We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Microsoft Security Essentials, Outbound Firewalls, UAC and more
![[Deleted User]](https://us-noi.v-cdn.net/6031891/uploads/defaultavatar/nFA7H6UNOO0N5.jpg)
[Deleted User]
Posts: 0 Newbie
A really useful read for all things security related:
http://lifehacker.com/5401453/stop-paying-for-windows-security-microsofts-security-tools-are-good-enough
http://lifehacker.com/5401453/stop-paying-for-windows-security-microsofts-security-tools-are-good-enough
0
Comments
-
"The fact of the matter, however, is that outbound firewalls on a desktop PC are Completely Pointless. If the malware has made its way onto your computer, you have already lost the war. Your PC now belongs to whoever is running the botnet, and your outbound firewall isn't going to stop it—after all, the malware can simply add a rule to the firewall to allow access. It's better to focus on keeping malware off your PC in the first place."
I have to disagree with that. The program would need to know WHICH firewall you have and be able to change it (It would have to completely knock my firewall out to be able to do that). It would more than likely attack all WINDOWS firewalls if it attacked anything
"The single most irritating feature introduced in Windows Vista was those annoying UAC prompts, asking you for permission to do nearly anything on your computer—and the fact is, even if it makes you feel more secure, it's a false sense of security. Malware researchers at SophosLabs found that 8 of 10 malware samples can actually bypass UAC on a system with the default Windows 7 settings."
I always said UAC was a bag o sh*te
They ask us to remove flash to be safe? But theres FAR too many sites that use flash for me to remove it:idea:0 -
We have differing views on outbound firewalls but I respect your opinion.I have to disagree with that. The program would need to know WHICH firewall you have and be able to change it (It would have to completely knock my firewall out to be able to do that). It would more than likely attack all WINDOWS firewalls if it attacked anything
I've not had much experience with UAC until recently but I thought the following was a good one liner:I always said UAC was a bag o sh*teif you aren't going to run as a standard user or turn the slider all the way to the top, you may as well disable UAC.
To be fair it saysThey ask us to remove flash to be safe?
Obviously if you aren't bothered with flash then reduce your attack surface and uninstall it. If you are, simply keep it updated.Keeping your applications updated is critically important to protecting your security.0 -
Problem I see with flash is that they clearly only update one they know its already been exploited
It must be absolutely FULL of holes (to combat this I personally use NOSCRIPT which tends to block extra code used to bypass flash):idea:0 -
UAC and 'Run As...Administrator' are quite intertwined. I still see people (here, there, everywhere and MSE
) browsing the Internet et al. as 'Administrator' :shocked: 0 -
The program would need to know WHICH firewall you have and be able to change it
Not really. All it has to do is masquerade as a web browser on Port 80 etc or an email client etc etc and out it goes unhindered.
Also you can bet they'll target:
McAfee, Norton, ZoneAlarm, Windows Firewall, Kaspersky and pretty much every other mainstream firewall.0 -
computershack wrote: »Not really. All it has to do is masquerade as a web browser on Port 80 etc or an email client etc etc and out it goes unhindered.
Also you can bet they'll target:
McAfee, Norton, ZoneAlarm, Windows Firewall, Kaspersky and pretty much every other mainstream firewall.
Port 80 is open on my router
It ISNT open on my software firewall. It can masquerade as anything it likes, it wont be getting past my firewall like that
As for targetting all firewalls ~ name ONE program/virus/trojan you know of that actually does that?:idea:0 -
I have to disagree with that. The program would need to know WHICH firewall you have and be able to change it (It would have to completely knock my firewall out to be able to do that). It would more than likely attack all WINDOWS firewalls if it attacked anything
It's a fairly basic thing to be able to identify the list of running processes in most programming language for Windows.I always said UAC was a bag o sh*te
That report from Sophos can't be in any way considered reasonable when the method of testing was deliberately left out, in particular whether when a UAC prompt was triggered whether permission was given or not to continue. The report was also lacking any information on the extent (if any) of any local or cross system damage.
A person of average intellect should be able to see the clear bias in the article. It shouldn't come as any surprise that a security software company is going to try and drive demand for their own products.
Of course, encouraging users to run with standard user rather than administrative privileges is a complete waste of time :rolleyes:0 -
1st point ~ yes, but name one virus you KNOW of that does that
2nd point ~ granted, but I still hate UAC:idea:0 -
1st point ~ yes, but name one virus you KNOW of that does that
PWS:Win32/Zbot.PI (A link to the Microsoft Malware Encyclopaedia)Bypasses Firewall Applications
When executed, this trojan searches for the following applications associated with firewall and user Internet protection:
outpost.exe - Outpost Personal Firewall
zlclient.exe - ZoneLabs Firewall Client
The trojan creates a pipe "\\.\pipe\_AVIRA_2109" to bypass the above firewall applications and allow an attacker remote access.0 -
~~~~~~~~~~~~Of course, encouraging users to run with standard user rather than administrative privileges is a complete waste of time :rolleyes:busenbust wrote:UAC and 'Run As...Administrator' are quite intertwined. I still see people (here, there, everywhere and MSE ) browsing the Internet et al. as 'Administrator' :shocked:
Same principle applies, but extended:
Source:As a best security practice, a server administrator should not browse Internet Web sites from the server. The administrator should only browse the Internet from a limited user account on a client work station to reduce the possibility of an attack on the server by a malicious Web site
http://msdn.microsoft.com/en-us/library/ms537180%28VS.85%29.aspx :cool:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.7K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards