Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
looking for XP firewall
8 views
Skip to first unread message
bob
Sep 28, 2011, 6:22:08 AM9/28/11
to
Looking for suggestions or link to article for good firewall for XP.
want to be able to block domains.
want to be able to restrict some programs from accessing internet.
want to be able to block domains.
want to be able to restrict some programs from accessing internet.
1PW
Sep 28, 2011, 2:12:52 PM9/28/11
to
dg3
Oct 4, 2011, 2:12:28 PM10/4/11
to
Ansgar -59cobalt- Wiechers
Oct 4, 2011, 5:07:11 PM10/4/11
to
is a Really Good Idea(tm). Not.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
dg3
Oct 5, 2011, 11:16:43 PM10/5/11
to
On 4 Oct 2011 21:07:11 GMT, Ansgar -59cobalt- Wiechers wrote:
> dg3 <b...@pilul.ru> wrote:
>> [6 quoted lines suppressed]
> dg3 <b...@pilul.ru> wrote:
>> [6 quoted lines suppressed]
>
> Yeah, because running outdated, unpatched software as a security measure
> is a Really Good Idea(tm). Not.
>
> cu
> 59cobalt
all the updated new stuff has the nsa backdoors wide open, same with win7.
> Yeah, because running outdated, unpatched software as a security measure
> is a Really Good Idea(tm). Not.
>
> cu
> 59cobalt
Ansgar -59cobalt- Wiechers
Oct 6, 2011, 7:34:40 AM10/6/11
to
[ Kerio 2.1.5 ]
cu
59-Tinfoil hat, anyone?-cobalt
>> Yeah, because running outdated, unpatched software as a security
>> measure is a Really Good Idea(tm). Not.
>
>> measure is a Really Good Idea(tm). Not.
>
> all the updated new stuff has the nsa backdoors wide open, same with
> win7.
You may want to provide evidence for that claim.
> win7.
cu
59-Tinfoil hat, anyone?-cobalt
ein
Oct 6, 2011, 2:28:16 PM10/6/11
to
http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/
TheGunslinger
Oct 23, 2011, 12:35:21 PM10/23/11
to
On Wed, 28 Sep 2011 05:22:08 -0500, "bob" <not_v...@yahoo.com>
wrote:
>Looking for suggestions or link to article for good firewall for XP.
> want to be able to block domains.
> want to be able to restrict some programs from accessing internet.
>
Try AVG Internet Security, still supports XP/XP Mode under Win7.
IMHO.
MJR
wrote:
>Looking for suggestions or link to article for good firewall for XP.
> want to be able to block domains.
> want to be able to restrict some programs from accessing internet.
>
IMHO.
MJR
Shadow
Dec 31, 2011, 3:22:54 PM12/31/11
to
Vulnerabilities listed are not targeted by hackers anymore.
Too few people use it, and the ones that do are not the best victims.
IMHO
[]'s
Ansgar -59cobalt- Wiechers
Jan 2, 2012, 8:40:45 AM1/2/12
to
Obscurity is an utterly braindead security policy.
cu
59cobalt
Shadow
Jan 30, 2012, 10:21:06 AM1/30/12
to
On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers
updated daily by adobe, oracle, microsoft, google or whatever.
:)
[]'s
<usene...@planetcobalt.net> wrote:
>Shadow <S...@dow.br> wrote:
>> On Tue, 4 Oct 2011 11:12:28 -0700, dg3 <b...@pilul.ru> wrote:
>>>On Wed, 28 Sep 2011 05:22:08 -0500, bob wrote:
>>>> Looking for suggestions or link to article for good firewall for XP.
>>>> want to be able to block domains.
>>>> want to be able to restrict some programs from accessing internet.
>>>
>>> kerio 2.15
>>
>> +1
>> Vulnerabilities listed are not targeted by hackers anymore.
>> Too few people use it, and the ones that do are not the best victims.
>
>-1
>
>Obscurity is an utterly braindead security policy.
>
>cu
>59cobalt
I'd rather keep the vulnerabilities I know than have them
>Shadow <S...@dow.br> wrote:
>> On Tue, 4 Oct 2011 11:12:28 -0700, dg3 <b...@pilul.ru> wrote:
>>>On Wed, 28 Sep 2011 05:22:08 -0500, bob wrote:
>>>> Looking for suggestions or link to article for good firewall for XP.
>>>> want to be able to block domains.
>>>> want to be able to restrict some programs from accessing internet.
>>>
>>> kerio 2.15
>>
>> +1
>> Vulnerabilities listed are not targeted by hackers anymore.
>> Too few people use it, and the ones that do are not the best victims.
>
>-1
>
>Obscurity is an utterly braindead security policy.
>
>cu
>59cobalt
updated daily by adobe, oracle, microsoft, google or whatever.
:)
[]'s
Ansgar -59cobalt- Wiechers
Jan 30, 2012, 6:13:06 PM1/30/12
to
Shadow <S...@dow.br> wrote:
> On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers wrote:
[ idiocy of using kerio 2.15 in this day and age ]
>> Obscurity is an utterly braindead security policy.
>
Hint: Theres this word "security" in the newsgroup's name. It's there
for a reason.
> On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers wrote:
[ idiocy of using kerio 2.15 in this day and age ]
>> Obscurity is an utterly braindead security policy.
>
> I'd rather keep the vulnerabilities I know than have them
> updated daily by adobe, oracle, microsoft, google or whatever.
> :)
> []'s
I take it you'd rather be 0wned, too.
> updated daily by adobe, oracle, microsoft, google or whatever.
> :)
> []'s
Hint: Theres this word "security" in the newsgroup's name. It's there
for a reason.
Skywise
Jan 30, 2012, 7:41:28 PM1/30/12
to
Ansgar -59cobalt- Wiechers <usene...@planetcobalt.net> wrote in
news:9oomg2...@mid.individual.net:
> Shadow <S...@dow.br> wrote:
>> On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers wrote:
>
> [ idiocy of using kerio 2.15 in this day and age ]
>
>>> Obscurity is an utterly braindead security policy.
>>
>> I'd rather keep the vulnerabilities I know than have them
>> updated daily by adobe, oracle, microsoft, google or whatever.
>> :)
>> []'s
>
> I take it you'd rather be 0wned, too.
>
> Hint: Theres this word "security" in the newsgroup's name. It's there
> for a reason.
I have questions. I admit to not knowing a lot about this stuff.
I am asking so I can learn.
Say an attacker is trying to get through a firewall, is there
anything that tells them what make/model/brand/version of firewall
they are facing? I would expect not, but recognize I could be wrong.
If not, then how do they know which vulnerabilities they should
attempt in order to get through the firewall? Surely there are so
many possibilities that they can't just run through them all? At
least not in a reasonable amount of time?
Brian
--
http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism
Sed quis custodiet ipsos Custodes?
news:9oomg2...@mid.individual.net:
> Shadow <S...@dow.br> wrote:
>> On 2 Jan 2012 13:40:45 GMT, Ansgar -59cobalt- Wiechers wrote:
>
> [ idiocy of using kerio 2.15 in this day and age ]
>
>>> Obscurity is an utterly braindead security policy.
>>
>> I'd rather keep the vulnerabilities I know than have them
>> updated daily by adobe, oracle, microsoft, google or whatever.
>> :)
>> []'s
>
> I take it you'd rather be 0wned, too.
>
> Hint: Theres this word "security" in the newsgroup's name. It's there
> for a reason.
I am asking so I can learn.
Say an attacker is trying to get through a firewall, is there
anything that tells them what make/model/brand/version of firewall
they are facing? I would expect not, but recognize I could be wrong.
If not, then how do they know which vulnerabilities they should
attempt in order to get through the firewall? Surely there are so
many possibilities that they can't just run through them all? At
least not in a reasonable amount of time?
Brian
--
http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism
Sed quis custodiet ipsos Custodes?
Gary
Jan 30, 2012, 10:22:27 PM1/30/12
to
Shadow
Feb 9, 2012, 5:23:14 PM2/9/12
to
On Tue, 31 Jan 2012 00:41:28 GMT, Skywise <in...@oblivion.nothing.com>
wrote:
>I have questions. I admit to not knowing a lot about this stuff.
>I am asking so I can learn.
>
>Say an attacker is trying to get through a firewall, is there
>anything that tells them what make/model/brand/version of firewall
>they are facing? I would expect not, but recognize I could be wrong.
>
>If not, then how do they know which vulnerabilities they should
>attempt in order to get through the firewall? Surely there are so
>many possibilities that they can't just run through them all? At
>least not in a reasonable amount of time?
A lot of trojans specifically target certain services and
programs. Some I recently downloaded disabled AVG and Avast
engines,maybe a grudge the programmer had, but you can make a trojan
disable any service then download the main payload. Very, very few
trojans are designed to take down Kerio 2.1.5.
I know Kerio is old, but it still detects outbound network
activity, and points you to the program that is doing that.
(saved me from an USB-born autorun trojan from downloading a
fake antivirus some years ago, a month before the main antiviruses
detected it).
It's simple, fast, very kind on resources, etc.
Of course, it's not my main protection.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
wrote:
>I have questions. I admit to not knowing a lot about this stuff.
>I am asking so I can learn.
>
>Say an attacker is trying to get through a firewall, is there
>anything that tells them what make/model/brand/version of firewall
>they are facing? I would expect not, but recognize I could be wrong.
>
>If not, then how do they know which vulnerabilities they should
>attempt in order to get through the firewall? Surely there are so
>many possibilities that they can't just run through them all? At
>least not in a reasonable amount of time?
programs. Some I recently downloaded disabled AVG and Avast
engines,maybe a grudge the programmer had, but you can make a trojan
disable any service then download the main payload. Very, very few
trojans are designed to take down Kerio 2.1.5.
I know Kerio is old, but it still detects outbound network
activity, and points you to the program that is doing that.
(saved me from an USB-born autorun trojan from downloading a
fake antivirus some years ago, a month before the main antiviruses
detected it).
It's simple, fast, very kind on resources, etc.
Of course, it's not my main protection.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Shadow
Feb 9, 2012, 5:24:53 PM2/9/12
to
On Tue, 31 Jan 2012 03:22:27 -0000, Gary <ga...@efn.org.spamsux>
wrote:
Nope. I've used iptables under linux in the past.
I'm old and tired. What's the learning curve ?
wrote:
Nope. I've used iptables under linux in the past.
I'm old and tired. What's the learning curve ?
Skywise
Feb 9, 2012, 7:16:15 PM2/9/12
to
Shadow <S...@dow.br> wrote in news:m4h8j7t9ukrj3l3imm40afhbu62j0q7mql@
4ax.com:
> A lot of trojans specifically target certain services and
> programs. Some I recently downloaded disabled AVG and Avast
> engines,maybe a grudge the programmer had, but you can make a trojan
> disable any service then download the main payload. Very, very few
> trojans are designed to take down Kerio 2.1.5.
That's kind of the crux of my question. If the 'bad' program has
to target specific vulnerabilities, and although Kerio 2.1.5 is
quite old and has known vulnerabilities, if the attacking program
has no way to know that it's Kerio 2.1.5 doing the defending, then
how is it to know to attack it specifically?
> I know Kerio is old, but it still detects outbound network
> activity, and points you to the program that is doing that.
> (saved me from an USB-born autorun trojan from downloading a
> fake antivirus some years ago, a month before the main antiviruses
> detected it).
I've had a similar experience re outbound attempts. In my case it
was some malicious Java script. If I hadn't had the outbound alert....
> It's simple, fast, very kind on resources, etc.
> Of course, it's not my main protection.
Of course. No one solution is a catch-all.
Thanks for taking the time to reply. I was beginning to wonder if
what I asked was too difficult a question to answer, being it's over
a week since I asked.
4ax.com:
> A lot of trojans specifically target certain services and
> programs. Some I recently downloaded disabled AVG and Avast
> engines,maybe a grudge the programmer had, but you can make a trojan
> disable any service then download the main payload. Very, very few
> trojans are designed to take down Kerio 2.1.5.
to target specific vulnerabilities, and although Kerio 2.1.5 is
quite old and has known vulnerabilities, if the attacking program
has no way to know that it's Kerio 2.1.5 doing the defending, then
how is it to know to attack it specifically?
> I know Kerio is old, but it still detects outbound network
> activity, and points you to the program that is doing that.
> (saved me from an USB-born autorun trojan from downloading a
> fake antivirus some years ago, a month before the main antiviruses
> detected it).
was some malicious Java script. If I hadn't had the outbound alert....
> It's simple, fast, very kind on resources, etc.
> Of course, it's not my main protection.
Thanks for taking the time to reply. I was beginning to wonder if
what I asked was too difficult a question to answer, being it's over
a week since I asked.
Gary
Feb 10, 2012, 12:32:42 AM2/10/12
to
Shadow wrote:
> Nope. I've used iptables under linux in the past.
> I'm old and tired. What's the learning curve ?
There's a chance you might get Firewall Builder to work with it if you'd
> Nope. I've used iptables under linux in the past.
> I'm old and tired. What's the learning curve ?
prefer some sort of GUI -- just so long as you don't try to redirect
packets since modifying packets in any manner is not yet supported in
the Windows port of ipfw.
-Gary
Gary
Feb 10, 2012, 12:48:10 AM2/10/12
to
I forgot about this but it hasn't been updated since 2006. Also, I've
never used it so I've no idea if it's even usable or not as it's still
in beta. http://sourceforge.net/projects/wipfw/files/GUI%20frontend
never used it so I've no idea if it's even usable or not as it's still
in beta. http://sourceforge.net/projects/wipfw/files/GUI%20frontend
Ansgar -59cobalt- Wiechers
Feb 10, 2012, 3:39:29 AM2/10/12
to
However, this is not the right newsgroup for you in the first place.
cu
59cobalt
P.S.: The correct and reliable way to defeat *any* autorun malware is to
disallow autoplay entirely. Works since the dawn of time.
Shadow
Feb 10, 2012, 11:25:55 AM2/10/12
to
On 10 Feb 2012 08:39:29 GMT, Ansgar -59cobalt- Wiechers
OK "firewalls that malware bypasses or inactivates"
Would the right group be: alt.comp.bypass ?
:)
But when I was hit back in 2007 the main anti-virus vendors
did not recognize the threat. I believe Micro$oft only advised
disabling autorun recently.
I posted the possibility of cdroms being a security risk with
autorun enabled, and was pooh-poohd by the "experts" > 10 years ago.
DuckDuckgo it. I disabled cdrom autorun on my PC, and thought no more
about it, until I was hit by the USB autorun malware. Which Kerio
detected, on it's first phone-home to China.
Would the right group be: alt.comp.bypass ?
:)
>
>cu
>59cobalt
>
>P.S.: The correct and reliable way to defeat *any* autorun malware is to
> disallow autoplay entirely. Works since the dawn of time.
We all know that now.
>cu
>59cobalt
>
>P.S.: The correct and reliable way to defeat *any* autorun malware is to
> disallow autoplay entirely. Works since the dawn of time.
But when I was hit back in 2007 the main anti-virus vendors
did not recognize the threat. I believe Micro$oft only advised
disabling autorun recently.
I posted the possibility of cdroms being a security risk with
autorun enabled, and was pooh-poohd by the "experts" > 10 years ago.
DuckDuckgo it. I disabled cdrom autorun on my PC, and thought no more
about it, until I was hit by the USB autorun malware. Which Kerio
detected, on it's first phone-home to China.
Shadow
Feb 10, 2012, 11:31:10 AM2/10/12
to
On Fri, 10 Feb 2012 05:32:42 -0000, Gary <ga...@efn.org.spamsux>
wrote:
Port blocking firewalls do have a major defect. What if
nastylittletrojan.exe used port 80 or 53 for its connections ? Would
go straight through the rules. Users don't usually have the time or
patience to read log files, or monitor connections realtime.
wrote:
nastylittletrojan.exe used port 80 or 53 for its connections ? Would
go straight through the rules. Users don't usually have the time or
patience to read log files, or monitor connections realtime.
Shadow
Feb 10, 2012, 11:35:09 AM2/10/12
to
On Fri, 10 Feb 2012 00:16:15 GMT, Skywise <in...@oblivion.nothing.com>
wrote:
>Of course. No one solution is a catch-all.
>
>Thanks for taking the time to reply. I was beginning to wonder if
>what I asked was too difficult a question to answer, being it's over
>a week since I asked.
>
>Brian
[OT]
Shadows tend to come and go ... I will be off to Rio tomorrow.
No Shadows under a 40c sun.
I'll leave you with the experts here... good luck.
:)
wrote:
>Of course. No one solution is a catch-all.
>
>Thanks for taking the time to reply. I was beginning to wonder if
>what I asked was too difficult a question to answer, being it's over
>a week since I asked.
>
>Brian
Shadows tend to come and go ... I will be off to Rio tomorrow.
No Shadows under a 40c sun.
I'll leave you with the experts here... good luck.
:)
Ansgar -59cobalt- Wiechers
Feb 10, 2012, 12:42:08 PM2/10/12
to
Shadow <S...@dow.br> wrote:
> On Fri, 10 Feb 2012 05:32:42 -0000, Gary <ga...@efn.org.spamsux> wrote:
>> Shadow wrote:
>>> Nope. I've used iptables under linux in the past.
>>> I'm old and tired. What's the learning curve ?
>>
>> There's a chance you might get Firewall Builder to work with it if
>> you'd prefer some sort of GUI -- just so long as you don't try to
>> redirect packets since modifying packets in any manner is not yet
>> supported in the Windows port of ipfw.
>
> On Fri, 10 Feb 2012 05:32:42 -0000, Gary <ga...@efn.org.spamsux> wrote:
>> Shadow wrote:
>>> Nope. I've used iptables under linux in the past.
>>> I'm old and tired. What's the learning curve ?
>>
>> There's a chance you might get Firewall Builder to work with it if
>> you'd prefer some sort of GUI -- just so long as you don't try to
>> redirect packets since modifying packets in any manner is not yet
>> supported in the Windows port of ipfw.
>
> Port blocking firewalls do have a major defect. What if
> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
> go straight through the rules. Users don't usually have the time or
> patience to read log files, or monitor connections realtime.
Any kind of personal firewalls do have a major defect. What if
> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
> go straight through the rules. Users don't usually have the time or
> patience to read log files, or monitor connections realtime.
nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
happen to have) for its connections? Would go straight through the
rules.
You may want to think about that.
cu
59cobalt
Shadow
Feb 10, 2012, 1:32:32 PM2/10/12
to
On 10 Feb 2012 17:42:08 GMT, Ansgar -59cobalt- Wiechers
with hijackthis. It took me > 4 hours to clean, manually.
Of course, the first thing I did was pull the cable. Then
delete it's "undeletable" autorun and autorun-referenced executables
from a linux boot, and restore the registry with ERUNT (from within a
linux DOS emulator).
[]'s
>
>cu
>59cobalt
>> Port blocking firewalls do have a major defect. What if
>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>> go straight through the rules. Users don't usually have the time or
>> patience to read log files, or monitor connections realtime.
>
>Any kind of personal firewalls do have a major defect. What if
>nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>happen to have) for its connections? Would go straight through the
>rules.
>
>You may want to think about that.
What my nasty little trojan tried, via BHOs . Clipped them
>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>> go straight through the rules. Users don't usually have the time or
>> patience to read log files, or monitor connections realtime.
>
>Any kind of personal firewalls do have a major defect. What if
>nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>happen to have) for its connections? Would go straight through the
>rules.
