rec.autos.simulators

>> Knowledge and caution with installing new programs is by far the safe
>> approach than just installing a fancy FW and forget about security
>> because "I have a firewall installed".

>You are correct, Martin, a safe approach is to be suspicious of all
>executables. However, I don't think I was insinuating that installing a
>firewall and forgetting about security was the idea.

>I agree George except with your choice of firewall. Black Ice is a
>good firewall but IMHO Zone Alarm is much better and it's FREE (which
>is amazing.) I have a Linksys router and run ZA on all my workstations
>and I have never had a problem. Basically, the router gets the attacks
>that originate from the outside and ZA gets them from the inside.

>Todd Walker
>twalker at jam dot rr dot com
>http://twalker.d2g.com

>On Sat, 05 May 2001 11:49:16 GMT, George Lewis

>>Hey old buddy....

>>I agree... even MS Proxy Server 2 I wouldn't consider a "great"
>>firewall.  would you really put PIX and Checkpoint in the same league?
>>just curious...

>>However, NAT should do the trick for most home users, and throw in
>>something like black ice stopping outbounds from weird ports and
>>stuff...  what I like about Black Ice is the user doesn't have to
>>learn a bunch of technical information and therefore mess up the
>>security configuration.

>>>> Jan, would you recommend firewall software on top of a hardware
>>>> firewall built into a broadband router, such as the products from
>>>> Linksys, SMC, and Netgear?

>>>Definitely.  They (hardware) only protect (and marginally at that) inbound connections, they
>>>do nothing against a program which has installed itself and is attempting outbound.
>>>See our writeup in the hardware section for details...

>>>All the mini-firewall/routers are really just a convenience...they do not provide a really
>>>solid firewall (as compared to things like Checkpoint, Cisco PIX, ect).  That's not to
>>>say that they don't work well, but if someone REALLY wanted to attempt to break
>>>into your system, a Linksys/Netgear/whatever would not stop them...

>>>Cheers!

>> Hey old buddy....

>> I agree... even MS Proxy Server 2 I wouldn't consider a "great"
>> firewall.  would you really put PIX and Checkpoint in the same league?
>> just curious...

>> However, NAT should do the trick for most home users, and throw in
>> something like black ice stopping outbounds from weird ports and
>> stuff...  what I like about Black Ice is the user doesn't have to
>> learn a bunch of technical information and therefore mess up the
>> security configuration.

>GEORGE!!!!!!!!!!!!!!
>Geez, it's been a long time!  Nice ta see you!  ;]

>Well, what I was referring to was the fact that a properly set up 'real' firewall
>will only allow connections that have been designated as 'ok', all other inward/
>outbound connections are halted at the firewall.  With Linksys/Netgear/whatever,
>there are certain programs on the operating system which could be given a buffer
>overflow and thus give access to the target computer.  Not *quite* so likely on
>something such as Checkpoint, but combined with a good IDS it would be much
>more difficult.

>I know Black Ice on previous versions did not stop outbound connections, but I
>heard they were going to fix that.  I've not tried it recently to see...

>Cheers!

>clipped
>> The ONLY way to be safe is to prevent trojans (and other nasties) from
>> getting onto your system, i.e. don't install software of questionable
>> origin, use an email client without all the fancy automation stuff,
>> browse with the highest possible security settings, etc. Also check for
>> secutity updates for your programs/OS. The best way is of course to store
>> sensible data on an extra machine that connects to the net only when
>> absolutly neccessary.

>I've been following this thread with interest and appreciate the info.
>Since many viruscheckers don't detect trojans (if I understand this
>correctly) then what's the best way to check for them on your system?  I've
>recently installed a firewall and other protective measures but want to be
>sure that there's nothing already on my system

>tia for any advice

>   When the hacker ***y-trapped my system, my NOD32 virus checker caught it.
> Unfortunately, I didn't have it up and running after updating my system.
> Even if the virus checker had been active, I don't think I could have
> prevented it once the hacker got into my system.  I have some very unkind
> words for that individual if we ever meet.   Nod32 found the virus and said
> it couldn't fix it...but saved it so I could email it to the Nod32
> programmers.  What the virus did was re-assign a windows function to itself
> so that when I removed the file all my windows programs quit working.  i.e.
> I couldn't open Windows Explorer because such & such a file was missing.  I
> couldn't email because the file was missing.  I couldn't even shut down or
> reboot because the file was  missing.

SNIP
> A firewall will not stopping trojans from infecting your system at all.
> It might have difficulties reporting your data to someone but that does't
> stop a trojan from doing anything to your system. Since trojans -once
> installed- have the same rights as any other program they can do pretty
> much the same things you can do - e.g. disable your (software) firewall,
> send emails, read/format your disk, etc.

> The ONLY way to be safe is to prevent trojans (and other nasties) from
> getting onto your system, i.e. don't install software of questionable
> origin, use an email client without all the fancy automation stuff,
> browse with the highest possible security settings, etc. Also check for
> secutity updates for your programs/OS. The best way is of course to store
> sensible data on an extra machine that connects to the net only when
> absolutly neccessary.

>Ummm, you mean "software of a questionable origin" such as warez?!? Hee
>hee hee, serves them right for dl'ing it in the first place!

>Well, the problem with virus checkers are that they are "stupid" -
>they only check for known situations and conditions.  I have yet to
>see an intelligent one that can look at something and say "hey! this
>doesn't look right!"  if it fits the conditions, it gets marked.  but
>the problem is that most new viruses haven't been "defined" yet so the
>stupid virus checker lets the files go on through.

> >Ummm, you mean "software of a questionable origin" such as warez?!? Hee
> >hee hee, serves them right for dl'ing it in the first place!

> That's not restricted to warez/gamez... depending on the site I'd assume
> that those are usually "safer" than some other areas of downloadable
> software. After all if you put a trojan in a 100MB+ download that is
> mainly d/l'ed by people with at least some computer knowledge you won't
> find many victims. However if you put a trojan into a small utility that
> is supposed to help you with applications that a lot of unexperienced
> people use (e.g. AOL, ICQ, etc.) you'll probably have more "success".

> So basically "software of a questionable origin" means any software that
> hasn't been

> a) bought as commercial software in a store
> b) downloaded from a site of a known (and trusted) company
> (updates/patches)
> c) written by yourself or someone you trust - on a safe system.

> Note that a) & b) are not perfectly safe (shit happens) but it's likely
> that problems will be discovered soon and quickly solved.
> In short: if you don't know who to sue if a program contained a trojan
> then the origin is questionable ;-)

> Martin

> I went to a questionable site today and Norton detected that this site was
> trying to perform a registry write and asked if i wanted to stop or
> continue. Naturally, i selected stop and it shut down netscape. So norton
> does look for some funny things with VBscripts

> > >Ummm, you mean "software of a questionable origin" such as warez?!? Hee
> > >hee hee, serves them right for dl'ing it in the first place!

> > That's not restricted to warez/gamez... depending on the site I'd assume
> > that those are usually "safer" than some other areas of downloadable
> > software. After all if you put a trojan in a 100MB+ download that is
> > mainly d/l'ed by people with at least some computer knowledge you won't
> > find many victims. However if you put a trojan into a small utility that
> > is supposed to help you with applications that a lot of unexperienced
> > people use (e.g. AOL, ICQ, etc.) you'll probably have more "success".

> > So basically "software of a questionable origin" means any software that
> > hasn't been

> > a) bought as commercial software in a store
> > b) downloaded from a site of a known (and trusted) company
> > (updates/patches)
> > c) written by yourself or someone you trust - on a safe system.

> > Note that a) & b) are not perfectly safe (shit happens) but it's likely
> > that problems will be discovered soon and quickly solved.
> > In short: if you don't know who to sue if a program contained a trojan
> > then the origin is questionable ;-)

> > Martin

> After reading this thread, I downloaded and installed the free version of
> Zone Alarm.
> I have had it installed for about an hour, and already have received 4
> alerts of different ip addresses that were blocked trying to access my
> computer through the internet.
> Is this normal?  Would this be hackers trying to get into my system? I'm
> just wondering what's been happening up until I installed Zone Alarm/