Problem with Win XP SP2 Firewall - Page 4
Page 4 of 4 FirstFirst ... 234
Results 31 to 40 of 40

Thread: Problem with Win XP SP2 Firewall

  1. #31
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by pooh sun tzu
    The real question at hand is "Is the normal public ready for that big of a step?"

    Imagine them placing a stateful inbound and outbound firewall that has popups as to program control to the internet (a zone alarm clone). Think of how many people who use the Windows OS are not currently at a level of computer knowledge to deal with what will happen next.

    AIM suddenly won't connect. MSN won't transfer files. Not all websites work now. IRC won't work. Video conferencing won't connect. A billion things that involve having a firewall and configuring it to allow certain programs and services, is beyond the reach of what the public is ready to handle.

    So, rather than crippling the entire Windows OS userbase, they are little by little teaching them how things work. By showing them the beginnings of security, people will get "used" to that level.. thus allowing MS to add another leve lof security as time goes on so they can get "used" to yet another level of security.. and so forth and so on.

    We know they could patch up a firewall to destroy the skills of zonealarm and kerio, so why not? Because they would rather begin the steps towards better security gradually rather than an enourmous drop of it and lose their userbase (in which the people who would know how to deal with it are a very very small minority.)

    "A journey of a thousand miles or a thousand days starts with a single step" - Tao Te Ching
    Not to get back into another one of our glorious "conversations", hehe, but wouldn't what you say mean that it's a complete 180 from what MS has already done, and that's provide "ease of use over stability and security"? Not trying to start anything, but MS has been lax across the board over the years when it comes to security and stability and while I'm extremely glad that they're trying to improve OS stability and security, by no means should that mean that their attempts break 3rd party programs who're inherently better at their single task than MS is, aka Sygate, Outpost, and ZA being better at firewalling.

    MS users of today are not going to become "used" to what MS is doing. They want to point-and-click all day, nothing else. Go to any major business, any home, anywhere an internet connection is present and you'll find MSN and/or AOL (or any other major ISP) along with three different IM clients, and various other things that allow the user to do what they want to do, and that's IM, email, and surf the web while burning cds and listen to music.

    I, for one, while glad that MS is doing things to make sure security and stability are a major issue to handle, will not tolerate them removing my ability and choice to use a third party program that will do things better than MS. MS' own registry cleaner doesn't do as good a job as others. Their firewall is years behind major vendors like ZA, Sygate, and Outpost, vendors who've spent years perfecting their own code to do one specific thing. By no means is this post meant to serve as a MS-bashing attempt, but they can improve in other areas. Remove the old code, rewrite it to be better, get rid of bloated things like the games in Office, things like that. MS can go a LONG ways to improve a lot of things without worrying about firewalling (as you would know more than me), and I hope they do so.

    I want to go to SP2, I really do. But from what I read and what the past record has shown, it seems to be that MS wants to force people to use their products which are inferior in nature to others. They've got the budget, they've got the staff, why not make a superior product and make me, a poweruser of MS products, say "Wow, I really like this!"?
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  2. #32
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Since I chimed a little on the elimination of 3rd party software.... It doesn't remove your choice, but when faced with: Hmm should I renew my 2 thousand dollar backup program or just use microsoft's. Then I could spend that on something else. Or should I renew an expensive license for ***********, when Active directory does the same thing, built in. Or should I buy defraggers and install them all over the network, or use the one built in. Or should I spend money on deploying remote administration, or click a switch and use the one built in. Should I renew spam filtering or just buy Exchange 2003. Hell I just saved 20k for other projects. That is the point, not from a single user standpoint but from a business percepective. I could go on and on with more real world, real time examples. Is Microsoft business partners turning their cheek and not worrying, no I don't think so. In fact I have seen some pissed off people in various mail listings from those same companies I used in my example. At one time Netscape was years away from Internet Explorer. And at one time there was a company that built basic utilities, one for memory management, one for navgating the hard drive, etc. All gone now.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #33
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    I have no problem with a business aspect wanting to save money since businesses don't see anything other than the bottom line ever, but I do have a problem when that means using products that aren't as good as any given third party vendor's product.

    Give me a reason, whether as a business or individual, to save money and use an integrated tool (which would be costly nonetheless, I don't see IIS coming free with XP or Exchange with the default 2003 server install) and have it be as good as or better than someone else's utility and I'll switch no problems. Don't, and I won't.

    Open source and GPL for life!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #34
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    lol, GNU rules. But here is an example and I am not talking about specialized servers IIS will never be free. Although it once was in an earlier form. It was part of early server packages or at least a web server was. Here I am, my licence is up for backup software I use at the enterprise level. The issue is, I need to backup files, put them on tape, be able to find them and then in the event of data loss, restore them. You can build in all the bells and whistles you want, but that is what I need. Low and behold MS built in a very good backup program that can be controlled and monitored with a little effort. And it backs up Exchange easier and faster than the 3rd party program I have. So there is one. Another is *********** vs. doing the same things in Domain Security Policy. Others are patch management. Hope that helps.

    On a personal level, not much. I used to use memory tools and TCP.IP tools that are in a box now with a host of other utilities that have been tweaked into the OS. But then again I have a ton of GNU stuff that is wayyy better. I am pretty much just a gamer on a personal level. Oh I did replace a logger with some stuff MS released or added I should say.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #35
    No, you guys, that's not what I mean The only 3rd party applications SP2 will break are those that break the basic fundamental rules of secure programming.

    If a program calls nonspecific memory areas that are shared with another program, they will break. If a program makes calls to APIs which conflict with system security, they will break.

    It isn't about MS only products but about the programs not having been coded properly. zonealarm breaks because it's poorley coded, and uses shared memory instead of designating it's own (highly insecure, and the source of most of it's past exploits). Kerio still works, sysgate still works. A lot of 3rd party programs will work because the companies didn't try to take shortcuts. This is why I've been encouraging people to read the white papers rather than listen to the gossip. A lot of rumors are getting spread about the security patches forcing MS only products, when it's the exact opposite. They want to educate those who do want to program for the Windows enviroment that they need to start programming properly.

    Don't get me wrong, I'm all for OSS and the GNU. But we can't confuse Windows now forcing security (VERY similar to grsecurity and SELinux kernel patches for nix) with trying to force it's own products. It still encourages 3rd party development by releasing APi information and the likes, but they won't tolerate hazardous coding any longer. Linux did this a few months ago as well, and people understood Microsoft is just finally catching up to this feature.

  6. #36
    Well, after a while of blaming my computer troubles on MS, I am back to saying I am a Windows fan.

    Personally, I would rather have Windows stick to being an operating system, and leave the rest to third party apps. But in reality, that would suck for Microsoft.

    If a company blindly installed sp2 on their office's pc's, and all their software lost their connections to the internet, then it's their own fault for not testing it out on a lab pc.

    If a company doesn't properly update their machines, and are pummeled by sasser, blaster, then it's their own damn fault.

    BUT-
    When that office is looking for new servers, and they have the choice between linux servers, and MS servers, they are going to think back on their experience with the sp2 install. They are also going to think about the Sasser / Blaster takeover. Whether the decision maker knows he screwed up the sp2 install and updates or not, the linux option is going to sound pretty good after he hears that linux is invulnerable to these viruses.

    So...

    Windows is implenting a firewall in sp2 to prevent worms from attacking their machines regardless of the vulnerability (given its not in the firewall) and they are making it in such a way that it won't flood help desks everywhere with "my aim isn't working".

    As for the yahoo messenger dealie-
    Did you establish the "direct connection" or did they? AIM can handle Direct IM's with a AOL proxy server in its settings, and may be configured automatically with YIM to use a proxy if it can't make the initial connection? A good test for this would be to have a tcpview or netstat run on both machines to check it out.

    Regardless, if you know how, get a hardware firewall and be done with it. Let windows be an operating system and let "trusted" third party software handle everything else.

  7. #37
    Member
    Join Date
    Jun 2004
    Posts
    37
    As for the yahoo messenger dealie-
    Did you establish the "direct connection" or did they? AIM can handle Direct IM's with a AOL proxy server in its settings, and may be configured automatically with YIM to use a proxy if it can't make the initial connection? A good test for this would be to have a tcpview or netstat run on both machines to check it out.

    Regardless, if you know how, get a hardware firewall and be done with it. Let windows be an operating system and let "trusted" third party software handle everything else.
    He established it of course.. if I would've initiated that with any SPI FireWall then it would've been allowed through based on how SPI works... including it's use around NAT. Therefore, it would've been the same result everytime and not the firewall's problem. He sent the syn, I sent the syn + ack, he sent the ack... thus becoming 'Established'.

    Yahoo! Messenger, which was what I tested around, is rich in P2P functionality so I figured it'd be a good environment to test out the firewall's capabilities. PM's can come through to you directly or indirectly (through the actual msg server that you logged into when signing onto the network). This didn't come from the msg server that I was signed into.. it came directly from his computer... no server at all was acting as the 'middleman'. If it had came through indirectly it wouldn't have been a problem as the msg server's ip address was on the exceptions for the application's "allow list". My friend's ip wasn't on that list.. and therefore shouldn't have been allowed through. We had a connection to each other... my end of the socket having the already listening TCP :5101 open for him to connect to + another random port allocated so multiple requests could be made on each end. He was connected to me @ remote TCP :5101 and I was connected to him @ remote TCP :5101 (both of us having different source ports). Both of our source ports were randomly allocated for the connection locally, in my case it was TCP :8419.

    As far as netstat and tcpdump go, I had no use for them. I sniffed the whole session with CommView 4 and watched the 3-way handshake performed right in front of me. The session then followed without any alerts, blocking, disallowances etc. A 'PEERTOPEER' (no i didn't capitalize it, it comes that way) packet from the established PM session that was allowed through SP2's SPI firewall with my scope restrictions set to disallow:

    YMSG...../.M....Z*4my_friends_id5my_id13549PEERTOPEER

    being the standard YMSG protocol argument separators and the rest is pretty obvious (keep in mind this is just one ASCII dump). I know this protocol very well. There's lots you can do with it.

    Yeah, I use 3'rd party application-layer firewalls (Sygate Pro & OutPost Pro both off/on) as well as a hw network-layer firewall via my router with SPI + NAT.

  8. #38
    Junior Member
    Join Date
    May 2004
    Posts
    5
    Is Nortons Firewall and Antivirus 2004 Good for protection or is there a something better?

  9. #39
    Member
    Join Date
    Jun 2004
    Posts
    37
    Rob4224, neither products are very good. eEye Digital found several vulns last month in their FireWall.. can't remember which ver. specifically though, maybe it applied to them all. http://search.securitytracker.com/cgi-bin/ts.pl

    As for Norton's AV. Not very good. Misses a boatload of stuff. Kaspersky and Nod32 AV imo are probably the best suited for a Windows user. I run Nod32 on Win XP Pro and it's got the best track record you can get grabbing it's 27'th straight Virus Bulletin Award for detecting in-the-wild virii. Check it out: http://www.nod32.com/home/home.htm 30 day free trial too.

  10. #40
    Rob, there are a KAGILLION threads that cover that topic. Do a search of AO, grab a drink, and get ready for a long read.

    Heh heh, now my point;

    AIM suddenly won't connect. MSN won't transfer files. Not all websites work now. IRC won't work. Video conferencing won't connect.
    And that's a bad thing?

    It's like natural selection in the cyberworld, suddenly all the uneducated users can't do jack. Hmm...Mwahahaha, let's do it!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides