Comments on May be it's just me: On hard disk erasures and calling home

My point has been (and is) that outbound blocking ...

2004-08-13T08:48:00.000+08:00

My point has been (and is) that outbound blocking is somethign that must have been done, regardless of the *possibility* that a user *may* run with system previleges, and the virus *may* turn of the firewall and so on. I just tried to explain that (and why) most outgoing callers do not necessarily do that. Even with admin rights, spyware will most probably stay out of the firewall tampering, to keep their legitimate mask on.

And what about all the computers that run *without* admin privileges?

By the way, not ALL the processes are admin-terminatable. Local Security Authentication Server for instance is a system process, and admin cannot terminate it either by task manager or by programs - except for a few bugs MS had there which allowed sasser to exploit windows systems.

You say:
>> Who's stupid? MS for creating a firewall or the users who runs as Admins?

Creating a firewall is a good thing. Running as admins is possibly stupid in case one doesn't know what one does. What about assuming that all users run as admins? lets break down:

There are two possibilities: The virus allways (with admin rights or not) terminates the firewall, or it does NOT.

In first case, having a firewall only protects the machine against attacks that come as inbound connections: well, this is still good, and I didn't say it's *bad*: i just said it's not good *enough* for a firewall and why it is not.

In the latter case, we miss a lot of functionality that must have been there. I detailed possible evils of outbound connections in my post. Giving a pistol to kill and elephant is still better than giving nothing, but I prefer a double barrel shot-gun.

Having said that, I stress on my view again, MS is NICE to give a firewall - but it's just better-than-nothing. Not as better as it could have been.

If you are still pondering: If a program is runni...

2004-08-12T19:31:00.000+08:00

If you are still pondering:

If a program is running under Admin privileges, you can do very little to stop it; it can format your harddrive (the ultimate) and everything else imaginable in-between : Turn off All Firewalls and Security Checks, disable Antivirus software, reset the registry or uninstall all anti-sypware apps, etc. There is absolutely no stopping.

So I still don't see your point in your original post: Better than nothing, but not good enough.

I repeat: If an application has Admin privileges, ...

2004-08-12T18:43:00.000+08:00

I repeat:
If an application has Admin privileges, there's no way you can stop it from formatting your hard disk.

You took that literally and went on and on on a obvious FYI lesson. Yes, no one would do that, but you completely missed the point. *sigh*

Let me put it in simple words:
No matter what-on-earth kind of firewall or whatever-you-call-it solution you have on your machine, any spywhere/virus can easily turn it off if you run with Admin privileges. Simple as that.

There is no workaround to stop this. If Windows allows the Admin - the real-blooded-human-admin to turn off the Firewall, so can a program.

You said:
"If MS assumes that majority of the users log-in as admin it's stupid because they have to accept that their firewall is just useless..."

Who's stupid? MS for creating a firewall or the users who runs as Admins?

Einstein said once: "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." And I'm afraid he's right...

It's sad to see that you have become just another whiner without giving in a Solution to the problem.