| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Give XP SP2 a chance Goencz, Otto wrote: [restructured to cure top-postingitis] > >>I installed XP service pack 2, sure the firewall was there did it bitch > sure > it did but I left it up. Told it to allow the applications that use the net > to work.<< > > > Does the XP firewall do application level outbound blocking? I thought it > > just blocked incoming connections? > > Yes, it does bi-directional filtering... Not really... The new XP firewall asks to allow unknown applications to bind to a port -- that is, to set up as listeners. That is only part of what most folk consider "application level outbound blocking". For instance, a bot that simply connects outbound to an IRC server will not raise a warning, but if it tries to bind a port to setup a direct access backdoor or run a simple TFTP or HTTP server (perhaps to provide copies of itself to other machines it has scanned and compromised with a call-back payload), the firewall will alert. MS had to walk a fine line there between providing a more useful PFW and being dragged into court for anti-competitive practices if it provided a "full function" PFW that would clearly be detrimental to an independent group of software developers. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists