E-mail attachment virii clean-up

Hello all,

Yesterday I'd visited an old friend. He's running Win Me, with no
AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
opened 2 attachments... Double extension .txt........scr type. Ahem.

I'd only rocked up after the fact. Given that laptop is not mine, not
a whole lot i can do (brute format + OS upgrade was not an option),
however, took the following steps:

Wiped all unsolicited e-mail, all downloaded attachments, and all
files created on disk within last 24 hours. (Suspiciously many EXE &
DLLs in that lot, all same size at that)
(web)Port scanned the machine - even though no firewall is present, no
services are listening on common high numbered ports.

Seems to be working ok - anything else that could be done (other than
convincing people to not trust odd attachments and have latest AV
etc..., and upgrade to a later OS)

Interestingly, the hotmail AV scanner did not detect anything in those
e-mails.

Next step (today) will be to re-check any new file creations and clean
the registry. (Easy part) And try to convince my non-paranoid friends
to use later OS,AV+etc... :)

P.S. Sometimes malice can't happen without a little bit of stupidity
from people who are normally intelligent. Then again, sometimes we see
stupidity in manifestations of trust.

David
Mon Nov 15 22:09:24 CST 2004

Tom:

There is no such terminology as "virii' The plural of virus is viruses.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt248.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinXP, create a new Restore point

* * * Please report back your results * * *

Dave



"Tom Kazanski" <execve@mail.ru> wrote in message
news:ca1ee49a.0411151856.7913daba@posting.google.com...
| Hello all,
|
| Yesterday I'd visited an old friend. He's running Win Me, with no
| AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
| opened 2 attachments... Double extension .txt........scr type. Ahem.
|
| I'd only rocked up after the fact. Given that laptop is not mine, not
| a whole lot i can do (brute format + OS upgrade was not an option),
| however, took the following steps:
|
| Wiped all unsolicited e-mail, all downloaded attachments, and all
| files created on disk within last 24 hours. (Suspiciously many EXE &
| DLLs in that lot, all same size at that)
| (web)Port scanned the machine - even though no firewall is present, no
| services are listening on common high numbered ports.
|
| Seems to be working ok - anything else that could be done (other than
| convincing people to not trust odd attachments and have latest AV
| etc..., and upgrade to a later OS)
|
| Interestingly, the hotmail AV scanner did not detect anything in those
| e-mails.
|
| Next step (today) will be to re-check any new file creations and clean
| the registry. (Easy part) And try to convince my non-paranoid friends
| to use later OS,AV+etc... :)
|
| P.S. Sometimes malice can't happen without a little bit of stupidity
| from people who are normally intelligent. Then again, sometimes we see
| stupidity in manifestations of trust.

war17
Mon Nov 15 22:31:04 CST 2004

I assume you ran updated anti-virus scanner.

Also scan for spyware with Spybot or Adaware.

-------
Warren
For additional help, post in
http://groups.msn.com/HelpforInternetExplorerorWindowsME/homepage

Tom Kazanski wrote:
> Hello all,
>
> Yesterday I'd visited an old friend. He's running Win Me, with no
> AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
> opened 2 attachments... Double extension .txt........scr type. Ahem.
>
> I'd only rocked up after the fact. Given that laptop is not mine, not
> a whole lot i can do (brute format + OS upgrade was not an option),
> however, took the following steps:
>
> Wiped all unsolicited e-mail, all downloaded attachments, and all
> files created on disk within last 24 hours. (Suspiciously many EXE &
> DLLs in that lot, all same size at that)
> (web)Port scanned the machine - even though no firewall is present, no
> services are listening on common high numbered ports.
>
> Seems to be working ok - anything else that could be done (other than
> convincing people to not trust odd attachments and have latest AV
> etc..., and upgrade to a later OS)
>
> Interestingly, the hotmail AV scanner did not detect anything in those
> e-mails.
>
> Next step (today) will be to re-check any new file creations and clean
> the registry. (Easy part) And try to convince my non-paranoid friends
> to use later OS,AV+etc... :)
>
> P.S. Sometimes malice can't happen without a little bit of stupidity
> from people who are normally intelligent. Then again, sometimes we see
> stupidity in manifestations of trust.

Mark
Tue Nov 16 12:29:22 CST 2004

On 15 Nov 2004 18:56:52 -0800, execve@mail.ru (Tom Kazanski) wrote:

>Hello all,
>
>Yesterday I'd visited an old friend. He's running Win Me, with no
>AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
>opened 2 attachments... Double extension .txt........scr type. Ahem.
>

A file like "story.txt.scr" does not have a double extension. The
extension is .SCR (the text after the RIGHTMOST dot). However, it does
look like .TXT when Winsdows is lying to you about what's there ("hide
common file extensions", a very bad decision for MS to nmake this the
default).

>I'd only rocked up after the fact. Given that laptop is not mine, not
>a whole lot i can do (brute format + OS upgrade was not an option),
>however, took the following steps:
>
>Wiped all unsolicited e-mail, all downloaded attachments, and all
>files created on disk within last 24 hours. (Suspiciously many EXE &
>DLLs in that lot, all same size at that)

This is a good reason for avoiding Outlook Express. It shows messages
in HTML, which allows malicious code to be run automatically (you
don't even have to open an attachment). It seems to be less important,
but it still helps to avoid Internet Explorer when possible. Try
Firefox (http://www.mozilla.org/products/firefox/).

Note that at least one person I know thought you could turn HTML off
by changing the "send messages" setting. That has NO effect on
incoming messaes.

>(web)Port scanned the machine - even though no firewall is present, no
>services are listening on common high numbered ports.
>

That would be common LOW numbered ports (0-1055). Also, this does not
protect you from spyware (the XP firewall won't either).

There's another good port scanning service at
https://www.grc.com/x/ne.dll?bh0bkyd2 .However, none of these will
show vulnerability to OUTGOING connections (such as from spyware,
Windows itself is a big offender here too).

>Seems to be working ok - anything else that could be done (other than
>convincing people to not trust odd attachments and have latest AV
>etc..., and upgrade to a later OS)
>

I listed a few others.

Notice that the XP firewall is incoming-only, and provides much less
protection than a good firewall.

>Interestingly, the hotmail AV scanner did not detect anything in those
>e-mails.
>

AV scanners often don't detect spyware (although it's still a good
idea to use one). A firewall is still important.

>Next step (today) will be to re-check any new file creations and clean
>the registry. (Easy part) And try to convince my non-paranoid friends
>to use later OS,AV+etc... :)
>

And turn off the stupid "hide file extensions" setting (it's in
"folder options").

>P.S. Sometimes malice can't happen without a little bit of stupidity
>from people who are normally intelligent. Then again, sometimes we see
>stupidity in manifestations of trust.

