Jetico Personal Firewall freeware asks way to many questions

[goarilla]

Sebastian G. wrote:
> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this **** be
> good for, other than ****ing up the system?
>

what ???
common i know lots of entries pointing to localhost is a cat and mouse game
at best but still ...

>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant. And, of course, what about Firefox?
> Even NoScript can't make it any less broken. If you really like a
> Mozilla core, take Mozilla SeaMonkey.
>

yes firefox is well ... a horrible code base but besides opera
are there really any good standards compliant (sort of) browsers out there
besides SM shares a LOT of that horrible code base
how is firefox broken ?

>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
>

true but NOD32 is the nicest of all PAV solutions (personal anti-virus )

>> Spyware Blaster
>
>
> Oh please...
>
>> Spybot Search+Destroy immunization
>
>
> OH PLEASE...
>
>> Turn off Windows Messenger
>
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.

are you against IM or just against MSN + MSNP ?

[Sebastian G.]

goarilla wrote:


> common i know lots of entries pointing to localhost is a cat and mouse game
> at best but still ...


it slows down the resolver and, in case of Windows, partitially breaks it.
Updating the HOSTS file requires write access that a normal user doesn't
have there, and an unwanted restart.

> yes firefox is well ... a horrible code base but besides opera
> are there really any good standards compliant (sort of) browsers out there
> besides SM shares a LOT of that horrible code base


Hm? The horrible code of Firefox starts where the common base ends.

> how is firefox broken ?


Just one keyword: Global Namespace Pollution

> true but NOD32 is the nicest of all PAV solutions (personal anti-virus )


So what? I'd say my trash can is the most beautiful one in the area. Yet
it's full of garbage and stinks.

> are you against IM or just against MSN + MSNP ?


Not even against the MSN IM protocol, but you should use an IM
implementation that isn't designed to execute arbitrary commands of the
attackers choice by default - which applies to Windows Messenger, MSN
Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite strange
that all the "official" clients are all broken by design, and the
third-party implementations are the only safe ones...

[goarilla]

Sebastian G. wrote:
> goarilla wrote:
>
>
>> common i know lots of entries pointing to localhost is a cat and mouse
>> game
>> at best but still ...
>
>
> it slows down the resolver and, in case of Windows, partitially breaks
> it. Updating the HOSTS file requires write access that a normal user
> doesn't have there, and an unwanted restart.
>

never had a problem with it on a win xp machine
but i don't really use the machine, my sister does

>> yes firefox is well ... a horrible code base but besides opera
>> are there really any good standards compliant (sort of) browsers out
>> there
>> besides SM shares a LOT of that horrible code base
>
>
> Hm? The horrible code of Firefox starts where the common base ends.

XUL is a big bloated piece of crap

>
>> how is firefox broken ?
>
>
> Just one keyword: Global Namespace Pollution
>
>> true but NOD32 is the nicest of all PAV solutions (personal anti-virus
>> )
>
>
> So what? I'd say my trash can is the most beautiful one in the area. Yet
> it's full of garbage and stinks.
>

you may talk all big and mighty but you're probably working with homogenous
network environments in which ADS,group policy, proxy servers, etc, ...
can be implemented
sadly this isn't the case in 99,99 % of the home LAN environments and in
which NOD32 is really really nice
although it's a band-aid

>> are you against IM or just against MSN + MSNP ?
>
>
> Not even against the MSN IM protocol, but you should use an IM
> implementation that isn't designed to execute arbitrary commands of the
> attackers choice by default - which applies to Windows Messenger, MSN
> Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite
> strange that all the "official" clients are all broken by design, and
> the third-party implementations are the only safe ones...

true i use biltlebee + irssi

[Sebastian G.]

goarilla wrote:


> XUL is a big bloated piece of crap


Quite the contrary. It allows for reference safety, type safety and contract
enforcement, and is still very fast due to JIT. One could compare it to
Java, or rather Python (because it allows on-the-fly changes).

>> So what? I'd say my trash can is the most beautiful one in the area. Yet
>> it's full of garbage and stinks.
>>
>
> you may talk all big and mighty but you're probably working with homogenous
> network environments in which ADS,group policy, proxy servers, etc, ...
> can be implemented


I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with
Debian and Windows 2000 + XP homogenous.
But why do you name group policy? This is, by design, not a security measure.

> sadly this isn't the case in 99,99 % of the home LAN environments and in
> which NOD32 is really really nice
> although it's a band-aid


As you say: it's a band-aid. Nothing more. Security starts with addressing
the causing, not cascading the symptoms. Especially since the main problem,
lacking user education, is even further amplified.

[goarilla]

Sebastian G. wrote:
> goarilla wrote:
>
>
>> XUL is a big bloated piece of crap
>
>
> Quite the contrary. It allows for reference safety, type safety and
> contract enforcement, and is still very fast due to JIT. One could
> compare it to Java, or rather Python (because it allows on-the-fly
> changes).
>
>>> So what? I'd say my trash can is the most beautiful one in the area.
>>> Yet it's full of garbage and stinks.
>>>
>>
>> you may talk all big and mighty but you're probably working with
>> homogenous
>> network environments in which ADS,group policy, proxy servers, etc,
>> ... can be implemented
>
>
> I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86
> with Debian and Windows 2000 + XP homogenous.
> But why do you name group policy? This is, by design, not a security
> measure.
>
>> sadly this isn't the case in 99,99 % of the home LAN environments and
>> in which NOD32 is really really nice
>> although it's a band-aid
>
>
> As you say: it's a band-aid. Nothing more. Security starts with
> addressing the causing, not cascading the symptoms. Especially since the
> main problem, lacking user education, is even further amplified.

ok what would you do when some of your stupid users
gets a virus ? reset a known good image ? that only works
if you have a homogenous windows env.

well not quite but if you have lots of different pc's with windows it's
a lot harder because you have
to manage a lot of different images

and what's the causing of security problems beside the user ?

[Sebastian G.]

goarilla wrote:


> ok what would you do when some of your stupid users
> gets a virus?


Depends on which systems. Those with higher security margins have a global
no-exec policy implemented, thus they simply can't anything but the
preinstalled software, and as long as this is up-to-date an in-memory
process compromise of the network is extremely unlikely.

On those with lesser security margin: Delete all programs and
script-relevant setting, if necessary restore their settings and their data
from the latest backup.

> well not quite but if you have lots of different pc's with windows it's
> a lot harder because you have
> to manage a lot of different images


Why are you always coming up with images? A user running malicious software
only compromises all the programs and the data he had access to, which is,
beside some necessarily shared data, only his own data. He can't damage the
data of other user, and neither the system.

> and what's the causing of security problems beside the user ?


Hardware errors. This is what the restore images are intended for: getting
the old system running on the new hardware again as soon as possible.

[goarilla]

Sebastian G. wrote:
> goarilla wrote:
>
>
>> ok what would you do when some of your stupid users
>> gets a virus?
>
>
> Depends on which systems. Those with higher security margins have a
> global no-exec policy implemented, thus they simply can't anything but
> the preinstalled software, and as long as this is up-to-date an
> in-memory process compromise of the network is extremely unlikely.
>

how does one do that ?
have any concrete information pertaining these security measures ?

> On those with lesser security margin: Delete all programs and
> script-relevant setting, if necessary restore their settings and their
> data from the latest backup.
>
>> well not quite but if you have lots of different pc's with windows
>> it's a lot harder because you have
>> to manage a lot of different images
>
>
> Why are you always coming up with images? A user running malicious
> software only compromises all the programs and the data he had access
> to, which is, beside some necessarily shared data, only his own data. He
> can't damage the data of other user, and neither the system.
>

in a perfect world yes
that's how i do it here
and well it's not uncommon for malware to use local (root) exploits
to escalate privilege

>> and what's the causing of security problems beside the user ?
>
>
> Hardware errors. This is what the restore images are intended for:
> getting the old system running on the new hardware again as soon as
> possible.

huh please explain. do you have some information on how to create
'restore images' since when ... i think image i think hardware specific
root filesystem (windows)

[Troglodyte]

Sebastian G. wrote:

> Depends on which systems. Those with higher security margins have a
> global no-exec policy implemented, thus they simply can't anything but
> the preinstalled software, and as long as this is up-to-date an
> in-memory process compromise of the network is extremely unlikely.

And this is what you propose the average user does? Home users use their
computers for fun and not to pretend their computer is Fort Knox. Hello?
Earth to Sebastian G.You are out of touch with reality. You sure you are
not posting from within the local loony bin?

[Troglodyte]

Sebastian G. wrote:

> As you say: it's a band-aid. Nothing more. Security starts with
> addressing the causing, not cascading the symptoms. Especially since the
> main problem, lacking user education, is even further amplified.

Well, seeing as you are certain you know how to make a system secure
without having to use anti virus scanners, spyware scanners, hosts file,
script blockers, ad blockers etc. why don't you put up a website with
instructions on how to do it and provide a real service to the community?

[Sebastian G.]

Troglodyte wrote:

> Sebastian G. wrote:
>
>> As you say: it's a band-aid. Nothing more. Security starts with
>> addressing the causing, not cascading the symptoms. Especially since the
>> main problem, lacking user education, is even further amplified.
>
> Well, seeing as you are certain you know how to make a system secure
> without having to use anti virus scanners, spyware scanners, hosts file,
> script blockers, ad blockers etc. why don't you put up a website with
> instructions on how to do it and provide a real service to the community?


Because, with respect to the demands of a normal home user, Windows is
secure out of the box? And since anti virus scanners, spyware scanners,
hosts file, script blockers, ad blockers etc. can't make a system secure,
there's nothing to discuss at all.