Author Topic: Firewall review with voting  (Read 36020 times)

Offline matousec

  • Newbie
  • *
  • Posts: 7
    • Matousec - Transparent security
Re: Firewall review with voting
« Reply #15 on: August 12, 2006, 03:21:46 AM »
Thanks David. I will send that link to him.  :) There is still one problem, my friend's biggest arsenal in his argument is that he has been using the Internet for years without getting infected by virus. That's pretty hard for me to counter, perhaps he is just lucky like me.  :P

To be honest, I do not even use the Windows firewall ... but this is nothing I can recommend to common users, I do not use any Antivirus software too. If the guy you are talking about is computer expert then it can be ok to use no Antivirus, no Personal Firewall, no Antispyware etc. If you can recognize malware in hexeditor, you know which processes are running on your system and know how to prevent rootkits running on your system ... you do not need third party software.

But if we speak about common or even advanced users, not system programmers, I will recommend using at least Personal Firewall for sure. And we know that the vast majority of people we are dealing with are not system programmers ...

Anyway, what does matousec means? Is it in Cantonese?

Nice :). Since my last name and also (accidentally) the last name of my colleague is 'Matousek' with the wedge above "s" I think "matousec" means nothing :). Just little change of one letter to make it sound more cool and compatible with "security" word. More on this is on about-us page on our site.
David Matousek, founder of Matousec - Transparent security

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2106
Re: Firewall review with voting
« Reply #16 on: August 12, 2006, 09:05:22 AM »
Mike,

The thing is he always surf the Internet and even been to shody sites that offer cracks and keygens. And he is telling me that he has never been bitten before. How far it is true, I don't know.

Yours truly,
DoomScythe

Wow! that is shocking.  Normally it takes around 15 - 20 minutes for a computer to be infected without a firewall, and probably a matter of seconds visiting any dodgy sites.  He is also at risk as his ports are open and subject to a port scan allowing a hacker to see that his PC exists at the IP address - even with closed ports the hacker can see he's there and attack at a later time when the ports are open.  A firewall will stealth these ports regardless and the PC will appear invisible to any passing scanners, as the firewall will only allow requested data and will detect the port scan and block it.

Does he ever do any sort of malware scan or does he say he is fine because his computer has no problems?  I'm guessing if it's the latter and he were to do a scan he might be surprised at what is found.

Mike
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #17 on: August 12, 2006, 11:43:48 AM »
Thanks for the reply David. My friend is a half-programmer. He programs simple scripts like MIRC and PHP but not more than that. I would rate him as a guy who know's what's going on in his PC and where to look for a cure but he is definitely not into hardcore programming

----------

Well Mike, you see, my friend is an odd fella. He believes in running a AV software and a spyware scanner. He is using Spyware Doctor (which is one of the best spyware scanner) and runs scans regularly. The ONLY security thing he does not believe in is Firewall.

I guess he knows what he is doing. But looking it from another perspective, not having a firewall for him isn't that bad afterall, condering all of the precautions he takes. I guess he just lookout for every steps he takes.

Yours truly,
DoomScythe

p/s: By the way, the Spyware Doctor he uses is a cracked version.  :P

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2106
Re: Firewall review with voting
« Reply #18 on: August 12, 2006, 04:22:02 PM »
Well Mike, you see, my friend is an odd fella. He believes in running a AV software and a spyware scanner. He is using Spyware Doctor (which is one of the best spyware scanner) and runs scans regularly. The ONLY security thing he does not believe in is Firewall.

I guess he knows what he is doing. But looking it from another perspective, not having a firewall for him isn't that bad afterall, condering all of the precautions he takes. I guess he just lookout for every steps he takes.

Yours truly,
DoomScythe

p/s: By the way, the Spyware Doctor he uses is a cracked version.  :P

Well I guess in that case I can sort of understand why he may not have been infected as the resident scanners would detect most malware when it was downloaded, although he would probably have been notified.  However, he is still susceptible to malware that don't write to a disk and attack in other ways - which a firewall should block.  Also, he is still susceptible to port scans.

Mike
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #19 on: August 13, 2006, 12:04:09 AM »
Well I guess in that case I can sort of understand why he may not have been infected as the resident scanners would detect most malware when it was downloaded, although he would probably have been notified.  However, he is still susceptible to malware that don't write to a disk and attack in other ways - which a firewall should block.  Also, he is still susceptible to port scans.

Mike

Yup, I agree. I think he is more like the type of guy who holds a shotgun and sit inside of his house. He would shoot any intruder that walks in to his house without his permission. I guess people like you and me prefer the less hassle way where we just lock our doors and shut the damn problem out from our house.