Both true. And in many cases the stupidity seems to be voluntary.

--
39 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

JAD
Tue Nov 16 13:38:03 CST 2004

Note that at least one person I know thought you could turn HTML off
by changing the "send messages" setting. That has NO effect on
incoming messaes.


set 'read' to plain text only,,,, very simple


"Mark Lloyd" <mlloyd@roachmail.comant> wrote in message
news:rpgkp0p5lc4bo1fvpjs9kedmb5acbm47qo@4ax.com...
> On 15 Nov 2004 18:56:52 -0800, execve@mail.ru (Tom Kazanski) wrote:
>
> >Hello all,
> >
> >Yesterday I'd visited an old friend. He's running Win Me, with no
> >AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
> >opened 2 attachments... Double extension .txt........scr type.
Ahem.
> >
>
> A file like "story.txt.scr" does not have a double extension. The
> extension is .SCR (the text after the RIGHTMOST dot). However, it
does
> look like .TXT when Winsdows is lying to you about what's there
("hide
> common file extensions", a very bad decision for MS to nmake this
the
> default).
>
> >I'd only rocked up after the fact. Given that laptop is not mine,
not
> >a whole lot i can do (brute format + OS upgrade was not an option),
> >however, took the following steps:
> >
> >Wiped all unsolicited e-mail, all downloaded attachments, and all
> >files created on disk within last 24 hours. (Suspiciously many EXE
&
> >DLLs in that lot, all same size at that)
>
> This is a good reason for avoiding Outlook Express. It shows
messages
> in HTML, which allows malicious code to be run automatically (you
> don't even have to open an attachment). It seems to be less
important,
> but it still helps to avoid Internet Explorer when possible. Try
> Firefox (http://www.mozilla.org/products/firefox/).
>
> Note that at least one person I know thought you could turn HTML off
> by changing the "send messages" setting. That has NO effect on
> incoming messaes.
>
> >(web)Port scanned the machine - even though no firewall is present,
no
> >services are listening on common high numbered ports.
> >
>
> That would be common LOW numbered ports (0-1055). Also, this does
not
> protect you from spyware (the XP firewall won't either).
>
> There's another good port scanning service at
> https://www.grc.com/x/ne.dll?bh0bkyd2 .However, none of these will
> show vulnerability to OUTGOING connections (such as from spyware,
> Windows itself is a big offender here too).
>
> >Seems to be working ok - anything else that could be done (other
than
> >convincing people to not trust odd attachments and have latest AV
> >etc..., and upgrade to a later OS)
> >
>
> I listed a few others.
>
> Notice that the XP firewall is incoming-only, and provides much less
> protection than a good firewall.
>
> >Interestingly, the hotmail AV scanner did not detect anything in
those
> >e-mails.
> >
>
> AV scanners often don't detect spyware (although it's still a good
> idea to use one). A firewall is still important.
>
> >Next step (today) will be to re-check any new file creations and
clean
> >the registry. (Easy part) And try to convince my non-paranoid
friends
> >to use later OS,AV+etc... :)
> >
>
> And turn off the stupid "hide file extensions" setting (it's in
> "folder options").
>
> >P.S. Sometimes malice can't happen without a little bit of
stupidity
> >from people who are normally intelligent. Then again, sometimes we
see
> >stupidity in manifestations of trust.
>
> Both true. And in many cases the stupidity seems to be voluntary.
>
> --
> 39 days until the winter solstice celebration
>
> Mark Lloyd
> http://notstupid.laughingsquid.com

Mark
Tue Nov 16 14:43:08 CST 2004

On Tue, 16 Nov 2004 11:38:03 -0800, "JAD" <Kapasitor@coldmail.com>
wrote:

>Note that at least one person I know thought you could turn HTML off
>by changing the "send messages" setting. That has NO effect on
>incoming messaes.
>
>
>set 'read' to plain text only,,,, very simple
>

And off by default, so the lazy and unknowing majority won't be using
this.

I'd be more likely to know that if I'd used OE regularly during the
last 4 years or so.

>
>"Mark Lloyd" <mlloyd@roachmail.comant> wrote in message
>news:rpgkp0p5lc4bo1fvpjs9kedmb5acbm47qo@4ax.com...
>> On 15 Nov 2004 18:56:52 -0800, execve@mail.ru (Tom Kazanski) wrote:
>>
>> >Hello all,
>> >
>> >Yesterday I'd visited an old friend. He's running Win Me, with no
>> >AV/IDS/FW. His sister was checking her hotmail a/c and downloaded &
>> >opened 2 attachments... Double extension .txt........scr type.
>Ahem.
>> >
>>
>> A file like "story.txt.scr" does not have a double extension. The
>> extension is .SCR (the text after the RIGHTMOST dot). However, it
>does
>> look like .TXT when Winsdows is lying to you about what's there
>("hide
>> common file extensions", a very bad decision for MS to nmake this
>the
>> default).
>>
>> >I'd only rocked up after the fact. Given that laptop is not mine,
>not
>> >a whole lot i can do (brute format + OS upgrade was not an option),
>> >however, took the following steps:
>> >
>> >Wiped all unsolicited e-mail, all downloaded attachments, and all
>> >files created on disk within last 24 hours. (Suspiciously many EXE
>&
>> >DLLs in that lot, all same size at that)
>>
>> This is a good reason for avoiding Outlook Express. It shows
>messages
>> in HTML, which allows malicious code to be run automatically (you
>> don't even have to open an attachment). It seems to be less
>important,
>> but it still helps to avoid Internet Explorer when possible. Try
>> Firefox (http://www.mozilla.org/products/firefox/).
>>
>> Note that at least one person I know thought you could turn HTML off
>> by changing the "send messages" setting. That has NO effect on
>> incoming messaes.
>>
>> >(web)Port scanned the machine - even though no firewall is present,
>no
>> >services are listening on common high numbered ports.
>> >
>>
>> That would be common LOW numbered ports (0-1055). Also, this does
>not
>> protect you from spyware (the XP firewall won't either).
>>
>> There's another good port scanning service at
>> https://www.grc.com/x/ne.dll?bh0bkyd2 .However, none of these will
>> show vulnerability to OUTGOING connections (such as from spyware,
>> Windows itself is a big offender here too).
>>
>> >Seems to be working ok - anything else that could be done (other
>than
>> >convincing people to not trust odd attachments and have latest AV
>> >etc..., and upgrade to a later OS)
>> >
>>
>> I listed a few others.
>>
>> Notice that the XP firewall is incoming-only, and provides much less
>> protection than a good firewall.
>>
>> >Interestingly, the hotmail AV scanner did not detect anything in
>those
>> >e-mails.
>> >
>>
>> AV scanners often don't detect spyware (although it's still a good
>> idea to use one). A firewall is still important.
>>
>> >Next step (today) will be to re-check any new file creations and
>clean
>> >the registry. (Easy part) And try to convince my non-paranoid
>friends
>> >to use later OS,AV+etc... :)
>> >
>>
>> And turn off the stupid "hide file extensions" setting (it's in
>> "folder options").
>>
>> >P.S. Sometimes malice can't happen without a little bit of
>stupidity
>> >from people who are normally intelligent. Then again, sometimes we
>see
>> >stupidity in manifestations of trust.
>>
>> Both true. And in many cases the stupidity seems to be voluntary.
>>
>> --
>> 39 days until the winter solstice celebration
>>
>> Mark Lloyd
>> http://notstupid.laughingsquid.com
>

--
39 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

JAD
Tue Nov 16 15:01:10 CST 2004

You know Mark that is a good example where things are going. The fact
that you would rather have "defaults' set at the beginning of an
installation that are conformed around your personal comfort, is a
way of say of saying 'take care of me please I don't want to be
bothered with learning anything. I'll trust you to protect me. or
maybe 'take away whatever services that are suspect' and don't offer
me any options. All in the name of security...and fear. Ignorance of
how something works doesn't make the that 'something' at fault, as
usual lets point the finger elsewhere.

You know that ad "Jusy do it" 2004 version should be "Just do it
for me"

execve
Tue Nov 16 23:56:39 CST 2004

Thanks all for your constructive posts.

Cleaned things up and got latest AV on it.
Now i'll just have to persuade the guy to actually *GET* XP SP2 with
firewall. - As I've noted in original post, he's running Millennium
:-(

All the fun of installing XP... Again :)

He'd better hike the RAM too while he's at it... 512 should do it.

Unless he wants a new laptop. But that's going OT.

Forking out $$ for a new OS that really is rather similar is probably
not the best "selling point", but heck, WinMe is no longer supported
and XP SP2 is the most secure MS OS there is.

Still, it's difficult to recommend getting XP when its license cost is
actually comparable to the cost of buying a new laptop - e.g. a yet
another friend showed off his new toy last night - new XP laptop with
DVD burner, 512 RAM, 17in screen, etc, for $800. NEW, from vendor. Oh
well.

Cheers

John
Wed Nov 17 09:19:55 CST 2004

"Mark Lloyd" <mlloyd@roachmail.comant> wrote in message =
news:rpgkp0p5lc4bo1fvpjs9kedmb5acbm47qo@4ax.com...
>=20
> Notice that the XP firewall is incoming-only, and provides much less
> protection than a good firewall.
>=20
> Mark Lloyd
>
No, Mark. You're describing the old Internet Connection Firewall.
The Windows Firewall in XP intercepts both incoming and outgoing =
traffic.
---JRC---

Alias
Wed Nov 17 09:33:49 CST 2004


"John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
"Mark Lloyd" <mlloyd@roachmail.comant> wrote
>
> Notice that the XP firewall is incoming-only, and provides much less
> protection than a good firewall.
>
> Mark Lloyd
>
No, Mark. You're describing the old Internet Connection Firewall.
The Windows Firewall in XP intercepts both incoming and outgoing traffic.
---JRC---

No it doesn't and it doesn't to avoid law suits like what happened with
Internet Explorer. Please do your research before you post false
information.

Thanks

Alias

John
Wed Nov 17 10:11:24 CST 2004

"Alias" <alsoknown@maskedandanonymous.com> wrote in message =
news:3019aqF2o3cipU1@uni-berlin.de...
>=20
> "John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
> "Mark Lloyd" <mlloyd@roachmail.comant> wrote
>>
>> Notice that the XP firewall is incoming-only, and provides much less
>> protection than a good firewall.
>>
>> Mark Lloyd
>>
> No, Mark. You're describing the old Internet Connection Firewall.
> The Windows Firewall in XP intercepts both incoming and outgoing =
traffic.
> ---JRC---
>=20
> No it doesn't and it doesn't to avoid law suits like what happened =
with=20
> Internet Explorer. Please do your research before you post false=20
> information.
>=20
> Thanks
>=20
> Alias
>=20

Alias:
Perhaps there's a fine distinction about intercepting which I missed.
But the Windows Firewall offers a level of protection many people
complained was absent in the Internet Connection Firewall.
The ICF was vulnerable to a Trojan Horse, which could establish
internet connections without drawing much attention to itself.

Just for you, I set up a small test to get something from the internet,
but purposely did not create the appropriate exception in the firewall.
When I ran my little test, which I called Alias,
here's a verbatim transcript of the resulting dialog box:

{
Windows Security Alert
To help protect your computer, Windows Firewall has blocked
some features of this program.
Do you want to keep blocking this program?
Name: Alias
Publisher: Unknown
- Keep blocking
- Unblock
- Ask Me Later
Windows Firewall has blocked this program from accepting connections
from the Internet or a network. If you recognize the program or trust =
the
publisher, you can unblock it.
}

You may rightly point out that the firewall claims to have blocked
the program from *accepting* connections, but it was my little Trojan
which ended up being blocked.
I think that's good, and the old firewall didn't do that.

Now, since I'm not about to write a mass-mailing worm,
I'll leave that up to somebody else to test against the firewall.
---JRC---

Z
Wed Nov 17 10:28:58 CST 2004

Alias wrote:
>>Notice that the XP firewall is incoming-only, and provides much less
>>protection than a good firewall.

> No, Mark. You're describing the old Internet Connection Firewall.
> The Windows Firewall in XP intercepts both incoming and outgoing traffic.

> No it doesn't and it doesn't to avoid law suits like what happened with
> Internet Explorer. Please do your research before you post false
> information.

The XP firewall inspects both ways.

JAD
Wed Nov 17 10:30:25 CST 2004

heheheh remain alias cause your making yourself look stupid. SP1 and
SP2 firewalls are dramatically different. Although I still would
rather have sygate or whatever instead.


