BIG SURPRISE: Not safe to use Windows today.
Registered User
Joined: Jan 2004
Posts: 4,938
Likes: 0
From: limerick
Originally Posted by PeaceLove&S2K,Jan 3 2006, 10:40 PM
So... your posts more or less made sense up till here (or at least up until this one, I couldn't outright say they were baseless, not being too familiar with DEP etc).
But how would you suggest configuring such a firewall? You'd have to write a firewall that understand the HTTP protocol, and knows to block when your machine requests a WMF file. Then of course, someone could make you download via FTP, so your firewall would need to understand that too.
But what if it comes as an e-mail attachment?
Is your firewall supposed to inspect every byte in every packet that comes into your computer, searching for what resembles a WMF file header?
I just can't see such a solution working.
And in all honesty, while I'm not sure about the DEP solution, I'm not even sure if that'll work. I haven't seen any information that suggests that this is a buffer overrun type problem yet. Did you try enabling DEP and clicking on Jason's link btw?
But how would you suggest configuring such a firewall? You'd have to write a firewall that understand the HTTP protocol, and knows to block when your machine requests a WMF file. Then of course, someone could make you download via FTP, so your firewall would need to understand that too.
But what if it comes as an e-mail attachment?
Is your firewall supposed to inspect every byte in every packet that comes into your computer, searching for what resembles a WMF file header?
I just can't see such a solution working.
And in all honesty, while I'm not sure about the DEP solution, I'm not even sure if that'll work. I haven't seen any information that suggests that this is a buffer overrun type problem yet. Did you try enabling DEP and clicking on Jason's link btw?
Thread Starter
Registered User
Joined: Mar 2005
Posts: 16,702
Likes: 0
From: █ SF, CA █
Originally Posted by exceltoexcel,Jan 4 2006, 06:17 AM
That wouldn't be the case if they were using a hyper-threading processor
I am definitely not willing to say hardware needs to be < 2.5 years old to not be considered obsolete for most desktop use(I use a MUCH older system at home with no problems).
Thread Starter
Registered User
Joined: Mar 2005
Posts: 16,702
Likes: 0
From: █ SF, CA █
Originally Posted by exceltoexcel,Jan 4 2006, 06:21 AM
Actually it's quite easy.
Another approach is to only allow you to visit a list of approved sites or restrict access to some sites. I was with a stock trading firm that did it the 2nd way. You couldn't even go to yahoo mail or gmail, etc etc.
You have the mind of a criminal 
Yeah you're correct. Didn't think of that
Joined: Jul 2002
Posts: 19,257
Likes: 19
From: San Diego, CA
Originally Posted by jasonw,Jan 4 2006, 12:46 AM
It is possible for a firewall to understand HTTP, FTP(This is actually very useful), SMTP, etc, etc. It just takes more processing power. Then again, the data may be encrypted...
I would not call this a solution though. Only a workaround like the steps I posted for disabling the DLL. You are sacrificing part of the product's functionality. It would be like Honda saying not to rev the S2000 > 6,000 rpms to prevent a scorched #1 cylinder. Sure, it may prevent the problem. But that would also be a workaround and not a solution. A solution lets you use the product as it is intended while fixing the defect.
I would not call this a solution though. Only a workaround like the steps I posted for disabling the DLL. You are sacrificing part of the product's functionality. It would be like Honda saying not to rev the S2000 > 6,000 rpms to prevent a scorched #1 cylinder. Sure, it may prevent the problem. But that would also be a workaround and not a solution. A solution lets you use the product as it is intended while fixing the defect.
I use iptables, which I'm pretty sure allows me to do pretty much anything. And I know I sure as heck am not going to spend any time trying to figure out how to modify my firewall rules to try and detect incoming WMF files.
Thread Starter
Registered User
Joined: Mar 2005
Posts: 16,702
Likes: 0
From: █ SF, CA █
Originally Posted by PeaceLove&S2K,Jan 4 2006, 12:18 PM
I use iptables, which I'm pretty sure allows me to do pretty much anything.
I'm actually too lazy to do that at home. And just let my netgear take care of it.
Joined: Oct 2001
Posts: 5,729
Likes: 2
Originally Posted by exceltoexcel,Dec 30 2005, 06:44 PM
Funny how people don't know there asses from the preverbal hole in the ground.
There - I see trees over there.
They're - They're running too quickly.
Their - Funny how people don't know their asses from the proverbial...
Preverbal = not yet containing the ability to speak.
Proverbial = of, or pertaining to, a proberb.
It's happened to me, but it's something everyone should know.
Registered User
Joined: Jan 2004
Posts: 4,938
Likes: 0
From: limerick
Thank's next time I'll make sure I footnote as well.
From my sig
Stolen from Vader because it applys to me.
* Disclaimer: All posts by this user will be filled with spelling and grammar mistakes. I am too lazy to spell check, proofread and can not look at the screen and type at the same time. Read at your own risk.
**Disclaimer II: Readers of posts on the internet may read a condescending tone that was unintended by the author and have hurt feelings when no malice exists. Author will try very hard in the future to make sure any intended condescension and malice are therefore painfully obvious. Please reread above post inserting soft soothing voice before becoming offended.
* Disclaimer: All posts by this user will be filled with spelling and grammar mistakes. I am too lazy to spell check, proofread and can not look at the screen and type at the same time. Read at your own risk.
**Disclaimer II: Readers of posts on the internet may read a condescending tone that was unintended by the author and have hurt feelings when no malice exists. Author will try very hard in the future to make sure any intended condescension and malice are therefore painfully obvious. Please reread above post inserting soft soothing voice before becoming offended.
Thread
Thread Starter
Forum
Replies
Last Post