|
Posted by AndyHancock on April 21, 2008, 10:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
would recognize all the things that are legit. And won't bug the
user. However, I'm using Windows 2000. As far as I know, I need a
third party firewall.
wrote:
> > How do the more experienced maintainers of home firewalls deal with
> > this lack of detail in tightening up their firewall rules?
>
> Easy-- don't use personal firewalls that nag you all the time. If you're
> following basic safe computing practices (keep your software updated,
> anti-malware programs updated, and don't run as admin), then the firewall
> built in to Windows is all that you need. A firewall's job is to watch your
> network port and block inbound traffic that you didn't ask for. It's not the
> job of a firewall to try to watch every single outbound connection. Indeed,
> smart malware knows how to avoid these kinds of firewalls anyway. I've
> written extensively about this in the past;
seehttp://technet.microsoft.com/en-us/magazine/cc138010.aspx.
>
steve.ri...@microsoft.comhttp://blogs.technet.com/sterileyhttp://www.protectyourwindowsnetwork.com
>
>
>
> > After much web searching, it seems that anyone who has used older
> > firewalls (e.g Kerio, Sygate) will have been annoyed by messages like
> > "Generic Host Process for Win32 Services from your computer wants to
> > connect to some.changing.ip.address", or some outgoing ping (icmp).
> > The remote destination ip address often resolves to Microsoft or some
> > large content provider. The application that is doing this is always
> > nondescriptly described as svchost or tcpip kernel driver. Possible
> > causes are Windows update checker, Symantec, or possibly McAfee. I
> > know that Kerio will specify the full path of the executable trying to
> > connect out in some cases, so I'm not sure this information is so
> > elusive for these messages. Avast and Diskeeper connections to
> > outside are certainly reported more specifically than the above. From
> > the aforementioned web searching, such details are not elusive to
> > Kerio users. This makes it impossible to maintain a decent set of
> > firewall rules. I've already disabled automatic windows updates, got
> > rid of symantec, and such messages continue to occur, though less
> > often.
>
> > How do the more experienced maintainers of home firewalls deal with
> > this lack of detail in tightening up their firewall rules? I have,
> > and use, Spybot S&D. I'm hoping that there is a general appraoch that
> > doesn't entail that a user spend much less than 50% of his or her
> > computer time dealing with the security aspects. Currently, the
> > figure is well in excess of 50%, which really raises the question of
> > whether it is reasonable to convert to Luddite-ism.
>
> > Thanks!
| 
XML site map