"Alias" <alsoknown@maskedandanonymous.com> wrote in message
news:3019aqF2o3cipU1@uni-berlin.de...
>
> "John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
> "Mark Lloyd" <mlloyd@roachmail.comant> wrote
> >
> > Notice that the XP firewall is incoming-only, and provides much
less
> > protection than a good firewall.
> >
> > Mark Lloyd
> >
> No, Mark. You're describing the old Internet Connection Firewall.
> The Windows Firewall in XP intercepts both incoming and outgoing
traffic.
> ---JRC---
>
> No it doesn't and it doesn't to avoid law suits like what happened
with
> Internet Explorer. Please do your research before you post false
> information.
>
> Thanks
>
> Alias
>
>

Alias
Wed Nov 17 10:50:27 CST 2004


"Z" <z@no.spam> wrote in message news:10pmv16b7aplj82@corp.supernews.com...
: Alias wrote:
: >>Notice that the XP firewall is incoming-only, and provides much less
: >>protection than a good firewall.
:
: > No, Mark. You're describing the old Internet Connection Firewall.
: > The Windows Firewall in XP intercepts both incoming and outgoing
traffic.
:
: > No it doesn't and it doesn't to avoid law suits like what happened with
: > Internet Explorer. Please do your research before you post false
: > information.
:
: The XP firewall inspects both ways.

If you say so ... but, you're wrong. Search xp.general with Google and you
will find posts like these:


Hi

The XP SP2 doesn't monitor outgoing access to the internet. You will need
to install a 3rd party '2-way' Firewall such ZoneAlarm.

--

Will Denny
MVP - Windows Shell/User
Please reply to the News Groups
Greetings --

The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.

It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

SP2's Windows Firewall is intended to complement
3rd-party firewalls, so it won't hurt anything to leave it enabled
whilst using another software firewall, but it also won't do much
good, except as extra "insurance."


Bruce Chambers The inbuilt one does a perfectly good job of blocking probes
from the
outside. But it is not easy to configure where there may be exceptions
you need to make, and especially if these are relevant to just one
program. Nor does it do anything at all about nasties that get on your
machine trying to 'phone home'. So a separate product is better - and
generally the free version of Zone Alarm from www.zonelabs.com is quite
adequate


--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. Alexn@mvps.org The XP firewall compares quite well with
Zone Alarm and the others
insofar as blocking incoming traffic is concerned.

As others have explained, it has no ability to block outgoing traffic,
such as that generated by spyware and/or trojans, and so if that is
also a concern of yours then you would be better served by another
product.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVPSoooo, you were saying?Alias

Alias
Wed Nov 17 10:52:19 CST 2004


"JAD" <Kapasitor@coldmail.com> wrote

: heheheh remain alias cause your making yourself look stupid. SP1 and
: SP2 firewalls are dramatically different. Although I still would
: rather have sygate or whatever instead.

You're the ones making yourselves look stupid. From a cursory search of
news:microsoft.public.windowsxp.general:

Hi

The XP SP2 doesn't monitor outgoing access to the internet. You will need
to install a 3rd party '2-way' Firewall such ZoneAlarm.

--

Will Denny
MVP - Windows Shell/User
Please reply to the News Groups

Greetings --

The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.

It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

SP2's Windows Firewall is intended to complement
3rd-party firewalls, so it won't hurt anything to leave it enabled
whilst using another software firewall, but it also won't do much
good, except as extra "insurance."


Bruce Chambers The inbuilt one does a perfectly good job of blocking probes
from the
outside. But it is not easy to configure where there may be exceptions
you need to make, and especially if these are relevant to just one
program. Nor does it do anything at all about nasties that get on your
machine trying to 'phone home'. So a separate product is better - and
generally the free version of Zone Alarm from www.zonelabs.com is quite
adequate


--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. Alexn@mvps.org The XP firewall compares quite well with
Zone Alarm and the others
insofar as blocking incoming traffic is concerned.

As others have explained, it has no ability to block outgoing traffic,
such as that generated by spyware and/or trojans, and so if that is
also a concern of yours then you would be better served by another
product.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP Soooo, you were saying?Alias

:
:
: "Alias" <alsoknown@maskedandanonymous.com> wrote in message
: news:3019aqF2o3cipU1@uni-berlin.de...
: >
: > "John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
: > "Mark Lloyd" <mlloyd@roachmail.comant> wrote
: > >
: > > Notice that the XP firewall is incoming-only, and provides much
: less
: > > protection than a good firewall.
: > >
: > > Mark Lloyd
: > >
: > No, Mark. You're describing the old Internet Connection Firewall.
: > The Windows Firewall in XP intercepts both incoming and outgoing
: traffic.
: > ---JRC---
: >
: > No it doesn't and it doesn't to avoid law suits like what happened
: with
: > Internet Explorer. Please do your research before you post false
: > information.
: >
: > Thanks
: >
: > Alias
: >
: >
:
:

JAD
Wed Nov 17 11:03:09 CST 2004

anybody with the moniker 'MVP' I take what they say with a HUGE
granule of salt.
These guys argue amongst themselves about every thing, taking the
opposing side to create discussion.
When has Microsoft ever made anything with the intent on it being
complimentary to 3rd party anything??

And, like
> the original ICF, it will not monitor out-going traffic.

definition of 'monitor' I guess, is in question. Will it block
EVERYTHING outgoing? So we get to the specific scenarios which
supports either side. No thanks.

XP firewall is positioning itself for the future. Cause what it
doesn't block will be deemed permissible. For those that know me, know
where I'm going with this. Obvious as the nose on your face.




"Alias" <alsoknown@maskedandanonymous.com> wrote in message
news:301dqhF2rifokU1@uni-berlin.de...
>
> "Z" <z@no.spam> wrote in message
news:10pmv16b7aplj82@corp.supernews.com...
> : Alias wrote:
> : >>Notice that the XP firewall is incoming-only, and provides much
less
> : >>protection than a good firewall.
> :
> : > No, Mark. You're describing the old Internet Connection
Firewall.
> : > The Windows Firewall in XP intercepts both incoming and outgoing
> traffic.
> :
> : > No it doesn't and it doesn't to avoid law suits like what
happened with
> : > Internet Explorer. Please do your research before you post false
> : > information.
> :
> : The XP firewall inspects both ways.
>
> If you say so ... but, you're wrong. Search xp.general with Google
and you
> will find posts like these:
>
>
> Hi
>
> The XP SP2 doesn't monitor outgoing access to the internet. You
will need
> to install a 3rd party '2-way' Firewall such ZoneAlarm.
>
> --
>
> Will Denny
> MVP - Windows Shell/User
> Please reply to the News Groups
> Greetings --
>
> The "next generation" Windows Firewall included with SP2, while
> vastly superior to the original ICF in terms of visibility,
usability
> and configurability, is still rather lacking, as a solid security
> component. It still can't supplant 3rd-party solutions, nor is it
> intended to do so; rather, it's intended to complement them. And,
like
> the original ICF, it will not monitor out-going traffic.
>
> It's most important virtues, I think, are it's improved
> compatibility with internal LANs and its configurability via group
> policies. Now, there's a simple, cheap tool that system admins can
> use to protect the LAN workstations from that occasional - but not
> rare enough - fool who manages to bypass the perimeter firewall and
> manually install some malware that could then spread throughout the
> LAN via shared drives.
>
> WinXP's built-in firewall is _adequate_ at stopping incoming
> attacks, and hiding your ports from probes. What WinXP also
> does not do, is protect you from any Trojans or spyware that you (or
> someone else using your computer) might download and install
> inadvertently. It doesn't monitor out-going traffic at all, other
> than to check for IP-spoofing, much less block (or at even ask you
> about) the bad or the questionable out-going signals. It assumes
that
> any application you have on your hard drive is there because you
want
> it there, and therefore has your "permission" to access the
Internet.
> Further, because the ICF is a "stateful" firewall, it will also
assume
> that any incoming traffic that's a direct response to a Trojan's or
> spyware's out-going signal is also authorized.
>
> ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
> built-in firewall, and are much more easily configured, and there
are
> free versions of each readily available. Even the commercially
> available Symantec's Norton Personal Firewall is superior by far,
> although it does take a heavier toll of system performance then do
> ZoneAlarm or Sygate.
>
> SP2's Windows Firewall is intended to complement
> 3rd-party firewalls, so it won't hurt anything to leave it enabled
> whilst using another software firewall, but it also won't do much
> good, except as extra "insurance."
>
>
> Bruce Chambers The inbuilt one does a perfectly good job of blocking
probes
> from the
> outside. But it is not easy to configure where there may be
exceptions
> you need to make, and especially if these are relevant to just one
> program. Nor does it do anything at all about nasties that get on
your
> machine trying to 'phone home'. So a separate product is better -
and
> generally the free version of Zone Alarm from www.zonelabs.com is
quite
> adequate
>
>
> --
> Alex Nichol MS MVP (Windows Technologies)
> Bournemouth, U.K. Alexn@mvps.org The XP firewall compares quite
well with
> Zone Alarm and the others
> insofar as blocking incoming traffic is concerned.
>
> As others have explained, it has no ability to block outgoing
traffic,
> such as that generated by spyware and/or trojans, and so if that is
> also a concern of yours then you would be better served by another
> product.
>
> Good luck
>
>
> Ron Martell Duncan B.C. Canada
> --
> Microsoft MVPSoooo, you were saying?Alias
>
>

Alias
Wed Nov 17 11:06:35 CST 2004


"JAD" <Kapasitor@coldmail.com> wrote

: anybody with the moniker 'MVP' I take what they say with a HUGE
: granule of salt.
: These guys argue amongst themselves about every thing, taking the
: opposing side to create discussion.
: When has Microsoft ever made anything with the intent on it being
: complimentary to 3rd party anything??
:
: And, like
: > the original ICF, it will not monitor out-going traffic.
:
: definition of 'monitor' I guess, is in question. Will it block
: EVERYTHING outgoing? So we get to the specific scenarios which
: supports either side. No thanks.
:
: XP firewall is positioning itself for the future. Cause what it
: doesn't block will be deemed permissible. For those that know me, know
: where I'm going with this. Obvious as the nose on your face.

My, my and your qualifications are what, besides being a rude asshole?

Alias
:
:
:
:
: "Alias" <alsoknown@maskedandanonymous.com> wrote in message
: news:301dqhF2rifokU1@uni-berlin.de...
: >
: > "Z" <z@no.spam> wrote in message
: news:10pmv16b7aplj82@corp.supernews.com...
: > : Alias wrote:
: > : >>Notice that the XP firewall is incoming-only, and provides much
: less
: > : >>protection than a good firewall.
: > :
: > : > No, Mark. You're describing the old Internet Connection
: Firewall.
: > : > The Windows Firewall in XP intercepts both incoming and outgoing
: > traffic.
: > :
: > : > No it doesn't and it doesn't to avoid law suits like what
: happened with
: > : > Internet Explorer. Please do your research before you post false
: > : > information.
: > :
: > : The XP firewall inspects both ways.
: >
: > If you say so ... but, you're wrong. Search xp.general with Google
: and you
: > will find posts like these:
: >
: >
: > Hi
: >
: > The XP SP2 doesn't monitor outgoing access to the internet. You
: will need
: > to install a 3rd party '2-way' Firewall such ZoneAlarm.
: >
: > --
: >
: > Will Denny
: > MVP - Windows Shell/User
: > Please reply to the News Groups
: > Greetings --
: >
: > The "next generation" Windows Firewall included with SP2, while
: > vastly superior to the original ICF in terms of visibility,
: usability
: > and configurability, is still rather lacking, as a solid security
: > component. It still can't supplant 3rd-party solutions, nor is it
: > intended to do so; rather, it's intended to complement them. And,
: like
: > the original ICF, it will not monitor out-going traffic.
: >
: > It's most important virtues, I think, are it's improved
: > compatibility with internal LANs and its configurability via group
: > policies. Now, there's a simple, cheap tool that system admins can
: > use to protect the LAN workstations from that occasional - but not
: > rare enough - fool who manages to bypass the perimeter firewall and
: > manually install some malware that could then spread throughout the
: > LAN via shared drives.
: >
: > WinXP's built-in firewall is _adequate_ at stopping incoming
: > attacks, and hiding your ports from probes. What WinXP also
: > does not do, is protect you from any Trojans or spyware that you (or
: > someone else using your computer) might download and install
: > inadvertently. It doesn't monitor out-going traffic at all, other
: > than to check for IP-spoofing, much less block (or at even ask you
: > about) the bad or the questionable out-going signals. It assumes
: that
: > any application you have on your hard drive is there because you
: want
: > it there, and therefore has your "permission" to access the
: Internet.
: > Further, because the ICF is a "stateful" firewall, it will also
: assume
: > that any incoming traffic that's a direct response to a Trojan's or
: > spyware's out-going signal is also authorized.
: >
: > ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
: > built-in firewall, and are much more easily configured, and there
: are
: > free versions of each readily available. Even the commercially
: > available Symantec's Norton Personal Firewall is superior by far,
: > although it does take a heavier toll of system performance then do
: > ZoneAlarm or Sygate.
: >
: > SP2's Windows Firewall is intended to complement
: > 3rd-party firewalls, so it won't hurt anything to leave it enabled
: > whilst using another software firewall, but it also won't do much
: > good, except as extra "insurance."
: >
: >
: > Bruce Chambers The inbuilt one does a perfectly good job of blocking
: probes
: > from the
: > outside. But it is not easy to configure where there may be
: exceptions
: > you need to make, and especially if these are relevant to just one
: > program. Nor does it do anything at all about nasties that get on
: your
: > machine trying to 'phone home'. So a separate product is better -
: and
: > generally the free version of Zone Alarm from www.zonelabs.com is
: quite
: > adequate
: >
: >
: > --
: > Alex Nichol MS MVP (Windows Technologies)
: > Bournemouth, U.K. Alexn@mvps.org The XP firewall compares quite
: well with
: > Zone Alarm and the others
: > insofar as blocking incoming traffic is concerned.
: >
: > As others have explained, it has no ability to block outgoing
: traffic,
: > such as that generated by spyware and/or trojans, and so if that is
: > also a concern of yours then you would be better served by another
: > product.
: >
: > Good luck
: >
: >
: > Ron Martell Duncan B.C. Canada
: > --
: > Microsoft MVPSoooo, you were saying?Alias
: >
: >
:
:

Z
Wed Nov 17 11:10:05 CST 2004

Alias wrote:
> : The XP firewall inspects both ways.

> If you say so ... but, you're wrong. Search xp.general with Google and you
> will find posts like these:
> The XP SP2 doesn't monitor outgoing access to the internet. You will need
> to install a 3rd party '2-way' Firewall such ZoneAlarm.

Google for "flat earth" next.

Wow, I guess that proves the planet is really flat.


The current XP SP2 firewall most DEFINITELY inspects both ways. I'm
using it now. If I deny my term emulator s/w access, it won't get an
outside connection.

Alias
Wed Nov 17 11:12:46 CST 2004


"Z" <z@no.spam> wrote in message news:10pn1e93148bga1@corp.supernews.com...
: Alias wrote:
: > : The XP firewall inspects both ways.
:
: > If you say so ... but, you're wrong. Search xp.general with Google and
you
: > will find posts like these:
: > The XP SP2 doesn't monitor outgoing access to the internet. You will
need
: > to install a 3rd party '2-way' Firewall such ZoneAlarm.
:
: Google for "flat earth" next.

I googled
microsoft.public.windowsxp.general


:
: Wow, I guess that proves the planet is really flat.

Stupid analogy.
:
:
: The current XP SP2 firewall most DEFINITELY inspects both ways. I'm
: using it now. If I deny my term emulator s/w access, it won't get an
: outside connection.

Um, you're wrong, sorry. I have crossposted this message to the appropriate
newsgroup so that the XPers over there can help me straighten you guys out.

Alias

JAD
Wed Nov 17 11:16:09 CST 2004

My, my and your qualifications are what, besides being a rude
asshole?(see below)



AFA the XP firewall... I have seen it tell me about outgoing
connections...ALL of them? no cause sygate jumps up with it XP FW
running.......things like SVCHOST ring a bell? Your looking at the
very narrow, small picture of things.


<Please do your research before you post false
<information.

What intellectual level of rude assholyness are we at?


"Alias" <alsoknown@maskedandanonymous.com> wrote in message
news:301eooF2qrt7pU1@uni-berlin.de...
>
> "JAD" <Kapasitor@coldmail.com> wrote
>
> : anybody with the moniker 'MVP' I take what they say with a HUGE
> : granule of salt.
> : These guys argue amongst themselves about every thing, taking the
> : opposing side to create discussion.
> : When has Microsoft ever made anything with the intent on it being
> : complimentary to 3rd party anything??
> :
> : And, like
> : > the original ICF, it will not monitor out-going traffic.
> :
> : definition of 'monitor' I guess, is in question. Will it block
> : EVERYTHING outgoing? So we get to the specific scenarios which
> : supports either side. No thanks.
> :
> : XP firewall is positioning itself for the future. Cause what it
> : doesn't block will be deemed permissible. For those that know me,
know
> : where I'm going with this. Obvious as the nose on your face.
>
> >
> Alias
> :
> :
> :
> :
> : "Alias" <alsoknown@maskedandanonymous.com> wrote in message
> : news:301dqhF2rifokU1@uni-berlin.de...
> : >
> : > "Z" <z@no.spam> wrote in message
> : news:10pmv16b7aplj82@corp.supernews.com...
> : > : Alias wrote:
> : > : >>Notice that the XP firewall is incoming-only, and provides
much
> : less
> : > : >>protection than a good firewall.
> : > :
> : > : > No, Mark. You're describing the old Internet Connection
> : Firewall.
> : > : > The Windows Firewall in XP intercepts both incoming and
outgoing
> : > traffic.
> : > :
> : > : > No it doesn't and it doesn't to avoid law suits like what
> : happened with
> : > : > Internet Explorer. Please do your research before you post
false
> : > : > information.
> : > :
> : > : The XP firewall inspects both ways.
> : >
> : > If you say so ... but, you're wrong. Search xp.general with
Google
> : and you
> : > will find posts like these:
> : >
> : >
> : > Hi
> : >
> : > The XP SP2 doesn't monitor outgoing access to the internet. You
> : will need
> : > to install a 3rd party '2-way' Firewall such ZoneAlarm.
> : >
> : > --
> : >
> : > Will Denny
> : > MVP - Windows Shell/User
> : > Please reply to the News Groups
> : > Greetings --
> : >
> : > The "next generation" Windows Firewall included with SP2,
while
> : > vastly superior to the original ICF in terms of visibility,
> : usability
> : > and configurability, is still rather lacking, as a solid
security
> : > component. It still can't supplant 3rd-party solutions, nor is
it
> : > intended to do so; rather, it's intended to complement them.
And,
> : like
> : > the original ICF, it will not monitor out-going traffic.
> : >
> : > It's most important virtues, I think, are it's improved
> : > compatibility with internal LANs and its configurability via
group
> : > policies. Now, there's a simple, cheap tool that system admins
can
> : > use to protect the LAN workstations from that occasional - but
not
> : > rare enough - fool who manages to bypass the perimeter firewall
and
> : > manually install some malware that could then spread throughout
the
> : > LAN via shared drives.
> : >
> : > WinXP's built-in firewall is _adequate_ at stopping incoming
> : > attacks, and hiding your ports from probes. What WinXP also
> : > does not do, is protect you from any Trojans or spyware that you
(or
> : > someone else using your computer) might download and install
> : > inadvertently. It doesn't monitor out-going traffic at all,
other
> : > than to check for IP-spoofing, much less block (or at even ask
you
> : > about) the bad or the questionable out-going signals. It
assumes
> : that
> : > any application you have on your hard drive is there because you
> : want
> : > it there, and therefore has your "permission" to access the
> : Internet.
> : > Further, because the ICF is a "stateful" firewall, it will also
> : assume
> : > that any incoming traffic that's a direct response to a Trojan's
or
> : > spyware's out-going signal is also authorized.
> : >
> : > ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
> : > built-in firewall, and are much more easily configured, and
there
> : are
> : > free versions of each readily available. Even the commercially
> : > available Symantec's Norton Personal Firewall is superior by
far,
> : > although it does take a heavier toll of system performance then
do
> : > ZoneAlarm or Sygate.
> : >
> : > SP2's Windows Firewall is intended to complement
> : > 3rd-party firewalls, so it won't hurt anything to leave it
enabled
> : > whilst using another software firewall, but it also won't do
much
> : > good, except as extra "insurance."
> : >
> : >
> : > Bruce Chambers The inbuilt one does a perfectly good job of
blocking
> : probes
> : > from the
> : > outside. But it is not easy to configure where there may be
> : exceptions
> : > you need to make, and especially if these are relevant to just
one
> : > program. Nor does it do anything at all about nasties that get
on
> : your
> : > machine trying to 'phone home'. So a separate product is
better -
> : and
> : > generally the free version of Zone Alarm from www.zonelabs.com
is
> : quite
> : > adequate
> : >
> : >
> : > --
> : > Alex Nichol MS MVP (Windows Technologies)
> : > Bournemouth, U.K. Alexn@mvps.org The XP firewall compares quite
> : well with
> : > Zone Alarm and the others
> : > insofar as blocking incoming traffic is concerned.
> : >
> : > As others have explained, it has no ability to block outgoing
> : traffic,
> : > such as that generated by spyware and/or trojans, and so if that
is
> : > also a concern of yours then you would be better served by
another
> : > product.
> : >
> : > Good luck
> : >
> : >
> : > Ron Martell Duncan B.C. Canada
> : > --
> : > Microsoft MVPSoooo, you were saying?Alias
> : >
> : >
> :
> :
>
>

JAD
Wed Nov 17 11:31:44 CST 2004

lol the XPer's. Here we go with the specifics............

"Alias" <alsoknown@maskedandanonymous.com> wrote in message
news:301f4qF2p3e20U1@uni-berlin.de...
>
> "Z" <z@no.spam> wrote in message
news:10pn1e93148bga1@corp.supernews.com...
> : Alias wrote:
> : > : The XP firewall inspects both ways.
> :
> : > If you say so ... but, you're wrong. Search xp.general with
Google and
> you
> : > will find posts like these:
> : > The XP SP2 doesn't monitor outgoing access to the internet. You
will
> need
> : > to install a 3rd party '2-way' Firewall such ZoneAlarm.
> :
> : Google for "flat earth" next.
>
> I googled
> microsoft.public.windowsxp.general
>
>
> :
> : Wow, I guess that proves the planet is really flat.
>
> Stupid analogy.
> :
> :
> : The current XP SP2 firewall most DEFINITELY inspects both ways.
I'm
> : using it now. If I deny my term emulator s/w access, it won't get
an
> : outside connection.
>
> Um, you're wrong, sorry. I have crossposted this message to the
appropriate
> newsgroup so that the XPers over there can help me straighten you
guys out.
>
> Alias
>
>

Mark
Wed Nov 17 12:05:39 CST 2004

On Wed, 17 Nov 2004 15:19:55 GMT, "John R. Copeland"
<jcopelan@columbus.rr.aol.com> wrote:

>"Mark Lloyd" <mlloyd@roachmail.comant> wrote in message news:rpgkp0p5lc4bo1fvpjs9kedmb5acbm47qo@4ax.com...
>>
>> Notice that the XP firewall is incoming-only, and provides much less
>> protection than a good firewall.
>>
>> Mark Lloyd
>>
>No, Mark. You're describing the old Internet Connection Firewall.
>The Windows Firewall in XP intercepts both incoming and outgoing traffic.
>---JRC---

I checked a system with SP2 applied a couple of weeks before.

Would you have a specific procedure for demonstrating the presence of
an outgoing firewall? If possible, I'd probably test that.

--
38 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

Mark
Wed Nov 17 12:06:53 CST 2004

On Wed, 17 Nov 2004 16:33:49 +0100, "Alias"
<alsoknown@maskedandanonymous.com> wrote:

>
>"John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
>"Mark Lloyd" <mlloyd@roachmail.comant> wrote
>>
>> Notice that the XP firewall is incoming-only, and provides much less
>> protection than a good firewall.
>>
>> Mark Lloyd
>>
>No, Mark. You're describing the old Internet Connection Firewall.
>The Windows Firewall in XP intercepts both incoming and outgoing traffic.
>---JRC---
>
>No it doesn't and it doesn't to avoid law suits like what happened with
>Internet Explorer. Please do your research before you post false
>information.
>

And you could post your source for THAT information.

>Thanks
>
>Alias
>

--
38 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

Mark
Wed Nov 17 12:10:56 CST 2004

On Wed, 17 Nov 2004 16:11:24 GMT, "John R. Copeland"
<jcopelan@columbus.rr.aol.com> wrote:

>"Alias" <alsoknown@maskedandanonymous.com> wrote in message news:3019aqF2o3cipU1@uni-berlin.de...
>>
>> "John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
>> "Mark Lloyd" <mlloyd@roachmail.comant> wrote
>>>
>>> Notice that the XP firewall is incoming-only, and provides much less
>>> protection than a good firewall.
>>>
>>> Mark Lloyd
>>>
>> No, Mark. You're describing the old Internet Connection Firewall.
>> The Windows Firewall in XP intercepts both incoming and outgoing traffic.
>> ---JRC---
>>
>> No it doesn't and it doesn't to avoid law suits like what happened with
>> Internet Explorer. Please do your research before you post false
>> information.
>>
>> Thanks
>>
>> Alias
>>
>
>Alias:
>Perhaps there's a fine distinction about intercepting which I missed.
>But the Windows Firewall offers a level of protection many people
>complained was absent in the Internet Connection Firewall.
>The ICF was vulnerable to a Trojan Horse, which could establish
>internet connections without drawing much attention to itself.
>
>Just for you, I set up a small test to get something from the internet,
>but purposely did not create the appropriate exception in the firewall.
>When I ran my little test, which I called Alias,
>here's a verbatim transcript of the resulting dialog box:
>
>{
>Windows Security Alert
>To help protect your computer, Windows Firewall has blocked
>some features of this program.
>Do you want to keep blocking this program?
> Name: Alias
> Publisher: Unknown
> - Keep blocking
> - Unblock
> - Ask Me Later
>Windows Firewall has blocked this program from accepting connections
>from the Internet or a network.

That sure sounds like an incoming connection (that description does
not apply to outgoing connections).

> If you recognize the program or trust the
>publisher, you can unblock it.
>}
>
>You may rightly point out that the firewall claims to have blocked
>the program from *accepting* connections, but it was my little Trojan
>which ended up being blocked.
>I think that's good, and the old firewall didn't do that.
>
>Now, since I'm not about to write a mass-mailing worm,
>I'll leave that up to somebody else to test against the firewall.
>---JRC---

Try to determine if that XP firewall is actually blocking Windows
Explorer from the internet. Looks like it doesn't.

