[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <411E4CED.9598.E78C9A@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Give XP SP2 a chance
Goencz, Otto wrote:
[restructured to cure top-postingitis]
> >>I installed XP service pack 2, sure the firewall was there did it bitch
> sure
> it did but I left it up. Told it to allow the applications that use the net
> to work.<<
>
> > Does the XP firewall do application level outbound blocking? I thought it
> > just blocked incoming connections?
>
> Yes, it does bi-directional filtering...
Not really...
The new XP firewall asks to allow unknown applications to bind to a
port -- that is, to set up as listeners. That is only part of what
most folk consider "application level outbound blocking". For
instance, a bot that simply connects outbound to an IRC server will not
raise a warning, but if it tries to bind a port to setup a direct
access backdoor or run a simple TFTP or HTTP server (perhaps to provide
copies of itself to other machines it has scanned and compromised with
a call-back payload), the firewall will alert.
MS had to walk a fine line there between providing a more useful PFW
and being dragged into court for anti-competitive practices if it
provided a "full function" PFW that would clearly be detrimental to an
independent group of software developers.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists