesn't look to be searching for an
> enterprise-level solution or a firewall appliance (which is still
> separate and doesn't have app control on the host).
Well, and I was simply talking about firewalls. You know, packet filters you
can build routing firewalls from.
> DiamondCS has their tool to attempt several different methods to kill
> a process. The testing mentioned used it and some other kill tools.
> So what are YOUR *specific* tools that go beyond these recognized
> tools? Apparently you think there is a long list of other kill
> methods not touched by these tools.
Right. And that's a triviality for anyone who has a clue about how operating
systems work.
> Did I say that Comodo passed every kill test? You actually saw me say
> that somewhere? It's a *software* firewall so obviously it is not
> absolutely impervious to every attack. The idea was to provide some
> level of app control that a separate firewall appliance cannot
> provide.
The idea obviously was to try something useless and furtile.
> Oh, I see. If I had recommended Outpost then the results for Outpost
> are somehow obvious in showing Outpost is defective software. Since a
> large number of personal software firewalls are listed, they must all
> be defective, uh huh.
Correct.
> Did you miss the part that they are *software*
> firewalls which means they are also running on the SAME host as the
> malware?
See? That's why they're defective.
> I wasn't discussing separate firewall appliances.
Me not either. But hooking APi functions doesn't belong to a packet filter,
since it's useless.
> This from someone claiming "Even further, there's no need for running
> Windows Firewall with a proper network configuration" but never
> addresses application control.
Application control cannot be addressed at all.
> The Windows firewall does nothing regarding outbound control for any apps.
Because it would be useless anyway.
> So beyond all this hoopla over malware, has anyone yet declared that
> the vault software mentioned by the OP is actually malware? If not,
> it's just another normal application that could easily be controlled
> by a software firewall with app rules.
If it's not malware, that it doesn't require any such control.
>>> For the mediocre leak protection, I rely on a layered approach to
>>> prevent
>>> malware getting on my host in the first place,
>> <img src="https:// www. malware. org/ malware. exe">
>
> Did you have a point here? That there is no such file to download
> from there? That even this guy recommends using a firewall
> (http://www.malware.org/faq/faq.htm#how_protect)?
Argh. Now will you get a clue that malware.org was a generic example for
hosts hosting malware and that the real point is the IMG tag and the HTTPS
protocol? It will load the file into memory and also into the browser's cache.
Vanguard
>> Oh, I see. If I had recommended Outpost then the results for
>> Outpost are somehow obvious in showing Outpost is defective
>> software. Since a large number of personal software firewalls are
>> listed, they must all be defective, uh huh.
>
> Correct.
>
>> Did you miss the part that they are *software* firewalls which
>> means they are also running on the SAME host as the malware?
>
> See? That's why they're defective.
Padlocks don't stop determined burglars, either, yet I bet you still
lock your house and car doors when you leave them.
Sebastian G.
Many mistakes in the argument:
- Padlocks aren't supposed to protect your house or car, but to fulfill the
requirements from your assurance.
- In the analogue world, there is always a "use more force". In the digital
world, all states are enumerable and can be addressed, thus security
measures can be complete. However, all incomplete measures can be trivially
circumvented.
At any rate, such functionality does not belong to a packet filter. And a
packet filter isn't supposed to to protect against malware on the host.
Bri
I hope this helps.
Regards,