--
38 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

Alias
Wed Nov 17 12:29:13 CST 2004


"Mark Lloyd" <mlloyd@roachmail.comant> wrote

:
: Try to determine if that XP firewall is actually blocking Windows
: Explorer from the internet. Looks like it doesn't.

:
: Mark Lloyd

It isn't.

Alias

Alias
Wed Nov 17 12:30:39 CST 2004


"Mark Lloyd" <mlloyd@roachmail.comant> wrote
: On Wed, 17 Nov 2004 16:33:49 +0100, "Alias"
: <alsoknown@maskedandanonymous.com> wrote:
:
: >
: >"John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
: >"Mark Lloyd" <mlloyd@roachmail.comant> wrote
: >>
: >> Notice that the XP firewall is incoming-only, and provides much less
: >> protection than a good firewall.
: >>
: >> Mark Lloyd
: >>
: >No, Mark. You're describing the old Internet Connection Firewall.
: >The Windows Firewall in XP intercepts both incoming and outgoing traffic.
: >---JRC---
: >
: >No it doesn't and it doesn't to avoid law suits like what happened with
: >Internet Explorer. Please do your research before you post false
: >information.
: >
:
: And you could post your source for THAT information.

I did already. But, hey, it's your computer and you can run it with XP's
lame excuse for a firewall, no firewall or a decent free one like Kerio, ZA
or Sygate.

Alias

Noel
Wed Nov 17 14:50:54 CST 2004

NO - it doesn't
the WF ONLY blocks incoming packets!
to quote MS.....
"Windows XP Service Pack 2 (SP2), currently in Beta testing, includes
significant enhancements to the Windows Firewall, previously known as the
Internet Connection Firewall (ICF). Windows Firewall is a stateful
host-based firewall that drops all unsolicited incoming traffic that does
not correspond to either traffic sent in response to a request of the
computer (solicited traffic) or unsolicited traffic that has been specified
as allowed (excepted traffic). This behavior of Windows Firewall provides a
level of protection from malicious users and programs that use unsolicited
incoming traffic to attack computers. With the exception of some Internet
Control Message Protocol (ICMP) messages, Windows Firewall does not drop
outgoing traffic."
It does NOT intercept outgoing packets.


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Z" <z@no.spam> wrote in message news:10pmv16b7aplj82@corp.supernews.com...
> Alias wrote:
>>>Notice that the XP firewall is incoming-only, and provides much less
>>>protection than a good firewall.
>
>> No, Mark. You're describing the old Internet Connection Firewall.
>> The Windows Firewall in XP intercepts both incoming and outgoing traffic.
>
>> No it doesn't and it doesn't to avoid law suits like what happened with
>> Internet Explorer. Please do your research before you post false
>> information.
>
> The XP firewall inspects both ways.

Mark
Wed Nov 17 15:33:39 CST 2004

On Wed, 17 Nov 2004 19:30:39 +0100, "Alias"
<alsoknown@maskedandanonymous.com> wrote:

>
>"Mark Lloyd" <mlloyd@roachmail.comant> wrote
>: On Wed, 17 Nov 2004 16:33:49 +0100, "Alias"
>: <alsoknown@maskedandanonymous.com> wrote:
>:
>: >
>: >"John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
>: >"Mark Lloyd" <mlloyd@roachmail.comant> wrote
>: >>
>: >> Notice that the XP firewall is incoming-only, and provides much less
>: >> protection than a good firewall.
>: >>
>: >> Mark Lloyd
>: >>
>: >No, Mark. You're describing the old Internet Connection Firewall.
>: >The Windows Firewall in XP intercepts both incoming and outgoing traffic.
>: >---JRC---
>: >
>: >No it doesn't and it doesn't to avoid law suits like what happened with
>: >Internet Explorer. Please do your research before you post false
>: >information.
>: >
>:
>: And you could post your source for THAT information.
>
>I did already. But, hey, it's your computer and you can run it with XP's
>lame excuse for a firewall, no firewall or a decent free one like Kerio, ZA
>or Sygate.
>

It looks like there I made the mistake of replying before reading the
entire thread. What I said about the XP firewall definately applies to
SP2.

I'm using Kerio now (except for an older computer that's too slow for
it and rund the older Tiny Personal Firewall). I would never use XP,
except on an extra test computer,

>Alias
>

--
38 days until the winter solstice celebration

Mark Lloyd
http://notstupid.laughingsquid.com

Alias
Wed Nov 17 18:33:30 CST 2004


"Mark Lloyd" <mlloyd@roachmail.comant> wrote
: On Wed, 17 Nov 2004 19:30:39 +0100, "Alias"
: <alsoknown@maskedandanonymous.com> wrote:
:
: >
: >"Mark Lloyd" <mlloyd@roachmail.comant> wrote
: >: On Wed, 17 Nov 2004 16:33:49 +0100, "Alias"
: >: <alsoknown@maskedandanonymous.com> wrote:
: >:
: >: >
: >: >"John R. Copeland" <jcopelan@columbus.rr.aol.com> wrote
: >: >"Mark Lloyd" <mlloyd@roachmail.comant> wrote
: >: >>
: >: >> Notice that the XP firewall is incoming-only, and provides much less
: >: >> protection than a good firewall.
: >: >>
: >: >> Mark Lloyd
: >: >>
: >: >No, Mark. You're describing the old Internet Connection Firewall.
: >: >The Windows Firewall in XP intercepts both incoming and outgoing
traffic.
: >: >---JRC---
: >: >
: >: >No it doesn't and it doesn't to avoid law suits like what happened
with
: >: >Internet Explorer. Please do your research before you post false
: >: >information.
: >: >
: >:
: >: And you could post your source for THAT information.
: >
: >I did already. But, hey, it's your computer and you can run it with XP's
: >lame excuse for a firewall, no firewall or a decent free one like Kerio,
ZA
: >or Sygate.
: >
:
: It looks like there I made the mistake of replying before reading the
: entire thread. What I said about the XP firewall definately applies to
: SP2.
:
: I'm using Kerio now (except for an older computer that's too slow for
: it and rund the older Tiny Personal Firewall). I would never use XP,
: except on an extra test computer,
:
: >Alias
: >
:
: --
: 38 days until the winter solstice celebration
:
: Mark Lloyd

I would use it after a fresh install of XP and SP 2 to get updates and then
install my firewall/av of choice. I'm also behind a NAT router just in case
:-) Fucking assholes that write scumware make me sick.