Hi again,... :) On Sun, 30 Jan 2005 15:57:10 +0200 Val Paliy <valeriypaliy at yandex.ru> wrote: [blinking tools] > You are absolutely right about the blinking tools; however, some of > these tools really do work - for example I was running WinXP Pro on a > Celeron 333 MHz machine and it was not as slow, as most higher > performance computers without them. Anyway - when you install a tool, The point is (getting back to the "learning curve"): On Windows XP, most if not everything of what those tools can give you you may also achieve simply by using the tools the OS gives you - shut down unnecessary services, remove unwanted software packages, adjust user and file permissions and so on. > experimenting to make sure no data is lost if anything goes wrong. You > could always experiment at home (do not forget to backup just the > same) and bring the software that works to your boss to have it > installed there :-) Surely this is worth a try; on the other side, in an enterprise IT environment you will need software which is way robust than the binaries you'd install and run on your home box. Running Windows XP in mid-sized installations as desktop OS can be terribly painful, so usually it breaks down to minimizing software and tools on the desktops, to get rid of everything that is not strictly necessary. [Firewalls] > ZoneAlarm is not the best choice, and again - it depends on where you > are using a fire wall. My suggestion would be - if you like a piece of > software and would like to try and even buy it afterwards, save your > time - go out on the Net (using a library or an internet-cafe) and > read other people's feedback on the product. Caution not to go to the > software producer's web site - Kristian is right - 50% of them are > simply trying to get your attention. Well said. :) There should be, anyhow, a more abstract look at this: In definition of terms, "firewalling" actually means not really software but a concept of minimizing risks in an IT environment. Firewalling includes things such as - identifying potential threats and vulnerable spots in your structure (single points of failure, mission-critical applications and so on); - identify services the structure needs to provide, as well as users and user groups that are allowed to use these services, - identify, where services might be abused, and what is necessary to prevent that abuse. This usually leads to a concept of things to protect (read: things to prevent) and things to allow. Usually, a firewall computer in the end is used to help implementing such concepts, together with other helpful things like intrusion detection systems, honeypots and so on. Things like ZoneAlarm, "desktop firewalls", are sort of different: Here, software tries to provide a protection against virtually everything that is "evil" while the same time allowing everything that is "good". Computers are not able to do that sort of distinction - if you get a single CONNECT on port 25, software can hardly tell whether it is a worm trying to infect your system, a user or software probing your host for open ports or simply some user trying to send mail through your SMTP service. Desktop firewalls often use the concept of "showing that they are useful" - install one of those, and you will have a whole bunch of "hits" within a wink of an eye. Most of those probably aren't dangerous or even attacks at all, but you feel that your firewall is keeping them off your back. On the other side you run plenty of tools like P2P clients, instant messaging software or the like through your firewall, practically opening it far and wide. This will probably keep a buhcn of well-known worms off your host but will not save you from "real" attacks. [Software tools] > True. That's why I said - feel the software, read for feedback and > then install it. Indeed. Be picky. Way often, more is less. Software can never replace knowledge. [Trust] > I do not trust anyone except for myself to play around with my system. > Getting help is a good thing, but how can you be 100% sure that you > will not get a little present (say, a trojan or key-logger) along with > the help. Resume: use certified computer stores, not simply the guys > you know that are good with computers - besides a possibility of > getting a "present", if you do not know what you are doing, how can > you be sure he does? You're surely right, but this is just the top of the problem. Trust in software is difficult to establish; only a (semi)professional security auditing of your tools probably gives you a chance of being able to trust your software. Can you look into the depths of your system and tell whether or not there are some hooks allowing people you don't want (companies, governments, secret services,...) to access your system circumventing all of its local security measures? Open Source software is helpful here, enabling you actually to do right that. But even this way, it's a long way to software you really might put trust in it. If one day Trustworthy Computing / TCPA might be common, chances to have a computer you can trust will be == 0. > The other problem is that some users are simply not willing to admit > not knowing what they are doing, and trying to "fix" everything > themselves. Indeed. Though car analogies usually suck: I'd never try to repair my clutch or fix my exhaust pipe myself, I know people who know how to do that. Why are things different for computers? Cheers & take care, Kris -- "never to be seen again... ever to release the pain. renewal of our minds!" (kreator) www.stop1984.org -> we don't need no big brother swpat.ffii.org -> no logic patents for europe!