lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 22 Sep 2009 11:57:08 -0700
From: Kos <kpo.mail.list@...il.com>
To: Steven Anders <anderstev@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Dumb question: Is Windows box behind a router
	safe ?

Ancompuger behind a router/firewall does not make it safe.  
Vulnerabilities and exploits are not limited to a network level, which  
is generally what a firewall is used for. Vulnerabilities sent via any  
protocol used (http, imap, pop, other protocols that may be in use)  
are not suddenly secure.

An example, there are PDFs that will trigger adobe to run, whcih can  
be exploited easily.
Someone can send your father an email with a malicious attatchment,  
and a firewall isn't going to preven him from clicking and running it.  
Anti-virus is a good start, but will only go so far.
There are phishing sites too.
The ways to get owned are countless, regardless of a firewall or not.

You should keep the system maintained and up to date (run system  
updates and applications undated regularly).

So no, a firewall will not prevent a computer from being compromised.

Other opinions?

Kos

On Sep 22, 2009, at 11:29 AM, Steven Anders <anderstev@...il.com> wrote:

> I received great responses and am very grateful to the help from  
> community of this list. Thank you.
>
>
> I have a dumb question: Is a Windows box behind a router safe ?
>
> It is my father's PC and the Windows OS was not updated regularly.  
> The Windows box was connected through wire (RJ45) to the router. The  
> router is then connected to the DSL modem.
> The Windows Box has SP2 installed and the default Windows firewall  
> enabled - and I think was last updated from Windows Update on in  
> 2008. It has AVG anti virus.
> The PC was never moved anywhere and is always behind the router. The  
> router has default settings, which I believe has no ports open.
>
> He never installed any applications or downloads anything off the  
> net - mainly it is used for emails and general web browsing (using  
> Firefox, not IE). I informed him to use Firefox, since IE has so  
> many security issues.
>
>
> My questions are:
>
> 1.  There are many exploits and vulnerabilities of Windows, but I  
> was wondering if outdated Windows box behind router generally  
> safe ?  Since, the Windows box was not updated with the latest  
> updates.
>
> I have always thought that having a computer behind the router  
> (since router has firewall) is generally safe, but I would love to  
> hear insights or thoughts.
>
>
> 2. If a Windows box is behind a router, could a botnet be installed  
> to it ? Assuming, the end user does not install/download any  
> applications from the Internet and always use Firefox.
>
>
> Thank you all in advance.
> steve
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