Quote:
Originally Posted by Takla
On a personal desktop system if you're worrying about the behaviour of stuff you already installed and seeking to control it with a Windows type personal firewall you are already screwed . . .
|
To run a firewall? Or not to run a firewall? That is the question!
Your argument, when reduced to it’s fundamentals, seems to be that, if I understand you correctly, because a firewall can’t necessarily block 100% of a virus’s malicious activity, it’s a total waste of time.
What a clever observation! Did you know that parachutes are also somewhat unreliable, and can only be relied upon to open about 99.9 percent of the time?
So if you are ever in a plane spiraling towards the earth, I say it’s silly to take a chance on such an unreliable technology.
So, I suggest you just jump out without it! (Please!!!).
It would give you a chance to both test your theory under real world conditions, and no doubt earn a 'Darwin Award' in the process. Me, I'll take that chance on the parachute.
As to how I stumbled upon (but avoided) three whole viruses in about the last 10 years (my friends kids manage to pick up about three a MONTH on his XP machine).
Here’s the sad tail (those with short attention spans, feel free to tune to another channel)
I have two old reliable Win98 machines, a 500 MHz Pentium laptop, and a 1GHz AMD Desktop. I also have a 2 GHz Desktop running XP. The XP machine is SLOWER and less stable than even the 500 MHz Win98 laptop, and from what I have seen, Vista is much worse, so I do everything I can to keep my Win98 machines singing along in fine form despite their age.
I like to use my 1GHz AMD Desktop machine for video editing, and because the multimedia software can get broken easily by STUPID Microsoft ‘updates’ to DirectX (often installed by commercial software without asking), I always have the machine fully backed up in it’s most stable form on a Norton Ghost DVD image.
It literally only takes 5 minutes or less to completely restore the hard drive image from DVD if needed on the 1GHz box, so this system makes a good candidate for safely ‘sand box’ testing new software before risking loading them on my laptop.
I have had the Laptop more than 8 years, and it has NEVER had a virus of ANY sort on it because of this arrangement.
Before the test install on my 1GHz Desktop ‘sand box’ system, I scan the applications with Claimwin (yes they DO have a version for Win98), and if there is still any doubt whatsoever (say, because I haven’t dealt with the site previously), I put the new software’s installer away for a month or two without running it, and then scan it again (to let the Claimwin definitions have a chance to update).
Then when I am ready to install the app on my test system, I run a simple audit program called regshot which snapshots the system drive and registry before the install, and then afterwards takes a second snapshot and gives you a complete log of every file and/or registry value changed or added.
I scan this log for suspicious activity, then save it for future reference in case I have to manually undo any changes.
Then, while running the application for the first time, I do another quick regshot audit to check for further system changes on the first run and shutdown of the application.
While all of the above is going on, I have the firewall in block and notify mode, looking for suspicious network activity.
Sorry for the boring technical details, but since you questioned my judgment . . .
I just rechecked my DVD archived copies against the web sites on the three apps that threw up alarms on my firewall (and later in Claimwin) –
BCX Development Suite - No acknowledgement of a virus (or of the false positive) on the web page, but may have indeed been a false positive, because it’s now NO LONGER showing up as a virus in Claimwin. This is odd, because first it did not show up, then a month later it did, now almost a year later, it’s clear again (typical false positive signature???). The firewall hit may have been caused by the app installer legitimately checking for an update (but I still, don’t like apps that look screwy to Claimwin, then try to “phone home”).
Great Cow Basic (on SourceForge) - The site now acknowledges a positive in virus scans on an offsite link to an IDE editor hosted on the site. This false positive was attributed to a false virus detect in the installer. If so, there was still a firewall hit (again, may have been caused by the app installer checking for an update).
QEMU (Windows version of the same emulator shipped with dozens of Linux Distros).
Now acknowledged on the web site that this really WAS a Virus (Trojan) and the firewall DID catch it well before Claimwin was updated to do so.
So, now the Web Site, Claimwin and my Firewall all agree, this was a baddie -
http://www.h7.dion.ne.jp/~qemu-win/
(see note about the USB driver being infected)
So, it was more likely 1 (or possibly 2 viruses), but Claimwin missed them at first, where the firewall caught the suspicious attempt at network activity and clued me in (something still trying to access the network after QEMU was unloaded)
If I had been careless, and run the trojan on my laptop, I didn't see any indication that it would have suceeded in bypassing the firewall, but I'm very relieved to have identified and caught the Trojan before it got onto my laptop, because I do conduct some credit card transactions, and do my banking from the laptop (Also, although I do have a full system DVD backup of my laptop, it's a bigger pain to wipe and restore, because of the laptops hardware configuration)
Overall this is a pretty good score for more than ten years of net surfing for ANY Windows box (at least for anyone that doesn't live in a cave).
As to your implication that I was irresponsible for downloading them in the first place - Gee! I’ll bet no one in the Linux community has ever downloaded QEMU!
All of the other applications, were also from widely respected public projects, and, so far at least, the ONLY one of the three that has been confirmed to definitely have a real VIRUS, is one you may well have on your Linux system right now (minus the virus, which hopefully only made it into the windows version of the USB driver).
So please take your holier than thou ‘software hygiene’ lecture, fold it till it’s all sharp corners, and put it where the sun don’t shine.
In any case, as my previous post shows, even code checked in to the main Linux distribution tree, and shipped as part of the system ISO image, can be tainted without it being detected. My, my, my, could those compromised crypto libraries be the very ones you mentioned as protecting credit card info??? (If so, you might want to open your mouth a little wider so you can insert the other foot)
I never said that Windows98 had better
overall security, it does have some basic protection of kernel processes, but otherwise running applications have way too much freedom to cause mischief (and the file system is totally insecure).
My only point was that - at least so far as spyware trying to "phone home" is concerned - my Win98 box provides some basic security, where in Linux (at least by default) any app can open a port to the outside world, and do pretty much any damn thing it wants to as far as sending your private information out on the internet if you don't take pro-active steps to stop it.
As to your comment about trolling – Hmmm.
I would not like to think I am upsetting folks unnecessarily, or that no one here appreciates my observations (as you certainly appear not to), so let’s check the stats, shall we?
Let’s see . . . As I write this, I have 8 posts, and I have been thanked - let me see – looks like 2 times.
That looks like a solid 25%.
Oh well, I would have liked to please even more folks, but from what I see while doing some quick checks, batting 250 isn’t too bad at all for this forum.
Now let’s check your batting average shall we???
Let’s see Talka - Hmmm 180, carry the naught, divide by ...
Oh Crap!!! My chintzy old antiquated Widowz 98 box has just thrown a “Divide by ZERO!!!” exception and caught FIRE!!!
Help! I’m melting! Melting! Oh, what a world! what a world! . . .