View Single Post
  #37  
Old March 3rd 12, 08:55 PM posted to microsoft.public.win98.gen_discussion
Lostgallifreyan
external usenet poster
 
Posts: 1,562
Default How to gain access to websites that require latest Java installed

98 Guy wrote in :

There I'd rather tend to disagree with you, or at least I don't
like being called a control freak.



No-one who isn't ever gets any good at coding. It's just a matter of where we
exert the control. So if a computer user gets called a 'control freak', they
should take it as a compliment unless the person putting the charge is busy
trying to make others see the world from a viewpoint other than their own.

I don't think it's unreasonable to want to know when something I've
legitimately installed is trying to use the internet -


That's fine. But don't confuse or associate the software firewall with
part of the security aspect of a system when you're using it more for
it's administrative or system-awareness / monitoring functionality.

..
..
Because while it doesn't hurt to monitor outgoings from legit software,
it really doesn't help to do so either. (and all the while it does take
a cut out of your computer's performance to run the firewall).


LnS takes just 0.05% average of CPU time waiting for a signal from its XVD
driver. I got Opera to go to Youtube, usually full of links off-page to other
stuff) and while Opera chewed 84%+, and momentarily drove the machine into
unresponsive behaviour as th video loaded, LnS never saw a demand greater
than 0.8%. That's not a cut that would ever concern me.

An example of why I use it: I like Sound Forge v4.5. This program would
sometimes try to reach the net on loading. I don't consider it 'malicious' in
any way, but it is still a security issue. The reason is like that it is
reporting some memory dump after a failure of some kind, intended to make the
coders aware of trouble and fix it before anyone starts actually complaining.
There's no other reason for that program to have any sockets code in it at
all! Now I'm not concerned with what it's trying to report, and the address
it's trying to reach is likely long dead too. What matters is that when I use
the program for critical radio recordings or other audio work (its
reliability is why I use it), I like to know if there may be some flaw that
might risk a crash mid-session. As soon as I learned that Sound Forge was
likely to be reporting one, it permanently established a reason to keep
something that alerted me so I could relaunch or reboot before some long
session where reliability was extremely important. LnS was the only warning
method I had.

There's also a surprising amount of programs with sockets code in it, when no
overt need for it exists. perhaps it just got linked and compiled by coders
who didn't intend this, but again, whatever the reson, if that code gets
used, something like LnS might be the only way we'll know.

Never mind 'security', we need to be aware because otherwise we are in no fit
state to even decide if it IS a security issue or not.

It's also just as effective (and more efficient) to add a HOSTS file
entry for the offending site or host so that the software can't reach
the external machine.


A big hosts file can be a drain, as it gets scanned every time any socket is
used to connect to a remote host. A good firewall will be a lot more
efficient because it can be programmed by simple human decisions. I very
rarely have to change anythign in LnS, it really is a set-and-forget
firewall, that's one of the things people comment on when posting about it on
WIlder's security forums (which is where I first learned about it when
looking for something better than ZoneAlarm).

And what happens after you've been running your computer for a while and
you discover that NONE of your software is performing back-door internet
access? What then is the usefullness of continuing to have the firewall
running?


Strange assumption. People tend to try new software frequently. And plenty of
stuff (like that early Sound Forge that I like so much) does try to go
online, most likely to upload a log of some internal failure. There could be
many reasons. I guess it all comes down to whether you're the kind of person
who likes to look both ways when crossing roads, or not. It's not an
expensive habit.

And again, a simple HOSTS file entry can achieve the same purpose as the
firewall would have - to prevent a given program from being able to
contact a specific host.


Now how would you KNOW what remote address some unexplained and unexpected
outbound was headed for unless you had something like LnS to tell you? Given
that the watcher on my gate only wants about 0.05% of machine time, and will
throw in an actual rugby tackle for free when required, I'd say that managing
a hosts file was a real annoyance in comparison, and is also redundant under
the circumstances.

It's never irrational to assert logic and facts into a discussion.


Kind of why I just said that...