Which Firewall with Nod32?

[kurt wismer]

C'mon Kurt...name-calling as you did with "lazy bum" is pathetic.

when i said "if you're too much of a lazy bum", i was referring to the
general you, not you in particular...

Gee why can't we all just use our PC time researching and investigating Lord
only knows how many dll's exe's etc that will ask for outbound
rights -INSTEAD- of actually using our PC's for productive work.

if all you were doing was productive work where would those lord only
knows how many dll's and exe's come from?

i spend 9 hours a day doing practically nothing but productive work, i
can't imagine how i would get new things on my computer to perform
research on when i'm so busy *producing*...

Keeping
your white list is drudgery and ineffective security too since not everyone
will "learn" as you obviously have to be a 100% correct every time firewall
data packet analyzer and rule maker!! Now doesn't that seem silly?

obviously? not obvious at all, actually... you don't have to be 100%
correct, you can revoke rights in the event of an error...

Some of us do not want to be data packet inspectors or firewall rules
experts..

what we have here is a failure to communicate... the point of my post
was not that you must/should/would-be-stupid-if-you-didn't use the
feature of outbound access controls - *i* don't use it myself, but i
recognize as *fact* that it's a good feature... i don't use it because
i don't feel i need it, i've got a good feel for my risk exposure and
that allows me to make that evaluation about what i need and what i
don't... you don't use it because you don't like it, and that's fine
but that's a personal preference - not quantitative or qualitative
assessment of the feature and/or it's efficacy...

you're poo poo'ing the feature because it's too much work *for you*,
because it's not your 'cup of tea', because it doesn't suit you...

we prefer to use our PC's to get work done, have fun, enjoy
multimedia, communicate with loved ones instead of constantly "learning
which apps get outbound rights" and which ones don't.

again we have a failure to communicate... once the initial rights are
granted, further outbound requests are almost always illegitimate -
there's nothing constant about the "learning which apps get outbound
rights and which ones don't"... the nature of a whitelist is that it is
a small set of things that are allowed and all other things are
disallowed...

You need to get away from your computer for a while Kurt!!!!
But WAIT!!!! ...what was that last outbound firewall data packet request?
A legitimate Internet Explorer outbound request -OR- something evil
masquerading as Internet Explore?

if IE is trying to get out of my machine then there's definitely
something wrong...

How can you possibly get any sleep at night Kurt????

i shut off the computer...

 

[James Egan]

What's this?

Thought so. More bs from Dr. D


Jim.

 

[Conor]

Nod32 free? I don't think so. Besides, if the user has an I.Q. above
two digits there won't be any trojan to send out data.

I wasn't referring to NOD. Also unless you don't use IE there's plenty
of ways to install a trojan.

 

[Michael Jaeger]

Hi Mick,

If I were to go for Nod32 as my AV on windoze XP, which firewall
should I go for? Nod32 apparently do a plugin for Kerio (what's this
product like?)

correct me if I'm mistaken, but doesn't Windows XP have a firewall of
its own?

Finally, would anyone who knows care to compare Sygate/Outpost/Kerio?

I run Tiny Personal Firewall 2.15 on my PC, and there is no conflict
betweeen NOD32 and TPF. I tried Kerio 4.07, but it seems unstable.

Mike

 

[KCOM]

Nod32 free? I don't think so. Besides, if the user has an I.Q. above
two digits there won't be any trojan to send out data.

Conor Turton is just a troll. In fact this just about sums up his
behavior.

http://Conor.Turton.swellserver.com/news/top_stories/arrested.php

(My apologies about the OT content and rudeness of this post)

 

[Alastair Smeaton]

And I consider myself somewhat advanced user and I am interested in
data security, but very often some firewall product asks permission to
outbound connection to strange ports etc (even IE does it sometimes).
I have no idea and no time to begin inspecting what it wants, so quite
often I take the erisk and allow the outgoing connection. How can a
newbie know what to allow nad what to deny???

jari

Jari - just cottoned on to this thread - I use kerio 2.15, and if it
asks me for a connection, I refuse. If something then does not work, I
look into it.

I am no expert, and it can be a little frustrating at times, but once
you are set up, you are set up.

Kerio and many others also suggest the "block all" rule at the end -
so using this gives you a "set up and go" configuration.

Don't forget that some FWs have fans who will give you rules you can
import - the main reason why I use Kerio - www.geocities.com/yosponge

cheers

 

[KCOM]

Conor Turton is just a troll. In fact this just about sums up his
behavior.

http://Conor.Turton.swellserver.com/news/top_stories/arrested.php

(My apologies about the OT content and rudeness of this post)

and this displays his behavior even more:


http://Conor.Turton.of.Hull.UK.swellserver.com/hosted_sites/gay_site.php

 

[optikl]

and this displays his behavior even more:
Steve

Crawl back under your rock.

 

[wayne]

Zone Alarm has been working fine with NOD32 for me.

What do people here think of ZA?

Wayne

 

[Conor]

Please continue Steve, I've got your address and an ever increasing
stack of evidence.

 

[Richard Steven Hack]

And I consider myself somewhat advanced user and I am interested in
data security, but very often some firewall product asks permission to
outbound connection to strange ports etc (even IE does it sometimes).
I have no idea and no time to begin inspecting what it wants, so quite
often I take the erisk and allow the outgoing connection. How can a
newbie know what to allow nad what to deny???

It's extremely simple. If you are running a program whose purpose is
to communicate over the network, you say yes. If you are running a
tool whose purpose is NOT to communicate over the Net, you say no.
For instance, if you run a spreadsheet and it wants an outbound
connection, you say no. If you run an Internet radio tuner and it
wants an outbound connection, you say yes.

I don't see what the complication is. If a user is so ignorant of
what he is running and what it is supposed to do that he can't tell
when a Net connection is needed or not, this person has worse problems
than figuring out a firewall. In fact, odds are this person doesn't
even have a firewall, builtin or not.

 

[optikl]

It's extremely simple. If you are running a program whose purpose is
to communicate over the network, you say yes. If you are running a
tool whose purpose is NOT to communicate over the Net, you say no.
For instance, if you run a spreadsheet and it wants an outbound
connection, you say no. If you run an Internet radio tuner and it
wants an outbound connection, you say yes.

I don't see what the complication is. If a user is so ignorant of
what he is running and what it is supposed to do that he can't tell
when a Net connection is needed or not, this person has worse problems
than figuring out a firewall. In fact, odds are this person doesn't
even have a firewall, builtin or not.

Richard, you're over-simplifying. Most PFW's do more than ask permission for
just applications. They also flag when it appears a DLL needs
authentication, or when the MD5 signature appears to have changed, or when a
situation appears that a rule or rules do not fully address. Also for your
information, there are legitimate instances when a word processing
application, for example, would want to access the web. Just like there are
instances when you wouldn't want to grant a Net application permission.
Application based firewalls, wrongly configured, can be bad news for those
who think they can just set and forget them.

 

[Charlie]

EggZackly! 99% of all users have NO IDEA which dll, exe, md5 etc should get
permission or moreover which app if any they are associated with. That is
the fallacy of all firewalls with outbound "protection". The "outbound
gatekeeper" has no idea what to do in many cases. How ironic!

--

Charlie in Mississippi
(driftin' blues player and gospel picker)

 

[Duane Arnold]

Thought so. More bs from Dr. D


Jim.

http://lists.gpick.com/pages/IP_Security_(IPSec).htm

Well clown I was on Thanksgiving holiday. So, there you go clown. Does it
answer your question? And please man don't post to me again with this
kind of BS.

You have a nice day.

Duane

 

[James Egan]

http://lists.gpick.com/pages/IP_Security_(IPSec).htm

Well clown I was on Thanksgiving holiday.

We all appreciated your absense. You should try it more often.

So, there you go clown. Does it
answer your question? And please man don't post to me again with this
kind of BS.

It doesn't, no.

You said that xp users can use ipsec as a replacement for the outbound
notification protection offered by firewalls such as zonealarm.
Nonsense!

You are clearly full of shit.


Jim.

 

[Duane Arnold]

We all appreciated your absense. You should try it more often.


It doesn't, no.

You said that xp users can use ipsec as a replacement for the outbound
notification protection offered by firewalls such as zonealarm.
Nonsense!

You are clearly full of shit.


Jim.

I didn't say that jackass you said that. You came up with that one. I said
to protect you clown. IPsec doesn't notify it *blocks* outbound or inbound.
If you read the damn Windows XP Pro Resource Kit book or the Window Securty
Resource Kit book, it say to supplement.

http://www.uksecurityonline.com/husdg/windowsxp/ipsec.htm

When you look in the mirror each morning, do you see the jackass looking
back at you. Can you figure that one out?

Duane

 

[James Egan]

I didn't say that jackass you said that. You came up with that one. I said
to protect you clown.

Since you can't even recall what you said less than week ago I'll
remind you.

"Other than outbound protection, XP has a good FW..... For outbound
protection, XP has IPsec that is not that hard to implement or
understand or go with any of the other FW(s) for the outbound
protection."

IOW the outgoing protection offered by zonealarm (or similar) which is
missing from xp's own firewall can be achieved using ipsec. However,
this isn't correct. For example an ip rule allowing outgoing tcp
connections going to destination port 80 won't distinguish between
your web browser and trojanX phoning home.


Jim.

 

[Duane Arnold]

Since you can't even recall what you said less than week ago I'll
remind you.

"Other than outbound protection, XP has a good FW..... For outbound
protection, XP has IPsec that is not that hard to implement or
understand or go with any of the other FW(s) for the outbound
protection."

IOW the outgoing protection offered by zonealarm (or similar) which is
missing from xp's own firewall can be achieved using ipsec. However,
this isn't correct. For example an ip rule allowing outgoing tcp
connections going to destination port 80 won't distinguish between
your web browser and trojanX phoning home.


Jim.

Well, clown like I said, it is to supplement a software FW or a Nat
router on inbound or outbound protection and I have been making that kind
of a post from day one that I started looking into implementing TCP/IP
Security and IPsec on Win 2K and XP. IPsec can be used to block inbound
or outbound to/from the machine by port if so desired, an specified IP,
DNS, or protocol etc. The way I see it. XP's FW doesn't not have outbound
protection, because it can be done with an IPsec rule. And as far as
something trying to phone home, there are other utilities such as Active
Ports.

I am not going to depend solely upon no FW hardware or software for the
protection of my network and the machines on it. I am going to be looking
around at all times, because when one drops their guard is when things
start to happen.

That's why I'll use Blackice to stop a dll, exe, ocx, etc from not only
executing -- if desired, stopping inbound -- if so desired and stop the
phone home attempt too -- if desired. Then I'll use XP's IPsec to narrow
it down to an IP on the outbound if I choose to do so and still let a
program run behind the NAT router.

Your shit won't hold here and it is weak. I will not be responding to you
again. You're nothing but a Troll.


Duane

 

[James Egan]

DNS, or protocol etc. The way I see it. XP's FW doesn't not have outbound
protection, because it can be done with an IPsec rule. And as far as
something trying to phone home, there are other utilities such as Active
Ports.

IOW it can't be done with an ipsec rule so use something else.

I am not going to depend solely upon no FW hardware or software for the
protection of my network and the machines on it. I am going to be looking
around at all times, because when one drops their guard is when things
start to happen.

Not surprisingly, the page linked to earlier by Dr. D begins "If you
are very paranoid ... then consider using IP Security Filters"

That's why I'll use Blackice to stop a dll, exe, ocx, etc from not only
executing -- if desired, stopping inbound -- if so desired and stop the
phone home attempt too -- if desired. Then I'll use XP's IPsec to narrow
it down to an IP on the outbound if I choose to do so and still let a
program run behind the NAT router.

Anyone listening to this guy and following suit can expect far more
trouble from their own "security" (if you can call it that) than they
are ever likely to get from malware if all this "security" was
dispensed with.

There is a place for firewalls etc. in the real world, but not for
personal computers with private addresses that aren't running
services.

Oh yes I forgot. Firewalls are also useful to recommend to the
clueless rather than attempting to give an explanation of why one
isn't needed or what can be done instead.

Your shit won't hold here and it is weak. I will not be responding to you
again. You're nothing but a Troll.

You remind me of Bill Wakeman.


Jim.

 

[Duane Arnold]

IOW it can't be done with an ipsec rule so use something else.

That's kind of funny that I am doing that to supplement BI on outbound
protetcion to specfied IP(s), since BI doesn't have the ability to block on
outbound connections to IP(s). It's either stop all or nothing with BI on
outbound connections which can be good at times, but also bad at times, if
one needs something like svchost.exe to run for downloads of MS SP(s) or
patches but stop outbound connections to other IP(s).

I prefer not to be alerted every time something on the machine tries to
connect out. I use Active Ports on a routine basis to look at what is
connecting out and allow or disallow it by using BI and IPsec.

Not surprisingly, the page linked to earlier by Dr. D begins "If you
are very paranoid ... then consider using IP Security Filters"

I don't even know what you're talking about here and I prefer a layer
protection approach and I use IPsec to block ICMP requests, which I can do
with BI but I perfer that the O/S to this along with some other IP(s) I
have given on my machines that I don't want outbound connections to the
IP(s).

Anyone listening to this guy and following suit can expect far more
trouble from their own "security" (if you can call it that) than they
are ever likely to get from malware if all this "security" was
dispensed with.

This is BS from you. It was suggested to me by someone I respect to look at
IPsec to supplement the protection of the machine, which I have done. You
have not come up with anything that makes any sense here. I am following
advise and suggestions not only explained in the Win XP Pro Resource Kit
Book but the Windows Security Resources Kit book on how to supplement the
protection of the machine. I open at least one machine by port forwarding
ports on the router such as FTP on occasions, and I think you may know,
the protection of cheap NAT router doesn't provide protection of inbound
ports that have been port forwarded to a machine.

I am much more concerned with what's coming on the inbound that I'll ever be
on what's happening outbound. Once a machine has been compromised with
malware, it has been compromised and no host based FW soultion can stop it
completely if the person behind the keyboard allows it to happen. The key
here is to prevent it from happening to begin with by paying attention to
what's running on the machine.

There is a place for firewalls etc. in the real world, but not for
personal computers with private addresses that aren't running
services.

My machines run a host of services and programs that are listening such a
SQL Server, IIS, Front Page VB.NET, etc just to name a few. And besides,
one cannot shutdown all services on a NT based O/S.

Oh yes I forgot. Firewalls are also useful to recommend to the
clueless rather than attempting to give an explanation of why one
isn't needed or what can be done instead.

Once again, nowhere in the posts in this NG or another NG I have made have
I NOT indicated the use of a FW of some sort on a machine. Iit may be a FW
appliance, NAT router in front of the machines or software FW on the
machines but some kind of FW. And again, this is some shit coming out of
your mouth not mine. This is some crap you choose to say that I have not
indicated.

You remind me of Bill Wakeman.

I don't know who the Hell he is and could careless about it.

I don't know who you remind me of other than some *clown* with a moot point.

I decided to take a look at what kind of Bull Shit you would come up with
next.

Duane