>
>You may want to think about that.
with hijackthis. It took me > 4 hours to clean, manually.
Of course, the first thing I did was pull the cable. Then
delete it's "undeletable" autorun and autorun-referenced executables
from a linux boot, and restore the registry with ERUNT (from within a
linux DOS emulator).
[]'s
>
>cu
>59cobalt
Ansgar -59cobalt- Wiechers
Feb 11, 2012, 8:40:27 AM2/11/12
to
Shadow <S...@dow.br> wrote:
gist of it:
<http://technet.microsoft.com/en-us/library/cc512587.aspx>
BTW, BHOs are just one way for malware to abuse a browser. There are
quite a few more.
> On 10 Feb 2012 17:42:08 GMT, Ansgar -59cobalt- Wiechers wrote:
>> Shadow <S...@dow.br> wrote:
>>> Port blocking firewalls do have a major defect. What if
>>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>>> go straight through the rules. Users don't usually have the time or
>>> patience to read log files, or monitor connections realtime.
>>
>> Any kind of personal firewalls do have a major defect. What if
>> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>> happen to have) for its connections? Would go straight through the
>> rules.
>>
>> You may want to think about that.
>
> What my nasty little trojan tried, via BHOs . Clipped them
> with hijackthis. It took me > 4 hours to clean, manually.
> Of course, the first thing I did was pull the cable. Then
> delete it's "undeletable" autorun and autorun-referenced executables
> from a linux boot, and restore the registry with ERUNT (from within a
> linux DOS emulator).
Because there obviously are *still* people around who didn't get the
>> Shadow <S...@dow.br> wrote:
>>> Port blocking firewalls do have a major defect. What if
>>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>>> go straight through the rules. Users don't usually have the time or
>>> patience to read log files, or monitor connections realtime.
>>
>> Any kind of personal firewalls do have a major defect. What if
>> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>> happen to have) for its connections? Would go straight through the
>> rules.
>>
>> You may want to think about that.
>
> What my nasty little trojan tried, via BHOs . Clipped them
> with hijackthis. It took me > 4 hours to clean, manually.
> Of course, the first thing I did was pull the cable. Then
> delete it's "undeletable" autorun and autorun-referenced executables
> from a linux boot, and restore the registry with ERUNT (from within a
> linux DOS emulator).
gist of it:
<http://technet.microsoft.com/en-us/library/cc512587.aspx>
BTW, BHOs are just one way for malware to abuse a browser. There are
quite a few more.
Gary
Feb 16, 2012, 10:25:41 PM2/16/12
to
Ansgar Wiechers wrote:
> Any kind of personal firewalls do have a major defect. What if
> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER%
> you happen to have) for its connections? Would go straight through the
> rules.
If you're that concerned, set up InPrivate Filtering to import the
> Any kind of personal firewalls do have a major defect. What if
> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER%
> you happen to have) for its connections? Would go straight through the
> rules.
malware domains blacklist XML file then set your other browsers to use
the same list via Adblock. But it's pretty simple to fetch files with
wget.exe so I'm not sure why any malware would bother to open a browser
to transfer files.
All of this is a lot of assumption in response to someone merely asking
for an OS firewall to use with XP without providing any additional usage
details. So why assume they're blocking outbound when they may only be
blocking inbound traffic, whether or not they plan to monitor their
process list, etc. It's pretty common knowledge that TCP ports 80 and
443 are wide open from any but the most restrictive networks so why
speculate as to what may or may not traverse those ports without prior
knowledge of the deployment? We can spend all day guessing and
pontificating but it seems superfluous to merely providing an answer
until more questions are asked.
-Gary
Gary
Feb 16, 2012, 10:38:54 PM2/16/12
to
bob (the original poster) wrote:
> Looking for suggestions or link to article for good firewall for XP.
> want to be able to block domains.
> want to be able to restrict some programs from accessing internet.
I stand corrected. Using Adblock as suggested will allow you to block
> Looking for suggestions or link to article for good firewall for XP.
> want to be able to block domains.
> want to be able to restrict some programs from accessing internet.
domains of your choosing -- including lists of known malware domains.
Blocking programs is a bit more tricky with XP and its built-in firewall
or an add-on like ipfw. You could block everything but the ports you
know you're going to want to access but as mentioned previously, this
will not be foolproof. If you want to have warnings for applications
that try to access the Internet without your permission then you'll
probably want to upgrade to Windows 7. And patch it regularly.
-Gary
Shadow
Feb 20, 2012, 4:54:46 PM2/20/12
to
On 11 Feb 2012 13:40:27 GMT, Ansgar -59cobalt- Wiechers
the registry took 15 minutes. Shell hooks, rogue services, strange
drivers, bogus system dlls etc, they took longer.
System has been up for 5 years since. No unexplained traffic
registered on my linux router since I cleaned it. (all my traffic goes
through a linux box)
There are still people that believe in microsoft patches. Oh
well. Live and let live.
:)
[]'s
>
>BTW, BHOs are just one way for malware to abuse a browser. There are
>quite a few more.
>
>cu
>59cobalt
--
<usene...@planetcobalt.net> wrote:
>Shadow <S...@dow.br> wrote:
>> On 10 Feb 2012 17:42:08 GMT, Ansgar -59cobalt- Wiechers wrote:
>>> Shadow <S...@dow.br> wrote:
>>>> Port blocking firewalls do have a major defect. What if
>>>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>>>> go straight through the rules. Users don't usually have the time or
>>>> patience to read log files, or monitor connections realtime.
>>>
>>> Any kind of personal firewalls do have a major defect. What if
>>> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>>> happen to have) for its connections? Would go straight through the
>>> rules.
>>>
>>> You may want to think about that.
>>
>> What my nasty little trojan tried, via BHOs . Clipped them
>> with hijackthis. It took me > 4 hours to clean, manually.
>> Of course, the first thing I did was pull the cable. Then
>> delete it's "undeletable" autorun and autorun-referenced executables
>> from a linux boot, and restore the registry with ERUNT (from within a
>> linux DOS emulator).
>
>Because there obviously are *still* people around who didn't get the
>gist of it:
>
><http://technet.microsoft.com/en-us/library/cc512587.aspx>
What took me the 4 hours. BHO's autoruns etc and reinstalling
>Shadow <S...@dow.br> wrote:
>> On 10 Feb 2012 17:42:08 GMT, Ansgar -59cobalt- Wiechers wrote:
>>> Shadow <S...@dow.br> wrote:
>>>> Port blocking firewalls do have a major defect. What if
>>>> nastylittletrojan.exe used port 80 or 53 for its connections ? Would
>>>> go straight through the rules. Users don't usually have the time or
>>>> patience to read log files, or monitor connections realtime.
>>>
>>> Any kind of personal firewalls do have a major defect. What if
>>> nastylittletrojan.exe used Internet Explorer (or whatever %BROWSER% you
>>> happen to have) for its connections? Would go straight through the
>>> rules.
>>>
>>> You may want to think about that.
>>
>> What my nasty little trojan tried, via BHOs . Clipped them
>> with hijackthis. It took me > 4 hours to clean, manually.
>> Of course, the first thing I did was pull the cable. Then
>> delete it's "undeletable" autorun and autorun-referenced executables
>> from a linux boot, and restore the registry with ERUNT (from within a
>> linux DOS emulator).
>
>Because there obviously are *still* people around who didn't get the
>gist of it:
>
><http://technet.microsoft.com/en-us/library/cc512587.aspx>
the registry took 15 minutes. Shell hooks, rogue services, strange
drivers, bogus system dlls etc, they took longer.
System has been up for 5 years since. No unexplained traffic
registered on my linux router since I cleaned it. (all my traffic goes
through a linux box)
There are still people that believe in microsoft patches. Oh
well. Live and let live.
:)
[]'s
>
>BTW, BHOs are just one way for malware to abuse a browser. There are
>quite a few more.
>
>cu
>59cobalt
--
0 new messages