I think this is just more of a preference of the way of keeping the bad guys from reaching us. (Of course, if the bad guy that came into my friend's house wears a bullet-proof vest, then he is in for big time trouble)

Yours truly,
DoomScythe

Offline matousec

  • Newbie
  • *
  • Posts: 7
    • Matousec - Transparent security
Re: Firewall review with voting
« Reply #20 on: August 13, 2006, 04:35:41 AM »
People who relies on pattern based security do not care about pointed attacks. It is not clear whether people should care about these attacks or not. There is always an argument against "Why would someone want to hack me - me, the common user who is just chating with friends ...". And this is not that poor argument as it looks because updated Antivirus software is able to deal with wild Internet worms. On the other side are people (including me) who say that this is not always about pointed attacks, there exist a large business with botnets. These botnets are private tools of blackhats, they are not detected by Antivirus software and are always updated when they become detected. They want every single computer, so common chating user is the ideal target. Just exploit some new vulnerability, install itself into the system, subvert Antivirus software updates with known tricks or to hide from scans with rootkit technology, and you own the user's machine and just communicate with your botnet master ready for action ... The user of infected machine is usually infected for month or years without any notice ... Personal firewall is able to prevent this because it is not pattern based.
David Matousek, founder of Matousec - Transparent security

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #21 on: August 13, 2006, 04:47:55 AM »
People who relies on pattern based security do not care about pointed attacks. It is not clear whether people should care about these attacks or not. There is always an argument against "Why would someone want to hack me - me, the common user who is just chating with friends ...". And this is not that poor argument as it looks because updated Antivirus software is able to deal with wild Internet worms. On the other side are people (including me) who say that this is not always about pointed attacks, there exist a large business with botnets. These botnets are private tools of blackhats, they are not detected by Antivirus software and are always updated when they become detected. They want every single computer, so common chating user is the ideal target. Just exploit some new vulnerability, install itself into the system, subvert Antivirus software updates with known tricks or to hide from scans with rootkit technology, and you own the user's machine and just communicate with your botnet master ready for action ... The user of infected machine is usually infected for month or years without any notice ... Personal firewall is able to prevent this because it is not pattern based.

Okay, that is a little scary. Thanks for the reply David. I will direct him to this thread and have him read it by himself.

Yours truly,
DoomScythe

Offline TheTOM_SK

  • Comodo Loves me
  • ****
  • Posts: 121
Re: Firewall review with voting
« Reply #22 on: August 13, 2006, 05:00:37 AM »
Setting up Windows provides great security. Firewall, AV and other software are just a layer protection. Cracker can not just open port from outside so easily. There has to be eg. an aplication running and listening to the port like default running Windows services DCOM (135), NetBIOS (137-139), Server (80) and etc. Port scan will just find out, that all ports are closed or stealthed, which means almost the same for the cracker. Port scans randomly look for computers with open ports, they are millions and more of them, so he does not have to bother with attacking computer with closed ports. So unless there is not someone, who wants to hack his computer, there is almost nothing to worry about. As far as I can see, he is a skilled user, but I would never rely on an aplication like AV instead of Firewall. As matousec posted, using software based on signatures is like playing a Russian roulette with malware. I would recommend him to use at least Comodo firewall, which has some kind of IPS.
« Last Edit: August 13, 2006, 05:03:04 AM by TheTOM_SK »

Offline BullHorn

  • Comodo's Hero
  • *****
  • Posts: 230
  • Nexus23
    • Nexus23 Corp. Ltd.
Re: Firewall review with voting
« Reply #23 on: August 13, 2006, 05:04:12 AM »
Firewalls are most important for your computer's safety. That's obvious.

Windows Firewall is light, very simple and good enough to stealth your ports.


So unless you know for sure that someone has got your IP and is going to harm your machine in some way, you don't need to clutter your PC with other 3rd party programs.

I'm paranoid, that's why I use Comodo software. ;)
Windows XP SP2
Comodo Personal Firewall 3.0.7.208
NOD32 2.7

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #24 on: August 13, 2006, 05:32:08 AM »
Okay Tom_SK, thanks.

David's and your replies bring me to another question which have been on my mind for quite some time. How do we classify a user that is skilled? I mean what should a user know to be classified as a skilled or professional? What is the general criteria? Say, I know how to use the registry, MSConfig, get around the Windows and get a rough idea of what my computer is doing. Where does that put me?

This question is stuck on my mind because there are sites or questionaires that ask me to rate my own computer skills. They will have a range such as Newbie, Acquainted, Intermediate, Skilled and Expert. My usual answer is either Acquainted. Any idea?

Yours truly,
DoomScythe

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2106
Re: Firewall review with voting
« Reply #25 on: August 13, 2006, 10:00:33 AM »
Yup, I agree. I think he is more like the type of guy who holds a shotgun and sit inside of his house. He would shoot any intruder that walks in to his house without his permission. I guess people like you and me prefer the less hassle way where we just lock our doors and shut the damn problem out from our house.

I think this is just more of a preference of the way of keeping the bad guys from reaching us. (Of course, if the bad guy that came into my friend's house wears a bullet-proof vest, then he is in for big time trouble)

Yours truly,
DoomScythe

That's a very interesting way of looking at it, but yes.  Without a lock on a door anyone can walk in the same without a firewall on your computer.  In the old days, you could leave a door unlocked and never worry but doing this now is just asking for trouble.  Although, with a shotgun a may not be as worried.

Mike

PS.  I know I used the in the old days cliche, but i'm not that old it's just what I've heard.  ;D
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline matousec

  • Newbie
  • *
  • Posts: 7
    • Matousec - Transparent security
Re: Firewall review with voting
« Reply #26 on: August 13, 2006, 10:52:31 AM »
How do we classify a user that is skilled? I mean what should a user know to be classified as a skilled or professional? What is the general criteria? Say, I know how to use the registry, MSConfig, get around the Windows and get a rough idea of what my computer is doing. Where does that put me?

Nice question indeed :)

So, you say we should somehow define about 5 sorts, let's use Newbie, Acquainted, Intermediate, Skilled, Expert. I will try to define newbie :)

Newbie - I think this one is the easiest to recognize. Zero or almost zero knowledge, can not recognize terms like "network interface", "IP address", not even "registry", "process". These people are able to start computer and run their Office / Internet browser / games. Can have hard times to find something on the Internet.

I am not sure how to define others, would need little more thinking from me :)
Maybe it would be a good idea to match these 5 sorts with computer terms as I did with newbies.
For example if one know what is non paged pool in the NT kernel ...

On the other hand I have got little doubts whether the level of computer knowledge implies the level of the computer security knowledge. I mean that there are people - administrators for example - who understand security pretty well but they are not programmers. And vice versa - programmers who can program, understand some API for example, but are not system or security programmers and know nothing about security.
David Matousek, founder of Matousec - Transparent security

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #27 on: August 13, 2006, 11:28:33 AM »
David,

That question have been haunting me for a very very long time (years). I think it is the general computer skills that matter, not a skewed side of computer knowledge. Like you said:

On the other hand I have got little doubts whether the level of computer knowledge implies the level of the computer security knowledge. I mean that there are people - administrators for example - who understand security pretty well but they are not programmers. And vice versa - programmers who can program, understand some API for example, but are not system or security programmers and know nothing about security.


When those questionaires or forms ask us the level of our computer competency, I think they meant it as general computer knowledge. David, based on your experience (I believe you are at least quite experienced, if not very experienced), what defines a Expert? And what defines a Skilled user?

I seriously hope others can reply to my question. I think this question affects others as well.

Yours truly,
DoomScythe

Offline BullHorn

  • Comodo's Hero
  • *****
  • Posts: 230
  • Nexus23
    • Nexus23 Corp. Ltd.
Re: Firewall review with voting
« Reply #28 on: August 13, 2006, 12:04:01 PM »
I have very subjective classification, don't take this seriously; just my opinion:

Newbie: Person who can barely figure how to start his PC, let alone install anything and/or use a program or play a game (I can see these often here in Israel ._.).

Acquainted: Person who can do simple actions with a computer like install programs and games and just have fun using a PC without actually knowing what he is doing.

Intermediate: The most common level of PC users, in my opinion. They know how to fix random simple problems, formating, installing Windows, know how to use Google, etc.

Skilled: That's how I see myself. I know what I'm doing, I can fix almost any problem myself and even if I can't, I can easily find a solution. I can keep my machine free of problems, and fix the machine of problems incase I acquire any. 

Expert: People who actually get paid from doing computer-related works, know how to code in at least one language; the people that "Skilled" users go to when they have a serious problem, like people that are part of the Comodo crew. ;)

Am I close? :P
Windows XP SP2
Comodo Personal Firewall 3.0.7.208
NOD32 2.7

Offline DoomScythe

  • Comodo's Hero
  • *****
  • Posts: 396
Re: Firewall review with voting
« Reply #29 on: August 13, 2006, 12:44:46 PM »
Well, truth to be told, the classification of users that I have in my mind is close to yours. However, I don't know about what the others think. If only someone from a surveyor company is in this forums.  :-\

Anyway Bullhorn, thanks for your reply. Nice to know that someone else share the same idea as I do.

Yours truly,
DoomScythe

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek