Guest BoaterDave Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? Had you intended to comment, Peter? Nothing seen here. BD ****************************** "Peter Foldes" <okf22@hotmail.com> wrote in message news:eSIyH9Z0HHA.600@TK2MSFTNGP05.phx.gbl... -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "BoaterDave" <BoaterDave@nospam.invalid> wrote in message news:O4neV7R0HHA.5644@TK2MSFTNGP05.phx.gbl... > Hi Doc > > I've been led to believe that, just like one should only ever have a > single > active antivirus programme, one should only have a single software > firewall > operative. In other words, disable MS Windows firewall if you are using > Zone > Alarm. > > HTH > > David > > ______________________________________________________________________________________________ > "Doc" <docsavage20@yahoo.com> wrote in message > news:1185609109.150631.111220@w3g2000hsg.googlegroups.com... >> I'm using WinXP Media Center, the last few days I've noticed that >> there's some kind of d/l actitivity showing even when I'm doing >> nothing online even with the Windows firewall up as well as >> ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I >> don't have Windows update on automatic. I ran AdAware with the latest >> definitions but it's still doing it. >> >> Thanks. >> > >
Guest John John Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Kayman wrote: > "John John" <audetweld@nbnet.nb.ca> wrote in message > It's a pc, apply your own logic (utilise sensible apps.); So take > ownership, do some research, do not consult advertisement-driven > publications and be responsible - *you* are in charge! If you don't like > pc go for available alternatives. Regardless of what you might think I am no slouch at computers and I don't use Adware! Did you know that some of the new Sysinternal (Microsoft) utilities call home without your knowledge? Did you know that these Sysinternal utilities do not tell you that they call home and that they provide no inbuilt mechanism to stop this behaviour? Do you agree that those applications, amongst others, should be calling home without the user's knowledge? Do you agree that users should have no easy method to detect and stop these unwanted connections? By the contents of your posts I would say obviously not! There are many other legitimate applications that call home for no valid reasons, when you install these application they don't always tell you that they will be calling home and they don't always make it easy to find that out or to disable "call home" features. I am sure you didn't know of the Sysinternal utilities calling home and I am sure that you are not in charge of your computer as much as you thing that you are! But then you don't think that users should have a way of being made aware or of stopping those outbound connections so who cares about "being in charge" of their computers? > M/S firewall *can't* do (but they could) because it's recognised to be > waste of resources and time. And yes, PFW's are IMO of no value > whatsoever; I know because I operate without these apps. > John John, don't get blinded by all the marketing hype :) Marketing hype? It appears that you are the one blinded by marketing hype! Microsoft marketing hype! The misinformation published in one of the Microsoft articles provided by another poster makes it clear that Microsoft and its shills are on a mission to discredit all firewalls that monitor outbound connections and to insist that the Microsoft firewall is somehow or other superior to all others. Quite amusing when it's coming from an outfit that until a few years ago didn't even know what a firewall was! As for your comments of "waste of resources" it is laughable to say the least. It this day and age of fast processors and large amounts of RAM this is a non issue. Also, the firewall will be using resources just to do its basic job of keeping intruder out, the little extra needed to monitor outbound connections is negligible. Lets get one thing perfectly clear here, I am not claiming, nor have I ever claimed that outbound connection monitoring was an effective method of dealing with all sorts of malware. I am simply saying that outbound monitoring is a useful tool that can alert you to some not so clever malware trying to call home and that it can alert you that something like your printer software, or Microsoft components might be trying to access the internet for no good reason at all. But then it appears that you think that users shouldn't know that these things are calling home. Neither you, nor Microsoft, nor anyone else will ever convince me that outbound connection monitoring is not a useful feature. Period! John
Guest John John Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Kerry Brown wrote: > You said that this: "Myth: Host-Based Firewalls Must Filter Outbound > Traffic to be Safe." was baloney. I never said that and don't attribute things that I have not said to me! Reread my post! I quoted this from the article: "Speaking of host firewalls, why is there so much noise about outbound filtering? Think for a moment about how ordinary users would interact with a piece of software that bugged them every time a program on their computer wanted to communicate with the Internet..." And I said that (quoted material) was baloney! A firewall monitoring outbound connections will ask you if you want to permanently allow or disallow the connection, you will not be "...bugged them every time a program on their computer wanted to communicate with the Internet...". That is false information in the article, and for some reason or other and for sometime now Microsoft has been trying to discredit *all* firewalls except its own. What is it that Microsoft is hiding? Why are they so adamant that users not be aware of outgoing connections on their computers? John
Guest Gary S. Terhune Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? Which Sysinternals apps call home? -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "John John" <audetweld@nbnet.nb.ca> wrote in message news:OovEbld0HHA.5380@TK2MSFTNGP04.phx.gbl... > Kayman wrote: > >> "John John" <audetweld@nbnet.nb.ca> wrote in message > >> It's a pc, apply your own logic (utilise sensible apps.); So take >> ownership, do some research, do not consult advertisement-driven >> publications and be responsible - *you* are in charge! If you don't like >> pc go for available alternatives. > > Regardless of what you might think I am no slouch at computers and I don't > use Adware! Did you know that some of the new Sysinternal (Microsoft) > utilities call home without your knowledge? Did you know that these > Sysinternal utilities do not tell you that they call home and that they > provide no inbuilt mechanism to stop this behaviour? Do you agree that > those applications, amongst others, should be calling home without the > user's knowledge? Do you agree that users should have no easy method to > detect and stop these unwanted connections? By the contents of your posts > I would say obviously not! There are many other legitimate applications > that call home for no valid reasons, when you install these application > they don't always tell you that they will be calling home and they don't > always make it easy to find that out or to disable "call home" features. > I am sure you didn't know of the Sysinternal utilities calling home and I > am sure that you are not in charge of your computer as much as you thing > that you are! But then you don't think that users should have a way of > being made aware or of stopping those outbound connections so who cares > about "being in charge" of their computers? > > >> M/S firewall *can't* do (but they could) because it's recognised to be >> waste of resources and time. And yes, PFW's are IMO of no value >> whatsoever; I know because I operate without these apps. >> John John, don't get blinded by all the marketing hype :) > > Marketing hype? It appears that you are the one blinded by marketing > hype! Microsoft marketing hype! The misinformation published in one of > the Microsoft articles provided by another poster makes it clear that > Microsoft and its shills are on a mission to discredit all firewalls that > monitor outbound connections and to insist that the Microsoft firewall is > somehow or other superior to all others. Quite amusing when it's coming > from an outfit that until a few years ago didn't even know what a firewall > was! As for your comments of "waste of resources" it is laughable to say > the least. It this day and age of fast processors and large amounts of > RAM this is a non issue. Also, the firewall will be using resources just > to do its basic job of keeping intruder out, the little extra needed to > monitor outbound connections is negligible. > > Lets get one thing perfectly clear here, I am not claiming, nor have I > ever claimed that outbound connection monitoring was an effective method > of dealing with all sorts of malware. I am simply saying that outbound > monitoring is a useful tool that can alert you to some not so clever > malware trying to call home and that it can alert you that something like > your printer software, or Microsoft components might be trying to access > the internet for no good reason at all. But then it appears that you > think that users shouldn't know that these things are calling home. > Neither you, nor Microsoft, nor anyone else will ever convince me that > outbound connection monitoring is not a useful feature. Period! > > John
Guest Kerry Brown Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? "John John" <audetweld@nbnet.nb.ca> wrote in message news:OZyzRwd0HHA.5160@TK2MSFTNGP05.phx.gbl... > Kerry Brown wrote: > >> You said that this: "Myth: Host-Based Firewalls Must Filter Outbound >> Traffic to be Safe." was baloney. > > I never said that and don't attribute things that I have not said to me! > Reread my post! > > I quoted this from the article: > > "Speaking of host firewalls, why is there so much noise about outbound > filtering? Think for a moment about how ordinary users would interact with > a piece of software that bugged them every time a program on their > computer wanted to communicate with the Internet..." > > And I said that (quoted material) was baloney! A firewall monitoring > outbound connections will ask you if you want to permanently allow or > disallow the connection, you will not be "...bugged them every time a > program on their computer wanted to communicate with the Internet...". > That is false information in the article, and for some reason or other and > for sometime now Microsoft has been trying to discredit *all* firewalls > except its own. What is it that Microsoft is hiding? Why are they so > adamant that users not be aware of outgoing connections on their > computers? > That may have been what you intended to say but here is the the relevant snippet from your post: -------------------------------------- "> and scroll down to: > Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. That article itself is baloney. It is true that any malware can circumvent a firewall's outbound protection but it is also true that a lot of malware is detected by firewall outbound monitoring. The outbound monitoring also alerts you when otherwise legitimate software is trying to call home. Perhaps you like it better when things like Media player call home without your knowledge, a pesky annoyance that you should be aware of things like that." ----------------------------------------- It sure sounds to me like you are calling the whole article baloney. I don't presume to speak for Microsoft but personally I'm not hiding anything. Software firewalls are a useful part of a layered security setup. They can't be relied upon to protect you from malicious outbound traffic. Anybody who says they can and tries to sell this to you is deceiving you. They are selling snake oil. Software firewalls became popular because the current versions of Windows at the time didn't have any firewall. When XP came out with a firewall the vendors realized that they had to give people a reason to keep buying their product. This is when they started pushing the outbound monitoring features. Software firewalls can, and most do, give you a level of protection against inbound attacks from unsolicited traffic. That is all they are good for as a defense against malware. Even that can't be relied on if something does get inside the security perimeter. Once your security has been breached you can no longer trust anything running on the computer. Monitoring outbound traffic does have it's uses. One is as you say to stop legitimate programs from making outbound connections that you don't want. I don't know why Microsoft didn't include outbound monitoring in the XP firewall. Personally I don't care as I believe it to be of limited use anyway. Outbound monitoring is included in the Vista firewall and many other Microsoft products like ISA server. This is obviously something I'm passionate about :-) Don't take it as personal attack. Whenever I see a post espousing the usefulness of software firewalls I am compelled to point out the fallacy of this approach to security. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca
Guest Straight Talk Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? On Sun, 29 Jul 2007 09:11:12 -0300, John John <audetweld@nbnet.nb.ca> wrote: >Kayman wrote: <snip> >Did you know that some of the new Sysinternal (Microsoft) utilities call >home without your knowledge? You mean it contacts crl.microsoft.com? Uhhhhh.. big deal.... >Did you know that these Sysinternal utilities >do not tell you that they call home and that they provide no inbuilt >mechanism to stop this behaviour? Wrong. >Do you agree that those applications, amongst others, should be calling home >without the user's knowledge? Why are you running utilities from a company you don't trust? In fact, with your obvious hostility towards MS, why are you running windows in the first place? >There are many other legitimate applications that call home for no >valid reasons, when you install these application they don't always tell >you that they will be calling home and they don't always make it easy to >find that out or to disable "call home" features. Any program you didn't code yourself is going to do a lot of things without asking you for permission. Legitimate programs for obvious reasons don't need to be controlled. Furthermore, an outbound control measure is not going to indicate in any way if what it's doing is good or bad. You just have a preconceived opinion about it being bad (which just proves that you are running software you don't trust). <snip> >The misinformation published in one of >the Microsoft articles provided by another poster makes it clear that >Microsoft and its shills are on a mission to discredit all firewalls >that monitor outbound connections or they just know their own OS well enough to realize that host-based outbound control as a security measure against malware is a lost battle. >and to insist that the Microsoft >firewall is somehow or other superior to all others. In some areas it is. <snip> >Also, the firewall will be using resources just to do its basic job of >keeping intruder out, the little extra needed to monitor outbound >connections is negligible. Do you realize the number of kernel hooks necessary to accomplish such a task? And still it isn't even close to being reliable. You probably also never considered the increase in attack vectors introduced by PFW's.
Guest Andy Walker Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? dc wrote: >Andy, > >What does the -b parameter do? Here is the help description from netstat: -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient You can use an alternative method through the use of the -o switch. -o Displays the owning process ID associated with each connection. In order to determine the process name you can run task manger (ctrl-alt-del), select view/select columns and add Process Identifier. This will allow you to match the process ID output from the netstat command with a process name. >I couldn't find it, and when I included it, I got the help legend. Older versions of the netstat command did not include the -b switch. >After looking at the legend, I did this... >c:\netstat -na > netstat.txt >Did you mean to use another pararmeter >and if so, what is the command See the -o info above. >What is this for? c:\more netstat.txt It is the "more" command used to read the file "netstat.txt" created when you used the ">" pipe command. Using more allows you to see the entire file one page at a time. You could also use a text reader like notepad or to stay in the DOS window try "edit netstat.txt".
Guest John John Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Click on the help menu and you will find out. John Gary S. Terhune wrote: > Which Sysinternals apps call home? >
Guest John John Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Straight Talk wrote: >>Did you know that these Sysinternal utilities >>do not tell you that they call home and that they provide no inbuilt >>mechanism to stop this behaviour? > > > Wrong. If you know how to internally stop the Sysinternal Help utilities from calling home please post your findings here. I would also like to hear your advice and solutions as to port monitoring and outbound traffic in general on Windows operating systems. Should users follow your advice and ignore all outbound traffic? Should outbound traffic be allowed to outside networks or should it be limited to the local network? John
Guest Kayman Posted July 29, 2007 Posted July 29, 2007 Re: Unknown download activity in background - how to determine what it is? >> "John John" <audetweld@nbnet.nb.ca> wrote in message > >> It's a pc, apply your own logic (utilise sensible apps.); So take >> ownership, do some research, do not consult advertisement-driven >> publications and be responsible - *you* are in charge! If you don't like >> pc go for available alternatives. > > Regardless of what you might think I am no slouch at computers and I don't > use Adware! > Never thought you were incompetent. I just provided useful information for you kind consideration. > > (Did you know that some of the new Sysinternal Microsoft) utilities call > home without your knowledge? Really. > > Did you know that these Sysinternal utilities do not tell you that they > call home and that they provide no inbuilt mechanism to stop this > behaviour? > Really. > > Do you agree that those applications, amongst others, should be calling > home without the user's knowledge? The ones I use don't call. If I'd feel comfortable with an apps. I wouldn't mind. > > Do you agree that users should have no easy method to detect and stop > these unwanted connections? Define unwanted; Only install apps. you are comfortable with. > > By the contents of your posts I would say obviously not! Far from it, that's what you're assuming, that's it. Read on the line, not in between. > > There are many other legitimate applications that call home for no valid > reasons, when you install these application they don't always tell you > that they will be calling home and they don't always make it easy to find > that out or to disable "call home" features. I know, but then again I don't download junk - not even legitimate junk. But wouldn't mind a 'home call' from an apps. I am comfortable with. > > I am sure you didn't know of the Sysinternal utilities calling home... > Which Sysinternals apps. call home? > > ...and I am sure that you are not in charge of your computer as much as > you thing that you are! Assumptions. > > But then you don't think that users should have a way of being made aware > or of stopping those outbound connections so who cares about "being in > charge" of their computers? > Naw, you don't know what I am thinking, never mind about that. > >> M/S firewall *can't* do (but they could) because it's recognised to be >> waste of resources and time. And yes, PFW's are IMO of no value >> whatsoever; I know because I operate without these apps. >> John John, don't get blinded by all the marketing hype :) > > Marketing hype? It appears that you are the one blinded by marketing > hype! Microsoft marketing hype! > If you are not comfortable with this apps. then uninstall and go for an alternative. > > The misinformation published in one of the Microsoft articles provided by > another poster makes it > clear that Microsoft and its shills are on a > mission to discredit all firewalls... It explains how things are in reality. The write-ups are educational and non-binding. The authors have considerable credentials. Where are yours? And where are the representatives with their credentials of PFW's refuting the published arguments? Are you one of them? > > ...that monitor outbound connections and to insist that the Microsoft > firewall is somehow or other superior to all others. They don't claim superiority, just reality. > > Quite amusing when it's coming from an outfit that until a few years ago > didn't even know what a firewall was! > You do underestimate M/S. (Or is it sarcasm?). > As for your comments of "waste of resources" it is laughable to say the > least. It this day and age of fast processors and large amounts of RAM > this is a non issue. A waste of resources in terms of manpower, spending time on an useless (outbound filtering)feature. (Sorry for confusion). > > Also, the firewall will be using resources just to do its basic job of > keeping intruder out, the little extra needed to monitor outbound > connections is negligible. > Lets get one thing perfectly clear here, I am not claiming, nor have I > ever claimed that outbound connection monitoring was an effective method > of dealing with all sorts of malware. I am simply saying that outbound > monitoring is a useful tool that can alert you to some not so clever > malware trying to call home and that it can alert you that something like > your printer software, or Microsoft components might be trying to access > the internet for no good reason at all. But then it appears that you > think that users shouldn't know that these things are calling home. > Neither you, nor Microsoft, nor anyone else will ever convince me that > outbound connection monitoring is not a useful feature. Period! > Alright then; Good luck :)
Guest Uncle Grumpy Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? John John <audetweld@nbnet.nb.ca> wrote: >Should users follow your >advice and ignore all outbound traffic? Should outbound traffic be >allowed to outside networks or should it be limited to the local network? While you're waiting for your answer, you might visit this site and follow its directions: http://zapatopi.net/afdb/
Guest Gary S. Terhune Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? What "help menu"? Hey, I just asked a question and I really want to know the answer. Which Sysinternal apps call home? I presume you know of at least some, or you wouldn't have made that statement. -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "John John" <audetweld@nbnet.nb.ca> wrote in message news:e0VXoKj0HHA.5160@TK2MSFTNGP05.phx.gbl... > Click on the help menu and you will find out. > > John > > Gary S. Terhune wrote: >> Which Sysinternals apps call home? >>
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Preocess Explorer and Autoruns are two that do. John Gary S. Terhune wrote: > What "help menu"? Hey, I just asked a question and I really want to know the > answer. Which Sysinternal apps call home? I presume you know of at least > some, or you wouldn't have made that statement. >
Guest dobey Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? "Uncle Grumpy" <unclegrumpy@ameritech.net> wrote in message news:9jbqa39h9nca6fn5k5aatg32apcb46n8ip@4ax.com... > John John <audetweld@nbnet.nb.ca> wrote: > >>Should users follow your >>advice and ignore all outbound traffic? Should outbound traffic be >>allowed to outside networks or should it be limited to the local network? > > While you're waiting for your answer, you might visit this site and > follow its directions: > > http://zapatopi.net/afdb/ No MS-MVP leaves home without one...
Guest Straight Talk Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? On Sun, 29 Jul 2007 20:18:45 -0300, John John <audetweld@nbnet.nb.ca> wrote: >If you know how to internally stop the Sysinternal Help utilities from >calling home please post your findings here. It's not the app itself "phoning home". Clearing the CodeBaseSearchPath key in the registry (Internet Settings) probably does the job. But maybe it's not such a good idea after all. Anyway, if you had taken the time to packet sniff the "phoning home" instead of letting your PFW drive you paranoid, you would probably have realized that it's no big deal and that this big scary MS thingy isn't really spying on you. >I would also like to hear your advice and solutions as to port monitoring >and outbound traffic in general on Windows operating systems. App's like CurrPorts and WireShark come to mind. >Should users follow your advice and ignore all outbound traffic? Users should think twice before installing all kinds of stuff. And they should not let PFW's drive them paranoid. Problem is, neither the PFW nor the user understands what's happening. I've seen users freak out about app's "phoning home" to IP address 127.0.0.1 >Should outbound traffic be allowed to outside networks or should it be >limited to the local network? That's for the person in charge of the local network to decide. However, there won't be much inter netting without allowing outbound traffic.
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Straight Talk wrote: > On Sun, 29 Jul 2007 20:18:45 -0300, John John <audetweld@nbnet.nb.ca> > wrote: > > >>If you know how to internally stop the Sysinternal Help utilities from >>calling home please post your findings here. > > > It's not the app itself "phoning home". Yes it is. If you use the help utility it calls an Akamai server. I know why it's doing it and I am not saying that it is necessarily good or bad. The example was used to demonstrate that there *are* things making outbound connections without users being aware. If the applications that we think of as "tame" are doing it you can be sure that other not so tame applications may also be doing it. Clearing the > CodeBaseSearchPath key in the registry (Internet Settings) probably > does the job. But maybe it's not such a good idea after all. > > Anyway, if you had taken the time to packet sniff the "phoning home" > instead of letting your PFW drive you paranoid, you would probably > have realized that it's no big deal and that this big scary MS thingy > isn't really spying on you. Once again, I know what it is doing and I am not saying that anyone is spying, that is not the point. The point is that Microsoft and many others are consistently saying that monitoring outbound connection is a useless firewall feature for *any* reason. I disagree with that. All good firewalls have outbound connection monitoring available, the Microsoft XP firewall doesn't. When users made mention of this, or if they asked why it wasn't available, the response from Microsoft and its fans was to embark on a campaign of discrediting all firewalls that do outbound monitoring and to claim the feature as absolutely useless. When that tactic failed they then decided that anyone who even suggests that the firewall should do outbound monitoring should be immediately clobbered, it may keep some people quiet but it won't keep me quiet. Microsoft customers spoke and asked a valid question. Instead of Microsoft saying something as simple as: "We have received requests for this feature and are investigating the possibility of including it in a future update", they decided that it was best to kill the messengers and to proclaim their firewall as superior to all others. >>I would also like to hear your advice and solutions as to port monitoring >>and outbound traffic in general on Windows operating systems. > > > App's like CurrPorts and WireShark come to mind. Brilliant. Give that to novice users. Instead of having the firewall do what firewalls usually do have the users dig about and find utilities on their own to do the job! And for your information you don't have to go out of the Microsoft stable to find port monitoring tools. >>Should users follow your advice and ignore all outbound traffic? > > > Users should think twice before installing all kinds of stuff. And > they should not let PFW's drive them paranoid. Problem is, neither the > PFW nor the user understands what's happening. I've seen users freak > out about app's "phoning home" to IP address 127.0.0.1 More BS. There are all kinds of computer users and computer users do all kinds of things. Good firewalls know what is going on and most seasoned users know what the loopback address is. The simple fact that the extra ability to detect outbound connections can be a useful firewall feature is something that guys like you are insisting on denying. You are on a campaign to discredit this as a useful feature, but you offer no simple, easy way or alternative for users to even have basic outbound connection monitoring. > However, there won't be much inter netting without allowing outbound > traffic. No there won't be. But that doesn't mean that everything installed on a computer should be calling out and it doesn't mean that firewalls that help identifying those "call home" utilities are bad, useless firewalls! If that is the case then why would Microsoft include such a useless feature in its newest flagship operating system? And then insist that it is useless for XP users? John
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Kerry Brown wrote: > "John John" <audetweld@nbnet.nb.ca> wrote in message > news:OZyzRwd0HHA.5160@TK2MSFTNGP05.phx.gbl... > >> Kerry Brown wrote: >> >>> You said that this: "Myth: Host-Based Firewalls Must Filter Outbound >>> Traffic to be Safe." was baloney. >> >> >> I never said that and don't attribute things that I have not said to >> me! Reread my post! >> >> I quoted this from the article: >> >> "Speaking of host firewalls, why is there so much noise about outbound >> filtering? Think for a moment about how ordinary users would interact >> with a piece of software that bugged them every time a program on >> their computer wanted to communicate with the Internet..." >> >> And I said that (quoted material) was baloney! A firewall monitoring >> outbound connections will ask you if you want to permanently allow or >> disallow the connection, you will not be "...bugged them every time a >> program on their computer wanted to communicate with the Internet...". >> That is false information in the article, and for some reason or other >> and for sometime now Microsoft has been trying to discredit *all* >> firewalls except its own. What is it that Microsoft is hiding? Why >> are they so adamant that users not be aware of outgoing connections on >> their computers? >> > > > That may have been what you intended to say but here is the the relevant > snippet from your post: > > -------------------------------------- > "> and scroll down to: > > Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. > > That article itself is baloney. It is true that any malware can > circumvent a firewall's outbound protection but it is also true that a > lot of malware is detected by firewall outbound monitoring. The > outbound monitoring also alerts you when otherwise legitimate software > is trying to call home. Perhaps you like it better when things like > Media player call home without your knowledge, a pesky annoyance that > you should be aware of things like that." > ----------------------------------------- > > It sure sounds to me like you are calling the whole article baloney. > > I don't presume to speak for Microsoft but personally I'm not hiding > anything. Software firewalls are a useful part of a layered security > setup. They can't be relied upon to protect you from malicious outbound > traffic. Anybody who says they can and tries to sell this to you is > deceiving you. They are selling snake oil. Software firewalls became > popular because the current versions of Windows at the time didn't have > any firewall. When XP came out with a firewall the vendors realized that > they had to give people a reason to keep buying their product. This is > when they started pushing the outbound monitoring features. Software > firewalls can, and most do, give you a level of protection against > inbound attacks from unsolicited traffic. That is all they are good for > as a defense against malware. Even that can't be relied on if something > does get inside the security perimeter. Once your security has been > breached you can no longer trust anything running on the computer. > Monitoring outbound traffic does have it's uses. One is as you say to > stop legitimate programs from making outbound connections that you don't > want. I don't know why Microsoft didn't include outbound monitoring in > the XP firewall. Personally I don't care as I believe it to be of > limited use anyway. Outbound monitoring is included in the Vista > firewall and many other Microsoft products like ISA server. > > This is obviously something I'm passionate about :-) Don't take it as > personal attack. Whenever I see a post espousing the usefulness of > software firewalls I am compelled to point out the fallacy of this > approach to security. To tell you the truth, Kerry, when a published article from a supposedly authoritative source contains even only one such blatant outright lie as the one in the above mentioned article, it casts doubts on the whole article, one cannot rely on anything said in the article because it is extremely prejudiced and tarnished by some of the false information it contains. Serious publishers, researchers or technical writers would automatically correct the false information or pull such flawed articles. You won't see companies like Intel publishing seriously tarnished articles like the one above. As for "espousing the usefulness of software firewalls", if they are so useless why did Microsoft include one in XP SP2? I whole heartedly agree with you that some firewall vendors are making exaggerated claims in an attempt to sell their products and that some of the firewalls offered by some companies are crappy products, Microsoft too at times makes exaggerated claims to sell its products. But long before Windows XP and Windows 2000 even came out, many users were using firewalls, several *very* good, free personal firewalls were available and were being used to protect computers from outside attacks. Microsoft invented nothing new with its firewall. Companies like Kerio and Sygate made good free firewalls long before Microsoft decided that it could no longer ship its operating systems without basic firewall protection, some companies still make good free firewalls. That there are shoddy products out there is a fact, but outbound traffic detection has *always* been one of the tasks that any good firewall does and there is no reason to label all firewalls that do this as *useless* products and there are even fewer reasons to label such a feature as a *useless* feature. Firewalls do not only deal with malware, they deal with *all* traffic, inbound and outbound, and with *all* applications. If the firewall doesn't do outbound monitoring then novice users are left on their own to try and detect these things, with outbound connection monitoring even advanced experienced users are sometimes surprised to find out that certain applications are trying to establish outbound connections. Sure, there are all kinds of malware that can circumvent this monitoring, things like rootkits and what not can easily get around firewalls. That is beside the point, firewalls are not and were never meant to be used as virus or rootkit detectors, you need special tools to detect and deal with those insidious pests. Anti virus software cannot detect all or some of those pests and that is what they are supposed to do. Should we tar all AV software as useless because they can't detect rootkits? Strange that most persons would say no but that they would then insist that firewalls that monitor outbound traffic are devilishly bad because they can't detect those same rootkits or pests. I understand that you are passionate on this subject and I don't take your posts and comments as personal attacks. I hope that you don't take mine as personal attacks against you or anyone else. I too am passionate on the issue and I don't like it when good products are all tarred at the same time with a wide brush. I am also passionate when I read posts saying that outbound traffic monitoring is completely useless or that it is completely unnecessary because users should not be concerned about outbound traffic on their computers, the logic being that only sloppy uninformed users have applications that call home, or that you should not be concerned about legitimate applications that might be calling home even if they have absolutely no valid reason to do so. I am somewhat vindicated by the fact that Microsoft thought that this feature was useful enough to be included it in its Vista firewall. John
Guest Gary S. Terhune Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? Thank you. Strangely enough, when I tried Help on those two apps, the pages all failed to load. Go figure. -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "John John" <audetweld@nbnet.nb.ca> wrote in message news:%23j7WwIl0HHA.3400@TK2MSFTNGP03.phx.gbl... > Preocess Explorer and Autoruns are two that do. > > John > > Gary S. Terhune wrote: > >> What "help menu"? Hey, I just asked a question and I really want to know >> the answer. Which Sysinternal apps call home? I presume you know of at >> least some, or you wouldn't have made that statement. >>
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? The Autoruns 8.52 that I have here wants to connect to 207.46.197.16, port 80 or 142.176.121.13, port 80 or others in these ranges. Same kind of thing with the newer versions of Process Explorer. John Gary S. Terhune wrote: > Thank you. Strangely enough, when I tried Help on those two apps, the pages > all failed to load. Go figure. >
Guest Straight Talk Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? On Mon, 30 Jul 2007 09:43:12 -0300, John John <audetweld@nbnet.nb.ca> wrote: >Straight Talk wrote: >> On Sun, 29 Jul 2007 20:18:45 -0300, John John <audetweld@nbnet.nb.ca> >> wrote: >> >> >>>If you know how to internally stop the Sysinternal Help utilities from >>>calling home please post your findings here. >> >> >> It's not the app itself "phoning home". > >Yes it is. No. It's windows. And I provided you with a way to stop it. >If you use the help utility it calls an Akamai server. I >know why it's doing it So, why is it doing it? >and I am not saying that it is necessarily good >or bad. Hmm. If you don't consider it bad, what's the whole fuss? >The example was used to demonstrate that there *are* things >making outbound connections without users being aware. Of course. The net is a resource like anything else. Soon you will see app's taking advantage of online services just like if they were a part of the app itself. >If the applications that we think of as "tame" are doing it you can be sure >that other not so tame applications may also be doing it. Your point being? >> Clearing the >> CodeBaseSearchPath key in the registry (Internet Settings) probably >> does the job. But maybe it's not such a good idea after all. >> >> Anyway, if you had taken the time to packet sniff the "phoning home" >> instead of letting your PFW drive you paranoid, you would probably >> have realized that it's no big deal and that this big scary MS thingy >> isn't really spying on you. > >Once again, I know what it is doing That wasn't my impression. >and I am not saying that anyone is spying, that is not the point. Then what was your point of going "are you aware that sysinternals utilities phone home"? >The point is that Microsoft and many >others are consistently saying that monitoring outbound connection is a >useless firewall feature for *any* reason. That's actually not what they are saying. Do some more research. > I disagree with that. All good firewalls have outbound connection >monitoring available, the Microsoft XP firewall doesn't. *sigh* >When users made mention of this, or if >they asked why it wasn't available, the response from Microsoft and its >fans was to embark on a campaign of discrediting all firewalls that do >outbound monitoring and to claim the feature as absolutely useless. >When that tactic failed they then decided that anyone who even suggests >that the firewall should do outbound monitoring should be immediately >clobbered, it may keep some people quiet but it won't keep me quiet. >Microsoft customers spoke and asked a valid question. Instead of >Microsoft saying something as simple as: "We have received requests for >this feature and are investigating the possibility of including it in a >future update", they decided that it was best to kill the messengers >and to proclaim their firewall as superior to all others. More *sigh* >>>I would also like to hear your advice and solutions as to port monitoring >>>and outbound traffic in general on Windows operating systems. >> >> >> App's like CurrPorts and WireShark come to mind. > >Brilliant. Give that to novice users. BS argument. A novice user with no basic networking knowledge isn't able to properly configure any packet filter whatsoever. >Instead of having the firewall do what firewalls usually do What exactly do *real* firewalls usually do? They definitely *don't* run on an insecure platform together with all kinds of other stuff under the control of a clueless user with unrestricted rights!! Calling PFW's firewalls in the first place is an insult to real firewalls. They are host based packet filters. >have the users dig about and find utilities >on their own to do the job! One can't "get the job done" until one understands it. That's why novice users should stick to the windows firewall. It's on by default, it works, and it requires no further action - which is about the maximum you can expect from a novice user. >And for your information you don't have to >go out of the Microsoft stable to find port monitoring tools. I know that perfectly well. I just mentioned some of my favorites. >>>Should users follow your advice and ignore all outbound traffic? >> >> >> Users should think twice before installing all kinds of stuff. And >> they should not let PFW's drive them paranoid. Problem is, neither the >> PFW nor the user understands what's happening. I've seen users freak >> out about app's "phoning home" to IP address 127.0.0.1 > >More BS. There are all kinds of computer users and computer users do >all kinds of things. Good firewalls know what is going on Now, THAT is BS, right there. These firewalls have, for obvious reasons, NO idea what's going on, which is why they have to ask the user. >and most seasoned users know what the loopback address is. But novice users don't. The fact that PFW's even provide pop-up messages about the loopback interface shows the developers lack of competence. >The simple fact that the extra ability to detect outbound connections can be a useful >firewall feature is something that guys like you are insisting on >denying. Wrong. You simply fail to get the big picture. >You are on a campaign to discredit this as a useful feature, >but you offer no simple, easy way or alternative for users to even have >basic outbound connection monitoring. If so, you and your PFW followers are on a campaign of making clueless users believe in hype and astrology-like pseudo security. >> However, there won't be much inter netting without allowing outbound >> traffic. > >No there won't be. But that doesn't mean that everything installed on a >computer should be calling out and it doesn't mean that firewalls that >help identifying those "call home" utilities are bad, useless firewalls! Depends. If it provides a false sense of security, it's very bad. If it's misconfigured by clueless users, it's very bad. If it interferes with what the user is trying to achieve, and the user doesn't understand why, it's very bad. Since it mostly doesn't mean more to users than that they will temporarily switch it off if something doesn't work, it's very bad. If it adds further vulnerabilities to a system, it's very very bad. > If that is the case then why would Microsoft include such a useless >feature in its newest flagship operating system? They have already explained why. You need to catch up. >And then insist that it is useless for XP users? Could it be that Vista provides a slightly better foundation for doing so?
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Straight Talk wrote: > On Mon, 30 Jul 2007 09:43:12 -0300, John John <audetweld@nbnet.nb.ca> > wrote: > > >>Straight Talk wrote: >> >>>On Sun, 29 Jul 2007 20:18:45 -0300, John John <audetweld@nbnet.nb.ca> >>>wrote: >>> >>> >>> >>>>If you know how to internally stop the Sysinternal Help utilities from >>>>calling home please post your findings here. >>> >>> >>>It's not the app itself "phoning home". >> >>Yes it is. > > > No. It's windows. You don't know what you are talking about, why don't you monitor one of the apps and find out what is going on. It isn't Windows doing the calling it's the application itself. Being that you are so smart and that I know nothing you should at least do a few tests before you post about things you pretend to know of. John
Guest Straight Talk Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? On Mon, 30 Jul 2007 11:45:21 -0300, John John <audetweld@nbnet.nb.ca> wrote: >To tell you the truth, Kerry, when a published article from a supposedly >authoritative source contains even only one such blatant outright lie as >the one in the above mentioned article, What lie? >it casts doubts on the whole >article, one cannot rely on anything said in the article because it is >extremely prejudiced and tarnished by some of the false information it >contains. What false information? > Serious publishers, researchers or technical writers would >automatically correct the false information or pull such flawed >articles. You won't see companies like Intel publishing seriously >tarnished articles like the one above. > >As for "espousing the usefulness of software firewalls", if they are so >useless why did Microsoft include one in XP SP2? Inbound control was never useless. It's the outbound control that's so questionable. >I whole heartedly agree with you that some firewall vendors are making >exaggerated claims in an attempt to sell their products and that some of the firewalls >offered by some companies are crappy products, Microsoft too at times >makes exaggerated claims to sell its products. But long before Windows >XP and Windows 2000 even came out, many users were using firewalls, >several *very* good, free personal firewalls were available and were >being used to protect computers from outside attacks. Yes. From *outside* attacks. No one questions that they did a good job there. But the market for PFW's arose only because MS made the big mistake of shipping windows with exposed network services. >Microsoft invented nothing new with its firewall. Wrong. >Companies like Kerio and Sygate made good free firewalls This just shows that you don't know what you're talking about. SyGate didn't even follow the most basic security recommendations from MS, thereby making your system even more vulnerable. >long before Microsoft decided that >it could no longer ship its operating systems without basic firewall >protection, some companies still make good free firewalls. That there >are shoddy products out there is a fact, but outbound traffic detection >has *always* been one of the tasks that any good firewall does and there >is no reason to label all firewalls that do this as *useless* products >and there are even fewer reasons to label such a feature as a *useless* >feature. >Firewalls do not only deal with malware, they deal with *all* >traffic, inbound and outbound, and with *all* applications. And this is where your argument looses completely. >If the firewall doesn't do outbound monitoring then novice users are left on >their own to try and detect these things, with outbound connection >monitoring even advanced experienced users are sometimes surprised to >find out that certain applications are trying to establish outbound >connections. > >Sure, there are all kinds of malware that can circumvent this >monitoring, things like rootkits and what not can easily get around >firewalls. Root kits aren't meant to get around firewalls. >That is beside the point, firewalls are not and were never >meant to be used as virus or rootkit detectors, you need special tools >to detect and deal with those insidious pests. BS. You are right that they weren't meant to *detect* these pests. But being able to block their attempts to call home is *exactly* what PFW vendors have claimed their products would do. >Anti virus software cannot detect all or some of those pests and that is what they are >supposed to do. >Should we tar all AV software as useless because they >can't detect rootkits? Strange that most persons would say no but that >they would then insist that firewalls that monitor outbound traffic are >devilishly bad because they can't detect those same rootkits or pests. There's a big difference between anti-virus meant to stop a baddie before it's allowed to run and outbound control meant to deal with the baddie after it's too late. >I understand that you are passionate on this subject and I don't take >your posts and comments as personal attacks. I hope that you don't take >mine as personal attacks against you or anyone else. I too am >passionate on the issue and I don't like it when good products are all >tarred at the same time with a wide brush. I am also passionate when I >read posts saying that outbound traffic monitoring is completely useless >or that it is completely unnecessary because users should not be >concerned about outbound traffic on their computers, the logic being >that only sloppy uninformed users have applications that call home, or >that you should not be concerned about legitimate applications that >might be calling home even if they have absolutely no valid reason to do >so. I am somewhat vindicated by the fact that Microsoft thought that >this feature was useful enough to be included it in its Vista firewall. I'm passionate on the issue too and don't like when the WF is labeled as useless just because it doesn't implement useless trials to control outbound connections.
Guest Straight Talk Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? On Mon, 30 Jul 2007 14:02:49 -0300, John John <audetweld@nbnet.nb.ca> wrote: >You don't know what you are talking about, why don't you monitor one of >the apps and find out what is going on. That's what I did. >It isn't Windows doing the >calling it's the application itself. Being that you are so smart and >that I know nothing you should at least do a few tests before you post >about things you pretend to know of. It's pretty obvious who doesn't know what he's talking about....
Guest John John Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine whatit is? Re: Unknown download activity in background - how to determine whatit is? Straight Talk wrote: > On Mon, 30 Jul 2007 14:02:49 -0300, John John <audetweld@nbnet.nb.ca> > wrote: > > >>You don't know what you are talking about, why don't you monitor one of >>the apps and find out what is going on. > > > That's what I did. You did no such thing with the newer Sysinternal apps mentioned elsewhere, if you had you would have seen that the utilities establish outbound connections if you use the help files. Why and for what reasons you now chose to post lies is something that only you know. Being that you now insist on lying my discussion with you is over. John
Guest Straight Talk Posted July 30, 2007 Posted July 30, 2007 Re: Unknown download activity in background - how to determine what it is? On Mon, 30 Jul 2007 16:37:59 -0300, John John <audetweld@nbnet.nb.ca> wrote: >Straight Talk wrote: > >> On Mon, 30 Jul 2007 14:02:49 -0300, John John <audetweld@nbnet.nb.ca> >> wrote: >> >> >>>You don't know what you are talking about, why don't you monitor one of >>>the apps and find out what is going on. >> >> >> That's what I did. > >You did no such thing with the newer Sysinternal apps mentioned >elsewhere, Yes, I did. >if you had you would have seen that the utilities establish >outbound connections if you use the help files. Yes, that what it looks like. However, it's actually a windows issue. How will you otherwise explain that changing the Internet settings in the registry fixes it? >Why and for what reasons you now chose to post lies is something that only >you know. Being that you now insist on lying my discussion with you is over. You are either pathetic or just trolling.
Recommended Posts