Zone Labs jumps on new Windows security API, but do we need more?

TalkBack 33 of 79:: Next »; « Previous

Thread View
Flat View

Not sure, but I don't think so.: "Couldn't this be handled by a global rule? For example, I think Sygate will allow you to exclude port ranges with a rule that runs before anything else. So, I presume it wouldn't bother with stateful inspection of traffic blocked this way. If so, then you would only have to worry about those ports you still allow through, which is probably more to the point. Just one more program exposed to the web (does the number of ports even matter?)."

Firewall software in a sense, effectively forces your PC to listen on all ports, so that it intercepts all traffic destined to the PC, process the packets, and decides which get forwarded to the PC. In a non firewall type scenario, the packet is received, parsed through the header, and immediately dropped if there isn't an socket listening on that port. In a software firewall, the entire packet is received, and then handed off to the software firewall for processing.

I suppose a global rule could be written to force the software firewall to parse only through the header, and drop the packets bound for certain ports/ranges, but then you have also the problem of mal-formed headers, that would be used to "trick" the software firewall into picking them up and processing them (course the same holds true in a non-firewalled system), but in the case of the firewalled system, there are 2 independent (seemingly) protocol stacks that need to be fortified, and if it compromises either, your PC can be owned. It just seems logically easier to only have to harden 1 stack, then to have multiple borders to defend. Keep the system as simple as can be, and you can avoid alot of glitches that give room to exploits, decrease the size of your target, and its harder to hit.; Posted by: tamuhockey Posted on: 08/10/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

MS sees the light! enduser_z | 08/08/04

Outbound blocking Jomo_z | 08/09/04

There is NO WAY to make Windoze secure ! realitycheck101 | 08/08/04

You're right .. worknman | 08/09/04

Ech.. sshreve@... | 08/11/04

You're right, but... friedcow | 08/09/04

"UNIX is basically a simple operating system, but you have to be a genius t bsfisher | 08/09/04

Sure there is... rbochan | 08/09/04

You guys are forgetting... ollie_z | 08/09/04

Not just home users Anton Philidor | 08/09/04

Windows Security gsquared | 08/09/04

Nope... Linux User 147560 | 08/09/04

Arrogance or ignorance? BOTH Squawkbox | 08/08/04

seems you missed the point zijiang | 08/08/04

Good point HOWEVER Squawkbox | 08/09/04

Hope you mean metaphorical rats Anton Philidor | 08/09/04

Yes Yes metaphorical rats Squawkbox | 08/09/04

MS has different requirements than 3rd party vendors dsnyder_z | 08/09/04

Thanks NOW I understand, that is why I asked Squawkbox | 08/09/04

Processes sshreve@... | 08/11/04

Ironic comments Nigel Johnstone | 08/09/04

Incremental security step Anton Philidor | 08/09/04

No mention of hardware firewalls wdlists@... | 08/09/04

There you go with that common sense approach again. No_Ax_to_Grind | 08/09/04

Why not hardware. donford74@... | 08/17/04

Why outbound blocking is so important friedcow | 08/09/04

It is "game over" toadlife | 08/09/04

Answer this then Taz_z | 08/09/04

Answers toadlife | 08/09/04

Good answers Taz_z | 08/09/04

easy tamuhockey | 08/09/04

I hadn't thought of that. enduser_z | 08/09/04

Not sure, but I don't think so. tamuhockey | 08/10/04

Why outbound blocking gives a false sense of security johnrich | 08/13/04

The "Outbound blocking" myth rears it's ugly head again toadlife | 08/09/04

Mostly wrong Taz_z | 08/09/04

All I'm saying is that outbound blocking is an overblown feature toadlife | 08/09/04

All good answers Taz_z | 08/09/04

It saved me enduser_z | 08/09/04

admin is needed toadlife | 08/09/04

Damned if they do, damned if they don't. No_Ax_to_Grind | 08/09/04

But half-a$$ed works Anton Philidor | 08/09/04

Al about persecption. No_Ax_to_Grind | 08/09/04

"... great ..."? Anton Philidor | 08/09/04

Who said anything about selling it? No_Ax_to_Grind | 08/09/04

You're right; I left out a step. Anton Philidor | 08/09/04

Except IE an WMP aren't free voska | 08/09/04

Re:Except IE an WMP aren't free Michael L Hereid Sr | 08/15/04

Amen, Brother Ax! ollie_z | 08/09/04

One problem, I don't trust MS voska | 08/09/04

come again? tamuhockey | 08/09/04

RE: Microsoft is the reason we need AV software Scrat | 08/12/04

Forget Windoze, you Lindoze instead FilledOut | 08/09/04

ANTI-TRUST around the corner? No_Ax_to_Grind | 08/09/04

Hmmm, and not a single responce. No_Ax_to_Grind | 08/09/04

Anti-Trust blacksheepxlch1 | 08/09/04

Because we all know your right voska | 08/09/04

UNIX bsfisher | 08/09/04

It is almost funny! blacksheepxlch1 | 08/09/04

firewalls half@... | 08/09/04

Outbound filtering is overrated! omdguy | 08/09/04

Not that good at all! htotten | 08/09/04

Sorry, but richdave | 08/09/04

UNIX hard to use? errm SCO has run on a lot of tills (and so does linux) hipparchus2000 | 08/09/04

elbow / butt label co-ordination problem. richdave | 08/09/04

Not perfect, but much better than the alternative. JonathonDoe | 08/10/04

Competition, no; enterprise/user satisfaction, yes. Anton Philidor | 08/10/04

it is a freebe firewall V Sanders | 08/10/04

Ironically this motto michael-t | 08/10/04

Consiracy Theory noetze | 08/12/04

Better than nothing... maybe! jwschull@... | 08/12/04

The average user is the problem. rwire@... | 08/12/04

hooray! CheeseToast | 08/13/04

Long Way To Go isowipe | 08/12/04

Educating the public Chiatzu | 08/13/04

If they blocked outbound then... msdead | 08/13/04

ABS FUD ArturoWeenie | 08/15/04

re "SP2's new firewall: Not good enough" V Sanders | 08/16/04

Windows Firewall(XP sp2) coolone1232001 | 12/08/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!

New Online Dashboard

Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline

Read the original story

Zone Labs jumps on new Windows security API, but do we need more?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads