Slashdot Mirror

We did not call the police, instead we found out the format it was sending information in and what it was reporting. So we took the program and installed it on disconnected machine to play with it. It scanned a hard drive for Jpeg, PDF and PSD files and than sent them in a zipped file to the address every night at 3 am. So we had a meeting to decide on what we should send them. We decided to send someone they did not know to photograph inside their gallery when they were not looking. After we had most of their new installation photoed and scanned, FYI this is before digital cameras were cheap.

After that we found out where they lived and took pictures of them leaving their houses in the morning for some who lived nearby, their licence plates and inside of their cars, where they worked some with pictures of them working and sent it to them a few days later. About a week after that we took pictures of someone taking pictures of us from across the street in a car we did not recognize and blew up the image to find the culprit who we told the competing gallery about which promptly took his whole installation including 2 computers synchronizing motion to music (just a program downloaded off the net) and left all of it in the back of the building in central Phoenix in broad daylight. Virtually nothing survived, lol. Some people were pissed we took photos of them and their art but I believe it it legal to do so in public. Correct me if I'm wrong.

If you want to block connections on each individual computer, I recommend the free Tiny Personal Firewall from Tiny Software. It allows you to block any connection, and view all open connections. It uses very little memory, and starts fast.

I'd go with this one, it's a little more than a firewall in that it can enforce rules on the filesystem as well (ex: foo.exe is only allowed to write to c:\text). It's highly configurable, and well worth a look.

I have to respond. The parent was correct. It's amazing seeing what people do to run windows, and what I've had to do in the past.

You say you seriously doubt anyone has done a fresh install of distro-of-choice and not spent time tweaking things to get the system fully usable. Then you go on to say you're hoping to build your first linux box.

I think you'll be pleasantly surprised, depending on what distro you choose. Someone below mentioned OpenBSD, and that's a good recommendation. I think you'll find that a fair amount of the unix-y environments start you off at a solid base, and allow you to build up. This is in contrast to whenever I have the (in my opinion, of course) displeasure of dealing with a windows install, where I have to tear down and build up.

No, not all distro's are the same. Sometimes they have annoying services listening on all interfaces, like cups or lprd. That's one of the reasons why OpenBSD is nice. It starts you off with a good base from which to build up. I have recently switched to the excellent ubuntu distrobution from debian sarge. I am pleasantly surprised by the fact that very few services are listening by default, so there's really not all that much to do to "secure" the box (at least from a basic point of view). In fact, when I installed ubuntu over debian, I kept my old home directory, so there was no tweaking to get my desktop how I want it. I guess you could do the same with windows, but it's a pain to mess around with the registry to point to a different location/drive for user's home folders. All I have to do is mount the old volume as /home and it works fine.

Not only that, but the installation of new software is tremendously easier for the unix-y domain, at least debian, where apt-get is very good at solving your problems. No cds to look for, no keys to look for, makes it all very easy. So I think you're making a kind of incorrect blanket statement based on your experience with windows (it seems).

That said, I prefer the old tiny personal firewall, but only the old version (2 or 3?) as the new one doesn't have as nice an interface. It seems to barf a fair amount when installed on XP, so I'm actually shying away from that these days. You didn't say which version of windows you're using. I've been using the virus scanner from etrust, free to valid microsoft users: ezarmor. It seems to work okay, and it's free. It also includes a firewall of sorts, but I don't recall being very impressed, so I installed tpf again. AV gets rather expensive, rather quickly. I purchased the symantec AV/Firewall suite for something like $50. As always, there's a linux NAT box protecting it all, allowing easy port forwarding. I've also used the linksys wrt54g and it seems to work okay. It's available pretty cheaply now, and allowed me to reduce the number of crud that clutters up the gf's apartment.

Anyway, I wish you luck with your new linux box, and I think (once you get used to it) you'll find it pleasantly surprising.

I use Tiny persoanl firewall.

It's great because it detects any program that tries to connect to the internet from your PC, and pops up a window asking you if you want to allow the program to connect, or to block it, and if you want to set up a rule for future attempts. It also detects connection attempts from the outside, and asks you about those too. Best windows security tool I've seen.

I take an easier approach. I have a software firewall running on my system that can filter by application and/or port number(s) an application is allowed to "talk" to. I only allow Outlook to talk to ports 25 and 110 on my incoming and outgoing mail servers, and that's it. In addition, the "preview pane" is disabled and I run SpamBayes to filter mail. The firewall I use is called the Tiny Personal Firewall. No affiliation to the company other than a very satisfied user.

Anyone serious about securing a home windows box should look in to tiny's personal firewall

It has a high learning curve for initial setup, but it can drasticly reduce the attack vector given to malicious scripts and programs as it's not just a firewall, but also a very elaborate application sandboxing system.

Another solution is to get quickfix which applies blanket fixes to many unpatched IE and Windows vulnerabilities.

Remember, security is YOUR responsibility. If you run Windows, YOU need to take your own steps to ensure the security of your system.

Tiny Personal Firewallhas the ability to restrict applications (even local actions). What they claim seems pretty impressive though I've never actually used the program.

With just XP itself you can actually right click on an executable, select "Run as...", select "Current user" and check "Protect my computer and data from unauthorised program activity" but I'm not sure how much protection is offered there and many programs to fail.

I recommend the Tiny Personal Firewall. Gives you much better control than Norton.

Yes, Tiny Personal Firewall.

I use Tiny Personal Firewall> personally. Also 2.0 If you can still find it, is free to use and works great for me.

I use Tiny Personal Firewall 2.0 to stop this sort of crap under Windows. It'll block any application from 'reporting' back home via the internet. It's a pro at keeping apps like Real Player or guys like this from tattling. It's not open source, but the 2.0 version was freeware. I'm not sure about the 4.0 version.

I strongly suspect that this won't even be an issue for most Linux users.

TPF is great packet sniffing software. It allows you to determine which apps are allowed to receive incoming TCP connections, or make outgoing TCP connections, or receive incoming UDP connections... and which ones aren't. It also allows you to stop Net BIOS name resolution as well as other neat stuff. It gives you much more control then Zone Alarm does. Really a great piece of software.

TPF used to be freeware. You can pick up the shareware version here. You can still find the old freeware version (which I use) here.

For the record, I use both Zone Alarm and Tiny Personal Firewall.

It's still available off their website.

the college is willing to pay the bill to give students a better OS

Ok dopey.. for you, and the rest of the world that doesn't quite get it yet, the word FREE in FREEBSD does actually mean that you don't actually have to pay for it.

The same goes for Linux.

Out of interest.. I don't see how a school can force people not to use a particular OS. I'd really like to hear the real reasons. Specifically, I'd like to see their plan on making XP more secure than NT or Win2K or 98, and no "SP1" (otherwise known as the 'let Microsoft rape/invade your computer for free' patch) is not an answer. Are they suggesting firewalls be set up? No? What a monolithic idea! Let's change the OS instead!

Firewall your PC

As pointed out elsewhere, spammers can get information about whether or not you've viewed one of their messages when you view the HTML if it asks for any external data such as images.

I use Tiny Personal Firewall to prevent progams from accessing the network in ways that I don't want them too. For example, I have told it that Outlook Express should only be allowed to talk to my servers, and even then, only on ports 25 and 145 (send mail and IMAP). This stops all images from being downloaded or other html calls from going off of my machine and letting spammers know that I've viewed their mail.

The nice part of this is that if I decide that I want to view images in an html mail message (nytimes news stories for example), I just right click on the tiny personal firewall icon and disable the firewall, and then just enable it after.

You also neglect this technical problem in XP: "If you say no to some of the requests, some functions of Windows XP will not work (such as networking)." If you deny internet access to many components, XP will cease to function properly. Did you notice the long list he had of components that needed 'net access? Windows Media Player!?! That's a technical flaw that's borderline malicious.

Untrue. I agree that a stupidly huge number of apps and processes attempt to access the 'net, but it isn't true that XP will cease to function properly if you deny that access. My wife's external firewall is configured to automatically deny access to everything except to a small handful of specific apps/ports/addresses, and XP runs just fine. Yes, including Media Player.

There is also no technical solution things like "Run DLL as an app" not telling you which DLL needs to be run. These programs should not be calling home unless they need to in order to function properly for the user's benefit. They way they work now is simply frivolous.

I do agree with you here in principle, although it isn't technically impossible to determine what DLL is making the call, just difficult. Many of the tools from SysInternals will show you all the nitty-gritty details of what DLLs are in use by each process, for example. Interestingly, Tiny Software's Personal Firewall is still able to block multiple apps using RUNDLL or the generic "service" process by maintaining hashes as identifiers. Unfortunately it's still up to the user to track down what specifically is trying to make the connection, though.

Also it should be noted that XP really doesn't "call home" as you said. At least, not in the sense that you wish to imply. If you pay attention to where the calls go, they do perform some useful task in almost all cases. (The value of these tasks is a completely separate question.) The real problem is that the user isn't given any choice in the matter, or even told that it's happening. But none of the connections I've seen or that I'm aware of were ever specifically a "call home" facility. Yes they might be tracked that way, but they aren't raw "call home" connections as you imply.

Hey, it's Microsoft *and* the Internet - you can't be too paranoid! You're correct in the assumption that I'm using a personal firewall app (Tiny Personal Firewall v2 infact), but I also have a hardware perimeter firewall to verify things with and it's all hunky dory.

As an aside, I'm still using v2 of Tiny PF, because I thought v3 was horrendously complex to get running smoothly. Has anyone out there persevered and come to the conclusion it's worth the effort, because on paper it seems like quite a good system?

What seems very suss is that the XP built in firewall doesn't monitor outgoing connections (which is one of the things which makes it crap). Presumably if you install something like the Tiny Software Personal Firewall it would tell you about the outgoing connections from XP.

There is a nice program out there for Windows users called Tiny Personal Firewall. This wonderful little program is not just a firewall ... it has this WONDERFUL new addition: It tracks and protects your Windows (TM) from nasty software running.

It has default restrictions available and it sets itself up for standard windows programs like Office, IE, etc.

The cool part: When you install a new program TPF3 not only asks you if you want the program to execute, it also asks you what level of execution to grant. For example: Internet explorer (by default) can ONLY download into the c:\download directory.

So... if I'm on a box with XP I install TPF3 and nothing gets by it. Is your Media player trying to contact the Internet? block it! Is your media player trying to install something? Block it! Easy as that. Give it a go.

"install ZoneAlarm [zonealarm.com], and make sure not to give net access to any MS apps "

Tiny Personal Firewall is vastly superior and completely free for personal use. I combined it with TCPTunnel for Win32 (for port forwarding). The two products work fine together and can easily protect a whole lan if ICS is used under XP or 2000.

The source is available for the port forwarder. The firewall is ICSA certified.

graspee

I like Tiny Personal Firewall a lot better than zone alarm or blackice. :) It's free (for personal use), and gives you fine grained control over the network connections your applications make. You can restrict them to certain ip's and / or port combinations, including incoming / outgoing traffic. They also have a program called Tiny Trojan Trap, which is a sandbox'ing type program, I haven't checked it out, but it sounds neat.

my .02 cents.

Check out Tiny Trojan Trap. It seems to be exactly what you're looking for.

You're kidding me, right? They just figured this out?!? I don't want to sound like a prick, but I removed this right away (along with clicktilluwin) back in the day when I used to actually run KazAA. Key is to MAKE SURE YOU ARE RUNNING A SOFTWARE FIREWALL. I recommend Tiny Personal Firewall. Cause it's free, small, fast, runs as a service, and highly configurable, and it's just plain ol' Windows forms, not that ooey-gooey-let's-dress-this-up-with-pretty-picture s type of software firewall. Only problem is that it can't compute the MD5 for network programs that you are running off a samba share, but that is not a big problem. Anyway, during the Kazaa install, it's amazing to see how many programs actually try to access the net. You basically have to sandbox the installer, it's pathetic. ClickTillUWin used to launch from a RAR SFX package hidden well within your %temp% directory, and there was always the BDE program in question, to which I never agreed to install. But it's there anyway, and you need to remove it. If I remember correctly, it installs something else after you uninstall it, or that may be clicktilluwin, so don't quote me on that. But those propagating "un"-installers are downright sneaky.

You might have tried something like this already, but if not download or buy a package that monitors programs that try to access anything through TCP/IP and warns you when a program is trying to do something you haven't authorized over the network. Tiny Personal Firewall has worked out pretty well for me and is free for home use. It works in most cases, unless the application has a legit reason to use a particular port and also uses it for something you wouldn't expect. Adobe Photo Deluxe doesn't sound like it'd fit into that category, however...

Tiny Personal Firewall ICSA Certified

summary

Free for personal use, originally built for the navy. Tiny footprint. yum.

1.4megs, Win 9x, ME, 2000 , NT & XP

I've been running some form of Windows for a little over 5 years with nary a virus. Instead of going with a system-resource-hogging-anti-virus program, I'd stick with a good firewall (free) and a bit of saviness (not opening strange attachements, etc...).

Note: I have a LinkSys, and I don't know about the other 2 mentioned, and I'm not going to pretend I Do.

>It might have a web page on port 80, or something else open that identifies it as being a router.

My Linksys has a tiny little webserver in it for configuration, but it's only accessable from an Internal Networking address and not from the outside World.

>Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?

If I think I understand you right, it will already know what to do with initiated TCP connections, and you can do a bit of Port Mapping from the little configuration web page if you are running some form of a server. I Personally use the DMZ feature which says Send everything to a certian computer less there is some port mapping thing already, and then I have this computer Firewalled for what I don't want to get to it (Cable Company portscans).

>It's certainly more secure (and less problematic, from what I understand) than ZoneAlarm or BlackIce. How is the ISP going to know the difference?

(Shameless Propping) There are alot of things more Secure then ZoneAlarm and BlackIce :) Tiny Firewall for one, Best free windows Firewall out there, and it's rather small too (Like the name Implies).

I run proxomitron at work, I noticed that i kept hitting google when I was working on a company website. Later I noticed Google was already indexing my website. Like most users I trusted google wouldnt bounce my URLs off google, but they did.

Also, I started using Tiny firewall and started to block alot of software. Couple things I noticed, alot of m$ software trys to talk to the net. Office, Explorer, Windows Networking (not plain tcp/ip), m$ hardware drivers for mouse and keyboard, media player.

Also using a firewall stopped alot of freeware programs that grabs ad's worked great, they just couldnt get the banner ads or talk to the net.

We also use firewall software on our Sun production boxes we use EFS, encyrpted firewall software. It has a nice ACL list you can really lock down traffic. Only open port 80 for web traffic, and only to the load balancers, only allow SSH on the control network. Sometimes while your putting in a new network, the firewall ruleset is very basic, locking down the boxes help add a some security, and everything is logged to a logging server.

-
I was so naive as a kid I used to sneak behind the barn and do nothing. - Johnny Carson

Oh, *please*. Executive Software make the disk defragmenter. That's it - not a major part of Win2K at all. Just because ES is full of Scientologists doesn't mean that the software works for them as well.

Diskeeper was licensed because it is *the* most popular disk defragmenter for NT - Microsoft licensed it in much the same way as they licensed VSGrid for VB5 to replace grid.ocx. If it did anything nasty, it would have beeh everywhere by now. Besides, their version is much modified and stripped-down.

And besides, I use TPF as a firewall - a very high grade package, BTW, even detects its own automatic updater - and I haven't seen Diskeeper trying to call out. Anyway, NTFS means you don't have to defrag for a long time. All scaremongering, it seems.


Note: I hate Hubbard's "religious" multi-billion dollar scam, but am ambivalent on all conspiracy theories.

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

According to Steve Gibson, Black Ice is fairly ineffective (Scroll down to "Personal Firewalls and IRC Zombie/Bot Intrusions
") against actually protecting the system. Now I personally don't want to have Black Ice built into my operating system. I'd like the ability to use Zone Alarm at the very least. I prefer to use Tiny Personal Firewall, because it allows me to allow/deny connections on different protocols and ports as well as do MD5 checksums of programs.

Who knows, MS might make Black Ice in WinXP decent, but I at least what the freedom to choose my own security setup.

In addition, you might be interested to know that BlackICE completely blocks all network traffic when lanning, and is very troublesome, while Tiny is not. BlackICE, in my experience, also does not actually uninstall properly and continues to run after you have theoretically removed it. This struck me as very strange, and could be a random incident. However, I have had my computer frozen solid with BlackICE running, on Windows 2000, and my opinion of it, like that of Steve Gibson is somewhat low. And yeah, some of you might laugh at Steve Gibson, but I'm not just going by what he says, bear that in mind.

To be honest, when I read that BlackICE was used widely inside Microsoft, I laughed my arse off.

Actually ZoneAlarm is an ok piece of software however Tiny Software's Tiny Personal Firewall is a much much better piece of software. The firewall in addition to allowing applications access to the net allow you to setup specific permit and deny rules based on localport, remote port, local address, remote address, application, protocol, and much more. I look at it as a much improved version consisting of a hypothetical merge of ZoneAlarm with Conseal PC firewall and like products. In addition Tiny Software's product is in use by the US Airforce on 500,000 desktop machines. Oh ya it's also free for personal use.

FEATURES AT A GLANCE

Multi-layer security protection (NDIS & TDI) Since the DSE resides on each computer in the network, it communicates directly with the operating system and negotiates what applications are even allowed to transmit and/or receive data.

MD5 Signature Support As the DSE mandates what applications can bind for communication, it can also check for an MD5 digital signature for permitted applications. This ensures that Trojan horse applications cannot gain access by using the name of a permitted application.

Stateful filtering based on SRC/DST IP address, port & application The DSE maintains a record of all sent packets and can therefore compare incoming packets to the record table to determine if they were requested. Additionally, the DSE can restrict applications to certain ports or destination IP addresses.

Remote access to logs and statistics The DSE contains a separate statistic view that displays all active sessions and includes the status, port, remote IP, application or service and the time associated with each session. Logs may be viewed from the statistics view or sent directly to a syslog server for analysis and reporting.

Suspicious activity monitoring and Intrusion detection The Tiny DSE contains a highly configurable reporting mechanism that can report specific intrusion attempts, or any other type of communication deemed suspicious, to a syslog server or to the CMDS server through an SSL connection.

Actually ZoneAlarm is an ok piece of software however Tiny Software's Tiny Personal Firewall is a much much better piece of software. The firewall in addition to allowing applications access to the net allow you to setup specific permit and deny rules based on localport, remote port, local address, remote address, application, protocol, and much more. I look at it as a much improved version consisting of a hypothetical merge of ZoneAlarm with Conseal PC firewall and like products. In addition Tiny Software's product is in use by the US Airforce on 500,000 desktop machines. Oh ya it's also free for personal use.

FEATURES AT A GLANCE

Multi-layer security protection (NDIS & TDI) Since the DSE resides on each computer in the network, it communicates directly with the operating system and negotiates what applications are even allowed to transmit and/or receive data.

MD5 Signature Support As the DSE mandates what applications can bind for communication, it can also check for an MD5 digital signature for permitted applications. This ensures that Trojan horse applications cannot gain access by using the name of a permitted application.

Stateful filtering based on SRC/DST IP address, port & application The DSE maintains a record of all sent packets and can therefore compare incoming packets to the record table to determine if they were requested. Additionally, the DSE can restrict applications to certain ports or destination IP addresses.

Remote access to logs and statistics The DSE contains a separate statistic view that displays all active sessions and includes the status, port, remote IP, application or service and the time associated with each session. Logs may be viewed from the statistics view or sent directly to a syslog server for analysis and reporting.

Suspicious activity monitoring and Intrusion detection The Tiny DSE contains a highly configurable reporting mechanism that can report specific intrusion attempts, or any other type of communication deemed suspicious, to a syslog server or to the CMDS server through an SSL connection.

Actually ZoneAlarm is an ok piece of software however Tiny Software's Tiny Personal Firewall is a much much better piece of software. The firewall in addition to allowing applications access to the net allow you to setup specific permit and deny rules based on localport, remote port, local address, remote address, application, protocol, and much more. I look at it as a much improved version consisting of a hypothetical merge of ZoneAlarm with Conseal PC firewall and like products. In addition Tiny Software's product is in use by the US Airforce on 500,000 desktop machines. Oh ya it's also free for personal use.

FEATURES AT A GLANCE

Multi-layer security protection (NDIS & TDI) Since the DSE resides on each computer in the network, it communicates directly with the operating system and negotiates what applications are even allowed to transmit and/or receive data.

MD5 Signature Support As the DSE mandates what applications can bind for communication, it can also check for an MD5 digital signature for permitted applications. This ensures that Trojan horse applications cannot gain access by using the name of a permitted application.

Stateful filtering based on SRC/DST IP address, port & application The DSE maintains a record of all sent packets and can therefore compare incoming packets to the record table to determine if they were requested. Additionally, the DSE can restrict applications to certain ports or destination IP addresses.

Remote access to logs and statistics The DSE contains a separate statistic view that displays all active sessions and includes the status, port, remote IP, application or service and the time associated with each session. Logs may be viewed from the statistics view or sent directly to a syslog server for analysis and reporting.

Suspicious activity monitoring and Intrusion detection The Tiny DSE contains a highly configurable reporting mechanism that can report specific intrusion attempts, or any other type of communication deemed suspicious, to a syslog server or to the CMDS server through an SSL connection.

Actually, Tiny Personal Firewall is also free for personal use and is much more customizable for a someone with half a clue. I've tried both and prefer Tiny by far on my Win2k box.

1) I think MS is going to more or less leave the service unchanged, they'd be foolish not to. Remember, home users aren't the only ones on Qwest DSL, there's plenty of bussiness class lines too. I'm guessing that when you subscribe to qwest.net residential service it will now come with a warm and fuzzy MSN welcome CD that will setup and configure it all for you and install all the silly MS features like MSN mesanger if you like, but nothing will change other than that. As is, they send you a CD with a customized version of netscape and so on, but you don't have to install it, I never did. The hardware is just a plain Cisco 678 DSL router,it doesn't care what's on your system.

2) If the MSN service sucks, we can just switch over. Qwest.net is not mandidated with a Qwest DSL line (that would break regulations), you are free to choose other ISPs and there are around 15 others in Tucson where I live. I'm with qwest.net because I feel they do the best job but The River or Dakotacom would be more than happy to take my bussiness if Qwest/MSN start doing a bad job.

3) Supposing the whole thing really goes to hell, we can always just switch off to another kind of broadband. Cox (or whomever your local cable provider is ) offers cable modems, Sprint offers wireless, and so on. Supposing the overall service gets real bad, it's real easy to jump ship.

Basically, I think this move is more centred around the technophobe/AOL type person. Qwest DSL never was very friendly, and MSN will help that image. However, I seriously doubt they'll do anything silly to harm power users/bussinesses.

OH and for those of you that think Microsoft will spy on it's customers, get real. IF you're really worried go get a copy of Tiny Personal Firewall and it'll verify it.

A good Win32 firewall product is WinRoute Pro. It does all the communication and takes the OS out of the equation. Of course don't go with the default install but it can be made reasonably secure. I have installed it in a small installation in the past and considering they were going to use nothing, I felt better about using this. I'm glad I was just consulting at the time and didn't have to deal with it 24/7. Personally my own firewall uses IP chains.

At my current job, we use a commercial firewall product but use OpenBSD bridging firewalls internally to protect the internal network segments. You security better not be all in your firewall because all firewalls can be broken given enough time and skill. Lock down the routers, switches and for the love of God, lock the server room door(s). Remove every modem in the network and use a modem pool if there is some reason to have one at all. Put a firewall between the modem pool and the network and lock it pretty hard. Never underestimate the power of users (or sysadmins) to circumvent the security with postit notes, leaving critical systems logged on, leaving doors open to the public, etc.