Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
Zone Alarm or Sygate Personal Firewall does)?

For example, when I run CCleaner freeware, Jetico is welcome to ask if I
want to run it but with the "remember" button set, Jetico should LEARN that
I want CCleaner to run without asking me again. Yet every time CCleaner
runs, Jetico asks me again (even with the Remember button selected).

Same thing with Firefox freeware, PeerGuardian freeware, Windows update,
etc.

There MUST be a way to gell Jetico Personal Firewall to just Remember
(really remember) the3 previous answer .. isn't there?

Linda Sands wrote:


> There MUST be a way to gell Jetico Personal Firewall to just Remember
> (really remember) the3 previous answer .. isn't there?


Hm... why don't you simply uninstall it? Why did you even install it in
first place?

In article <96sPi.1575$Pv2.1234 [at] newssvr23.news.prodigy.net>,
lshorsetrainer [at] sbcglobal.net says...
> Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> Zone Alarm or Sygate Personal Firewall does)? [snip]
=======================
Same problem; I uninstalled it.

Same problem with Comodo, too; I uninstalled it.

Zone Alarm and Sygate both have become really bloated, and think too
long about things.

Currently using Netveda Safety Net, and am pleased with it. Only
8MB or so installed

Lord Possum

Linda Sands wrote:
> Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> Zone Alarm or Sygate Personal Firewall does)?
>
> For example, when I run CCleaner freeware, Jetico is welcome to ask if I
> want to run it but with the "remember" button set, Jetico should LEARN that
> I want CCleaner to run without asking me again. Yet every time CCleaner
> runs, Jetico asks me again (even with the Remember button selected).
>
> Same thing with Firefox freeware, PeerGuardian freeware, Windows update,
> etc.
>
> There MUST be a way to gell Jetico Personal Firewall to just Remember
> (really remember) the3 previous answer .. isn't there?

you should read the documentation and edit the default optimum
protection security policy
or you can just use another security policy like allow all but that
sorta defeats the
purpose of a personal firewall

Post removed (X-No-Archive: yes)

In article <MPG.21786326c330ab3a9896ff [at] netnews.insightbb.com>,
Lord_Possum [at] yahoo.com says...
> In article <96sPi.1575$Pv2.1234 [at] newssvr23.news.prodigy.net>,
> lshorsetrainer [at] sbcglobal.net says...
> > Is there an easy way to get Jetico Personal Firewall to only ask ONCE (like
> > Zone Alarm or Sygate Personal Firewall does)? [snip]
> =======================
> Same problem; I uninstalled it.
>
> Same problem with Comodo, too; I uninstalled it.
>
> Zone Alarm and Sygate both have become really bloated, and think too
> long about things.
>
> Currently using Netveda Safety Net, and am pleased with it. Only
> 8MB or so installed

Is that particularly small for a Firewall? I'm not sure your description
of Sygate being "really bloated", is entirely accurate. I'm not pushing
or endorsing Sygate, but my installation is 12 megs. That's not that
bloated IMO. If it, or any software package, does what it advertises, 4
megs doesn't make THAT much of a difference. I've tried most "endorsed"
firewalls, but I always seem to "go back" to Sygate.

Al

>
> Lord Possum
>

goarilla wrote:


> or you can just use another security policy like allow all but that
> sorta defeats the
> purpose of a personal firewall


AFAWK the purpose of a "personal firewall" is to fuck up the network
connection, which is obviously does.

In article <MPG.21789728da8e9ed7989927 [at] newsgroups.comcast.net>,
al [at] aohell.com says...

>Is that particularly small for a Firewall? I'm not sure your
>description of Sygate being "really bloated", is entirely accurate.
>I'm not pushing or endorsing Sygate, but my installation is 12 megs.
>That's not that bloated IMO. If it, or any software package, does
>what it advertises, 4 megs doesn't make THAT much of a difference.
>I've tried most "endorsed" firewalls, but I always seem to "go
>back" to Sygate. Al
============================

One of the criteria I employ in judging a program's worth is not only
the installed size, but the amount of Registry entries, and the
number of functions requiring 'think' power ... a drain on RAM
resources. Sygate is heavy than many in that respect.

And, as far as installed size ... 12MB compared to 8MB tells me
immediately that Sygate is 50% bigger, while doing no more or any
better than what I use. That apparently will not mean much to those
who don't care how much room a program takes up, but the extra 4MB
means more of something else for me. And, in the end result, NetVeda
is faster.

Lord Possum

Post removed (X-No-Archive: yes)

don't mind me

In article <MPG.21797b226da1f0d7989700 [at] netnews.insightbb.com>,
Lord_Possum [at] yahoo.com says...
> In article <MPG.21789728da8e9ed7989927 [at] newsgroups.comcast.net>,
> al [at] aohell.com says...
>
> >Is that particularly small for a Firewall? I'm not sure your
> >description of Sygate being "really bloated", is entirely accurate.
> >I'm not pushing or endorsing Sygate, but my installation is 12 megs.
> >That's not that bloated IMO. If it, or any software package, does
> >what it advertises, 4 megs doesn't make THAT much of a difference.
> >I've tried most "endorsed" firewalls, but I always seem to "go
> >back" to Sygate. Al
> ============================
>
> One of the criteria I employ in judging a program's worth is not only
> the installed size, but the amount of Registry entries, and the
> number of functions requiring 'think' power ... a drain on RAM
> resources. Sygate is heavy than many in that respect.
>
> And, as far as installed size ... 12MB compared to 8MB tells me
> immediately that Sygate is 50% bigger, while doing no more or any
> better than what I use. That apparently will not mean much to those
> who don't care how much room a program takes up, but the extra 4MB
> means more of something else for me. And, in the end result, NetVeda
> is faster.
>
> Lord Possum
>

I've had this conversation with others in the past and found that, with
the "right" equipment, 4megs of hard drive space and 2 or 3 megs of RAM
is not very much. I'm running a 2.8GHz Pentium D with 2 Gigs of RAM. I
know not everyone has these resources, but I believe most people
frequenting this newsgroup looking for software, are probably people
that are pretty computer savvy and do have newer hardware which will run
most any of the software being discussed about here. It seems apropos
that someone here could come up with a list of software with attributes
pertaining to RAM and hard drive space usage. I'm sure there's a website
that does this, but I'm not familiar with one.

Al

Post removed (X-No-Archive: yes)

hmmm [at] hmmm.org wrote:

> Aaron <aaronnewsgroup [at] gmail.com> wrote in
> news:Xns99C8A3502A20Faaronnewsgroup [at] 85.214.62.108:
>
>> Moreover OA is not just a firewall but includes HIPS (but so does the
>> Comodo v3 but that's in beta). I personally find OA one of the more
>> usable HIPS for ordinary users.


HIPS is nonsense, and even HIDS is for anyone but ordinary users. At any
rate, the horribly broken and unsuable software products you're discussing
only include signature-based engines, which is quite useless.

> OA also gets an excellent rating from Matousec.


Hm... isn't that rather a bad thing?

> Let's see what the free
> version gets. ZA Pro has a very good rating while ZA free has a very poor
> rating. The latest version of ZA Pro uses about 80 mg ram!


WTF? I knew this software was totally bad, but THAT bad...

Post removed (X-No-Archive: yes)

"Double Z" <zzinkmetairie [at] nospammingplzbellsouth.net> wrote in
news:TM2dnTqNvcavjYzanZ2dneKdnZydnZ2d [at] giganews.com:

> don't mind me


ok


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin [at] gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Lord Possum wrote:
> In article <MPG.21789728da8e9ed7989927 [at] newsgroups.comcast.net>,
> al [at] aohell.com says...
>
>> Is that particularly small for a Firewall? I'm not sure your
>> description of Sygate being "really bloated", is entirely accurate.
>> I'm not pushing or endorsing Sygate, but my installation is 12 megs.
>> That's not that bloated IMO. If it, or any software package, does
>> what it advertises, 4 megs doesn't make THAT much of a difference.
>> I've tried most "endorsed" firewalls, but I always seem to "go
>> back" to Sygate. Al
> ============================
>
> One of the criteria I employ in judging a program's worth is not only
> the installed size, but the amount of Registry entries, and the
> number of functions requiring 'think' power ... a drain on RAM
> resources. Sygate is heavy than many in that respect.
>
> And, as far as installed size ... 12MB compared to 8MB tells me
> immediately that Sygate is 50% bigger, while doing no more or any
> better than what I use. That apparently will not mean much to those
> who don't care how much room a program takes up, but the extra 4MB
> means more of something else for me. And, in the end result, NetVeda
> is faster.
>
> Lord Possum

What version of sygate are you referring too. 5.5.2710 is not bloated in
my opinion.

In comp.security.firewalls Gary <gareth [at] capecod.net> wrote:
> Lord Possum wrote:
>> One of the criteria I employ in judging a program's worth is not only
>> the installed size, but the amount of Registry entries, and the
>> number of functions requiring 'think' power ... a drain on RAM
>> resources. Sygate is heavy than many in that respect.
>>
>> And, as far as installed size ... 12MB compared to 8MB tells me
>> immediately that Sygate is 50% bigger, while doing no more or any
>> better than what I use. That apparently will not mean much to those
>> who don't care how much room a program takes up, but the extra 4MB
>> means more of something else for me. And, in the end result, NetVeda
>> is faster.
>
> What version of sygate are you referring too. 5.5.2710 is not bloated
> in my opinion.

It just has serious design flaws and won't receive any bugfixes anymore.
Some qualification for a "security" product.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Ansgar -59cobalt- Wiechers <usenet-2007 [at] planetcobalt.net> after much
thought,came up with this jewel in news:fg2n7nUkp7L2 [at] news.in-ulm.de:

> In comp.security.firewalls Gary <gareth [at] capecod.net> wrote:
>> Lord Possum wrote:
>>> One of the criteria I employ in judging a program's worth is not
>>> only the installed size, but the amount of Registry entries, and
>>> the number of functions requiring 'think' power ... a drain on
>>> RAM resources. Sygate is heavy than many in that respect.
>>>
>>> And, as far as installed size ... 12MB compared to 8MB tells me
>>> immediately that Sygate is 50% bigger, while doing no more or
>>> any better than what I use. That apparently will not mean much
>>> to those who don't care how much room a program takes up, but
>>> the extra 4MB means more of something else for me. And, in the
>>> end result, NetVeda is faster.
>>
>> What version of sygate are you referring too. 5.5.2710 is not
>> bloated in my opinion.
>
> It just has serious design flaws and won't receive any bugfixes
> anymore. Some qualification for a "security" product.
>
> cu
> 59cobalt

Software "firewall" is not a real firewall and a waste of resources.
A router/harding your system/safe-hex is the way to go.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Gary wrote:


> What version of sygate are you referring too. 5.5.2710 is not bloated in
> my opinion.


Sygate is bloated by design.

Max M.Wachtel III wrote:


> Software "firewall" is not a real firewall and a waste of resources.


Right start, wrong conclusion. Just because it isn't a firewall doesn't mean
that it's not a security concept or can't be part of it. Indeed it is a
host-based packet filter, and, if used correctly (which already excludes all
the common "personal firewall" stuff) and not being too broken (again this
excludes all the common nonsense) can achieve a certain gain of security.

> A router/harding your system/safe-hex is the way to go.


The common SOHO router stuff is neither a firewall nor is it suitable to
implement a routing firewall.

On Sun, 28 Oct 2007 22:37:15 +0100, Sebastian G. wrote:

> > Software "firewall" is not a real firewall and a waste of resources.

> Right start, wrong conclusion. Just because it isn't a firewall doesn't mean
> that it's not a security concept or can't be part of it. Indeed it is a
> host-based packet filter, and, if used correctly (which already excludes all
> the common "personal firewall" stuff) and not being too broken (again this
> excludes all the common nonsense) can achieve a certain gain of security.

Can you suggest alternative software other than the common "personal
firewall" stuff that will achieve a certain gain of security (on a
Windows OS) ? Tnx.

--
s|b

"Sebastian G." <seppi [at] seppig.de> after much thought,came up with
this jewel in news:5okdovFn7fe1U1 [at] mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>
>> Software "firewall" is not a real firewall and a waste of
>> resources.
>
>
> Right start, wrong conclusion. Just because it isn't a firewall
> doesn't mean that it's not a security concept or can't be part of
> it. Indeed it is a host-based packet filter, and, if used
> correctly (which already excludes all the common "personal
> firewall" stuff) and not being too broken (again this excludes all
> the common nonsense) can achieve a certain gain of security.
>
>> A router/harding your system/safe-hex is the way to go.
>
>
> The common SOHO router stuff is neither a firewall nor is it
> suitable to implement a routing firewall.

Your correct. I think a router provides better protection than using
a software firewall(some routers include a packet filter). And
turning off un-needed services,using a more secure e-mail
client/browser(like Thunderbird,Firefox) is better than relying on a
software firewall alone.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

"s|b" <private [at] usenet4all.org> after much thought,came up with this
jewel in news:Jy7Vi.179033$nI4.8773744 [at] phobos.telenet-ops.be:

> On Sun, 28 Oct 2007 22:37:15 +0100, Sebastian G. wrote:
>
>> > Software "firewall" is not a real firewall and a waste of
>> > resources.
>
>> Right start, wrong conclusion. Just because it isn't a firewall
>> doesn't mean that it's not a security concept or can't be part of
>> it. Indeed it is a host-based packet filter, and, if used
>> correctly (which already excludes all the common "personal
>> firewall" stuff) and not being too broken (again this excludes
>> all the common nonsense) can achieve a certain gain of security.
>
> Can you suggest alternative software other than the common
> "personal firewall" stuff that will achieve a certain gain of
> security (on a Windows OS) ? Tnx.
>

Here is a good start-
MVPS hosts file
Firefox with NoScript and AdBlock installed
a good AV solution(like NOD32)
Spyware Blaster
Spybot Search+Destroy immunization
Turn off Windows Messenger
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

On Sun, 28 Oct 2007 22:33:53 GMT, Max M.Wachtel III wrote:

> Here is a good start-
> MVPS hosts file

Already using it.

> Firefox with NoScript and AdBlock installed

Already using it.

> a good AV solution(like NOD32)

I use Avast, but if I want to stick with freeware, then I'd probably be
better off with Avira Antivir.

> Spyware Blaster

Never used it.

> Spybot Search+Destroy immunization

Already using it.

> Turn off Windows Messenger

First thing I did when started this PC.

Anything else?

--
s|b

s|b wrote:


> Can you suggest alternative software other than the common "personal
> firewall" stuff that will achieve a certain gain of security (on a
> Windows OS) ? Tnx.


WinIPFW <http://wipfw.sourceforge.net>
(but only the latest SVN snapshot + some security fixes)

Max M.Wachtel III wrote:


> Here is a good start-
> MVPS hosts file


A very bad start for a proposedly good start. What should this shit be good
for, other than fucking up the system?

> Firefox with NoScript and AdBlock installed


AdBlock is not security relevant. And, of course, what about Firefox? Even
NoScript can't make it any less broken. If you really like a Mozilla core,
take Mozilla SeaMonkey.

> a good AV solution(like NOD32)


This is not even a solution at all.

> Spyware Blaster


Oh please...

> Spybot Search+Destroy immunization


OH PLEASE...

> Turn off Windows Messenger


Eh... yeah? Of course, intentionally running an insecure-by-design software
is never a good idea.

s|b wrote:


> Anything else?

Yes. Please flatten and rebuild your system. You broke it.

"Sebastian G." <seppi [at] seppig.de> after much thought,came up with
this jewel in news:5okkncFn7a1hU2 [at] mid.dfncis.de:

> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this
> shit be good for, other than fucking up the system?

what???? a good hosts file doesn't f*ckup anything.

>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant.

I just have no use for unsolicited ads...

> And, of course, what about
> Firefox? Even NoScript can't make it any less broken.

for control of javascript....
> If you
> really like a Mozilla core, take Mozilla SeaMonkey.
I use Portable Apps and SM is not yet available.

>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
what do you use?
>
>> Spyware Blaster
>> Spybot Search+Destroy immunization

any added protection that uses no extra resources is a good thing.

>> Turn off Windows Messenger
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.


Why do you say anything is broken????
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

"Sebastian G." <seppi [at] seppig.de> after much thought,came up with this
jewel in news:5n9mmpFh72sbU1 [at] mid.dfncis.de:

> goarilla wrote:
>
>
>> or you can just use another security policy like allow all but
that
>> sorta defeats the
>> purpose of a personal firewall
>
>
> AFAWK the purpose of a "personal firewall" is to fuck up the
network
> connection, which is obviously does.
>

I have yet to put anyone in my killfile but you are getting close.
You don't happen to be a 3rd cousin of pcbutts?
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Sebastian G. wrote:
> Max M.Wachtel III wrote:
>
>
>> Here is a good start-
>> MVPS hosts file
>
>
> A very bad start for a proposedly good start. What should this shit be
> good for, other than fucking up the system?
>

what ???
common i know lots of entries pointing to localhost is a cat and mouse game
at best but still ...

>> Firefox with NoScript and AdBlock installed
>
>
> AdBlock is not security relevant. And, of course, what about Firefox?
> Even NoScript can't make it any less broken. If you really like a
> Mozilla core, take Mozilla SeaMonkey.
>

yes firefox is well ... a horrible code base but besides opera
are there really any good standards compliant (sort of) browsers out there
besides SM shares a LOT of that horrible code base
how is firefox broken ?

>> a good AV solution(like NOD32)
>
>
> This is not even a solution at all.
>

true but NOD32 is the nicest of all PAV solutions (personal anti-virus :D)

>> Spyware Blaster
>
>
> Oh please...
>
>> Spybot Search+Destroy immunization
>
>
> OH PLEASE...
>
>> Turn off Windows Messenger
>
>
> Eh... yeah? Of course, intentionally running an insecure-by-design
> software is never a good idea.

are you against IM or just against MSN + MSNP ?

Max M.Wachtel III wrote:

>>> MVPS hosts file
>>
>> A very bad start for a proposedly good start. What should this
>> shit be good for, other than fucking up the system?
>
> what???? a good hosts file doesn't f*ckup anything.


It does. It slows down the resolver and, in case of Windows, even
partitially breaks it. Aside from that, it's simply superfluos.

Even further, it simply doesn't work, as a normal user doesn't have write
access to the HOSTS file, and doesn't have the privilege to restart the
system either - neither would this be reasonable.

>> If you
>> really like a Mozilla core, take Mozilla SeaMonkey.
> I use Portable Apps and SM is not yet available.


Mozilla SeaMonkey is profile-portable by design.

>>> a good AV solution(like NOD32)
>>
>> This is not even a solution at all.
> what do you use?


A real solution: a global non-exec policy enforced by the kernel.

>>> Spyware Blaster
>>> Spybot Search+Destroy immunization
>
> any added protection that uses no extra resources is a good thing.


Any added software increases complexity and therefore decreases security.
Unless it can actually justify this, it is a bad thing. Spyware scanners
definitely are bad, and this immunization stuff has only one purpose:
fucking up the system.

> Why do you say anything is broken????


Because it usually is. Just like your concept.

goarilla wrote:


> common i know lots of entries pointing to localhost is a cat and mouse game
> at best but still ...


it slows down the resolver and, in case of Windows, partitially breaks it.
Updating the HOSTS file requires write access that a normal user doesn't
have there, and an unwanted restart.

> yes firefox is well ... a horrible code base but besides opera
> are there really any good standards compliant (sort of) browsers out there
> besides SM shares a LOT of that horrible code base


Hm? The horrible code of Firefox starts where the common base ends.

> how is firefox broken ?


Just one keyword: Global Namespace Pollution

> true but NOD32 is the nicest of all PAV solutions (personal anti-virus :D)


So what? I'd say my trash can is the most beautiful one in the area. Yet
it's full of garbage and stinks.

> are you against IM or just against MSN + MSNP ?


Not even against the MSN IM protocol, but you should use an IM
implementation that isn't designed to execute arbitrary commands of the
attackers choice by default - which applies to Windows Messenger, MSN
Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite strange
that all the "official" clients are all broken by design, and the
third-party implementations are the only safe ones...

Max M.Wachtel III wrote:

> I have yet to put anyone in my killfile but you are getting close.
> You don't happen to be a 3rd cousin of pcbutts?
> max

No, don't do that - Seb's our resident 'Grumpy Old Man' and we love him
dearly on this NG!

Jim Ford

Sebastian G. wrote:
> goarilla wrote:
>
>
>> common i know lots of entries pointing to localhost is a cat and mouse
>> game
>> at best but still ...
>
>
> it slows down the resolver and, in case of Windows, partitially breaks
> it. Updating the HOSTS file requires write access that a normal user
> doesn't have there, and an unwanted restart.
>

never had a problem with it on a win xp machine
but i don't really use the machine, my sister does

>> yes firefox is well ... a horrible code base but besides opera
>> are there really any good standards compliant (sort of) browsers out
>> there
>> besides SM shares a LOT of that horrible code base
>
>
> Hm? The horrible code of Firefox starts where the common base ends.

XUL is a big bloated piece of crap

>
>> how is firefox broken ?
>
>
> Just one keyword: Global Namespace Pollution
>
>> true but NOD32 is the nicest of all PAV solutions (personal anti-virus
>> :D)
>
>
> So what? I'd say my trash can is the most beautiful one in the area. Yet
> it's full of garbage and stinks.
>

you may talk all big and mighty but you're probably working with homogenous
network environments in which ADS,group policy, proxy servers, etc, ...
can be implemented
sadly this isn't the case in 99,99 % of the home LAN environments and in
which NOD32 is really really nice
although it's a band-aid

>> are you against IM or just against MSN + MSNP ?
>
>
> Not even against the MSN IM protocol, but you should use an IM
> implementation that isn't designed to execute arbitrary commands of the
> attackers choice by default - which applies to Windows Messenger, MSN
> Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite
> strange that all the "official" clients are all broken by design, and
> the third-party implementations are the only safe ones...

true i use biltlebee + irssi

goarilla wrote:


> XUL is a big bloated piece of crap


Quite the contrary. It allows for reference safety, type safety and contract
enforcement, and is still very fast due to JIT. One could compare it to
Java, or rather Python (because it allows on-the-fly changes).

>> So what? I'd say my trash can is the most beautiful one in the area. Yet
>> it's full of garbage and stinks.
>>
>
> you may talk all big and mighty but you're probably working with homogenous
> network environments in which ADS,group policy, proxy servers, etc, ...
> can be implemented


I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with
Debian and Windows 2000 + XP homogenous.
But why do you name group policy? This is, by design, not a security measure.

> sadly this isn't the case in 99,99 % of the home LAN environments and in
> which NOD32 is really really nice
> although it's a band-aid


As you say: it's a band-aid. Nothing more. Security starts with addressing
the causing, not cascading the symptoms. Especially since the main problem,
lacking user education, is even further amplified.

goarilla wrote:


> XUL is a big bloated piece of crap


Quite the contrary. It allows for reference safety, type safety and contract
enforcement, and is still very fast due to JIT. One could compare it to
Java, or rather Python (because it allows on-the-fly changes).

>> So what? I'd say my trash can is the most beautiful one in the area. Yet
>> it's full of garbage and stinks.
>>
>
> you may talk all big and mighty but you're probably working with homogenous
> network environments in which ADS,group policy, proxy servers, etc, ...
> can be implemented


I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with
Debian and Windows 2000 + XP homogenous.
But why do you name group policy? This is, by design, not a security measure.

> sadly this isn't the case in 99,99 % of the home LAN environments and in
> which NOD32 is really really nice
> although it's a band-aid


As you say: it's a band-aid. Nothing more. Security starts with addressing
the causing, not cascading the symptoms. Especially since the main problem,
lacking user education, is even further amplified.

Sebastian G. wrote:
> goarilla wrote:
>
>
>> XUL is a big bloated piece of crap
>
>
> Quite the contrary. It allows for reference safety, type safety and
> contract enforcement, and is still very fast due to JIT. One could
> compare it to Java, or rather Python (because it allows on-the-fly
> changes).
>
>>> So what? I'd say my trash can is the most beautiful one in the area.
>>> Yet it's full of garbage and stinks.
>>>
>>
>> you may talk all big and mighty but you're probably working with
>> homogenous
>> network environments in which ADS,group policy, proxy servers, etc,
>> ... can be implemented
>
>
> I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86
> with Debian and Windows 2000 + XP homogenous.
> But why do you name group policy? This is, by design, not a security
> measure.
>
>> sadly this isn't the case in 99,99 % of the home LAN environments and
>> in which NOD32 is really really nice
>> although it's a band-aid
>
>
> As you say: it's a band-aid. Nothing more. Security starts with
> addressing the causing, not cascading the symptoms. Especially since the
> main problem, lacking user education, is even further amplified.

ok what would you do when some of your stupid users
gets a virus ? reset a known good image ? that only works
if you have a homogenous windows env.

well not quite but if you have lots of different pc's with windows it's
a lot harder because you have
to manage a lot of different images

and what's the causing of security problems beside the user ?

On Mon, 29 Oct 2007 00:37:01 +0100, Sebastian G. wrote:

> > Anything else?

> Yes. Please flatten and rebuild your system. You broke it.

That's _really_ helpful. Danke!

--
s|b

On Mon, 29 Oct 2007 00:33:41 +0100, Sebastian G. wrote:

> WinIPFW <http://wipfw.sourceforge.net>
> (but only the latest SVN snapshot + some security fixes)

Thanks, I'll take a look at it.

--
s|b

goarilla wrote:


> ok what would you do when some of your stupid users
> gets a virus?


Depends on which systems. Those with higher security margins have a global
no-exec policy implemented, thus they simply can't anything but the
preinstalled software, and as long as this is up-to-date an in-memory
process compromise of the network is extremely unlikely.

On those with lesser security margin: Delete all programs and
script-relevant setting, if necessary restore their settings and their data
from the latest backup.

> well not quite but if you have lots of different pc's with windows it's
> a lot harder because you have
> to manage a lot of different images


Why are you always coming up with images? A user running malicious software
only compromises all the programs and the data he had access to, which is,
beside some necessarily shared data, only his own data. He can't damage the
data of other user, and neither the system.

> and what's the causing of security problems beside the user ?


Hardware errors. This is what the restore images are intended for: getting
the old system running on the new hardware again as soon as possible.