[ale] Free, trustworthy, anti-virus software

Greg Freemyer greg.freemyer at gmail.com
Wed Jul 21 16:40:35 EDT 2010


One of the main uses for a Windows Software firewall is watching
inbound/outbound connections created by malware.

Most currently use outbound only connections to talk to a command and
control computer out on the Internet somewhere.

So a piece of malware infects your machine and starts talking to that
machine via the outside world.

A good windows firewall will pop-up and say "Executable 'asdf.exe' is
asking to access the Internet.   Allow once, Allow always, Deny".

So if you're working away on your email and that pops up, you know you
were just infected.

Or at least that's the theory.  I've seen lots of those pop-ups where
I knew exactly why 'asdf.exe' was accessing the Internet.  But I've
never had it happen due to a real malware situation, so I have no idea
how well it works at actually fighting malware.

Greg

On Wed, Jul 21, 2010 at 4:18 PM, Michael Trausch <mike at trausch.us> wrote:
> Right... but what svcs are you runnning that you'd need to FW on a pubnet? I
> guess I just don't get it; I run such things on 127.0.0.0/24 if needed.
>
> --
> Sent from my HTC Dream---Running Froyo!
> Thanks, @cyanogen!
>
> On Jul 21, 2010 4:15 PM, "Jim Lynch" <ale_nospam at fayettedigital.com> wrote:
>> Michael Trausch wrote:
>>>
>>> Perhaps y'all can help me to understand something: what good does a
>>> software "firewall" do on Windows? They can be easily programmatically
>>> disabled by stealth software, so I fail to see the point. Seems to me
>>> that its better to whitelist the outbound connections by destination
>>> port on a real firewall at the network edge, since most baddies will
>>> use non-standard ports anyway.
>>>
>> That's fine and perfectly acceptable for a home installation, however
>> when I go on the road with my laptop, I'm not likely to take a router or
>> other hardware firewall with me.
>>
>> Jim.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list