Vista Forums - View Single Post

08-15-2007

Thanks for the Firewall 101. However, how do you explain applications
starting up randomly and my Wi-Fi access turning on randomly when I leave my
device connected to the Internet?

JJ

"Steve Riley [MSFT]" wrote:

> Folks, let's review what a firewall is supposed to do.
>
> Consider desktop (meaning not Mobile) Windows. Its IP stack has a number of
> listening sockets--ports that are open and waiting for incoming connections.
> For instance: RPC portmapper on 135/tcp, various NetBIOS components on
> 137/udp and 138/udp and 139/tcp, plus a few others.
>
> If you connect this computer to the Internet, you really don't want it to
> accept any incoming connections on these ports. The purpose of a firewall is
> to block unsolicited inbound traffic. Without a firewall, you have no
> control over what someone might hurl at your network connection. A firewall
> gives you this control. When the firewall is configured, the only traffic
> that enters your computer is reply traffic to outbound requests. (Plus, you
> could write rules to permit inbound traffic to certain ports, if you want.)
>
> What if the IP stack had *no* listening sockets? Well, that stack wouldn't
> need a firewall. There's nothing there for a firewall to protect. Firewalls
> protect stacks by blocking inbound traffic to listening sockets. If there
> are no listening sockets, firewalls are useless.
>
> The stack in Windows Mobile is this kind of stack. It has no listening
> sockets. The only traffic that enters the stack is reply traffic--which all
> firewalls permit anyway. Because of its design, the Windows Mobile stack
> doesn't require a firewall. Save your money (and memory and CPU
> power)--don't install one.
>
> JJ, a firewall isn't a panacea. It can't stop every kind of attack. I can't
> comment on the troubles that you seem to be having (and, like the others
> here, my WM device is always connected to the network and hasn't had a
> single problem) -- but I can assure you that a firewall wouldn't have
> helped.
>
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
>
>
> "Jorge" <Jorge@discussions.microsoft.com> wrote in message
> news:537A36E4-3BEB-48CE-B6C9-7A5C8D584892@microsoft.com...
> > Agree... I don´t know how Windows mobile implements tcp/ip security, but
> > it
> > should implement some kind of firewall.
> >
> > If it has or not, I don't know. However, most development is done on .net
> > which is a less vulnerable platform to be succesfully "hacked" from
> > outsiders.
> >
> > If your wireless is on, it will still drain your battery... The firewall
> > should check if packages are allowed or not.
> >
> > Here is something you may want to look at. Just did a google search.
> >
> > http://www.mobilearmor.com
> >
> > "JJ" wrote:
> >
> >> I bought a Windows Mobile 5 device since the only carrier that had a
> >> Windows
> >> Mobile 6 device did not have Wi-Fi capability on that device (at least,
> >> at
> >> the time I bought my device).
> >>
> >> All carriers in Canada still sell Windows Mobile 5 devices.
> >>
> >> And the attack surface shouldn't be the criteria that warrants a
> >> firewall.
> >> Any device connected to the Internet must be protected by a firewall.
> >>
> >> JJ
> >>
> >> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
> >>
> >> > At this point in time the attack surface of such a device is such that
> >> > you are probably the one and only person I've ever seen report
> >> > "intrusions" on such a device.
> >> >
> >> > Even Fsecure that has a a/v for mobile apps have stated that they've
> >> > not
> >> > seen many in the wild (if at all that I recall)
> >> >
> >> > The best way to prove true "intrusions" is to fire up some sort of
> >> > packet sniffer.
> >> >
> >> > Furthermore WinMobile 6 is out. 5 is now out of date.
> >> >
> >> > JJ wrote:
> >> > > OK. While I was connected to the Internet with the always-on
> >> > > connection at
> >> > > first(rather than Wi-Fi), the intrusions would start up applications
> >> > > on my
> >> > > device, start-up Wi-Fi access, which caused the battery level to
> >> > > drop, etc.
> >> > >
> >> > > Are those intrusions adequate to warrant your support?
> >> > >
> >> > > And even if the attacks did not occur, which they did, I would still
> >> > > blame
> >> > > Microsoft for not bundling a firewall with Windows Mobile 2005.
> >> > >
> >> > > "Alun Jones" wrote:
> >> > >
> >> > >> I think Paul's point was to ask you to be specific about one or more
> >> > >> such
> >> > >> "attacks".
> >> > >>
> >> > >> So far, all you've said is that something vague has happened, and
> >> > >> you blame
> >> > >> Microsoft. You're apparently looking for support in your aspersions,
> >> > >> which
> >> > >> is something that most people will only give if they have
> >> > >> information to
> >> > >> start from.
> >> > >>
> >> > >> Alun.
> >> > >> ~~~~
> >> > >>
> >> > >> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> > >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
> >> > >>> Well, I would call any intrusion into my Windows Mobile device an
> >> > >>> attack.
> >> > >>> Wouldn't you?
> >> > >>>
> >> > >>> "Paul Smith" wrote:
> >> > >>>
> >> > >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> > >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
> >> > >>>>
> >> > >>>>> I recently bought a Windows Mobile 2005 device. I use it to
> >> > >>>>> connect to
> >> > >>>>> the
> >> > >>>>> Internet and check my email, check stock quotes, etc. And I was
> >> > >>>>> attacked
> >> > >>>>> every time I connected. So, I've now disabled the Internet
> >> > >>>>> connection
> >> > >>>>> feature
> >> > >>>>> that comes with the device and only use Wi-Fi to connect. This
> >> > >>>>> way, I
> >> > >>>>> don't
> >> > >>>>> have an always-on connection to the Internet. I can turn off
> >> > >>>>> Wi-Fi
> >> > >>>>> access
> >> > >>>>> when I don't need it.
> >> > >>>> What do you mean you were "attacked"?
> >> > >>>>
> >> > >>>> --
> >> > >>>> Paul Smith,
> >> > >>>> Yeovil, UK.
> >> > >>>> Microsoft MVP Windows Shell/User.
> >> > >>>> http://www.dasmirnov.net/blog/
> >> > >>>> http://www.windowsresource.net/
> >> > >>>>
> >> > >>>> *Remove nospam. to reply by e-mail*
> >> > >>>>
> >> > >>>>
> >> > >>>>
> >> > >>
> >> > >>
> >> >

08-15-2007	#15 (permalink)
JJ n/a posts	Re: Microsoft's security initiatives Thanks for the Firewall 101. However, how do you explain applications starting up randomly and my Wi-Fi access turning on randomly when I leave my device connected to the Internet? JJ "Steve Riley [MSFT]" wrote: > Folks, let's review what a firewall is supposed to do. > > Consider desktop (meaning not Mobile) Windows. Its IP stack has a number of > listening sockets--ports that are open and waiting for incoming connections. > For instance: RPC portmapper on 135/tcp, various NetBIOS components on > 137/udp and 138/udp and 139/tcp, plus a few others. > > If you connect this computer to the Internet, you really don't want it to > accept any incoming connections on these ports. The purpose of a firewall is > to block unsolicited inbound traffic. Without a firewall, you have no > control over what someone might hurl at your network connection. A firewall > gives you this control. When the firewall is configured, the only traffic > that enters your computer is reply traffic to outbound requests. (Plus, you > could write rules to permit inbound traffic to certain ports, if you want.) > > What if the IP stack had no listening sockets? Well, that stack wouldn't > need a firewall. There's nothing there for a firewall to protect. Firewalls > protect stacks by blocking inbound traffic to listening sockets. If there > are no listening sockets, firewalls are useless. > > The stack in Windows Mobile is this kind of stack. It has no listening > sockets. The only traffic that enters the stack is reply traffic--which all > firewalls permit anyway. Because of its design, the Windows Mobile stack > doesn't require a firewall. Save your money (and memory and CPU > power)--don't install one. > > JJ, a firewall isn't a panacea. It can't stop every kind of attack. I can't > comment on the troubles that you seem to be having (and, like the others > here, my WM device is always connected to the network and hasn't had a > single problem) -- but I can assure you that a firewall wouldn't have > helped. > > Steve Riley > steve.riley@microsoft.com > http://blogs.technet.com/steriley > > > "Jorge" <Jorge@discussions.microsoft.com> wrote in message > news:537A36E4-3BEB-48CE-B6C9-7A5C8D584892@microsoft.com... > > Agree... I don´t know how Windows mobile implements tcp/ip security, but > > it > > should implement some kind of firewall. > > > > If it has or not, I don't know. However, most development is done on .net > > which is a less vulnerable platform to be succesfully "hacked" from > > outsiders. > > > > If your wireless is on, it will still drain your battery... The firewall > > should check if packages are allowed or not. > > > > Here is something you may want to look at. Just did a google search. > > > > http://www.mobilearmor.com > > > > "JJ" wrote: > > > >> I bought a Windows Mobile 5 device since the only carrier that had a > >> Windows > >> Mobile 6 device did not have Wi-Fi capability on that device (at least, > >> at > >> the time I bought my device). > >> > >> All carriers in Canada still sell Windows Mobile 5 devices. > >> > >> And the attack surface shouldn't be the criteria that warrants a > >> firewall. > >> Any device connected to the Internet must be protected by a firewall. > >> > >> JJ > >> > >> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote: > >> > >> > At this point in time the attack surface of such a device is such that > >> > you are probably the one and only person I've ever seen report > >> > "intrusions" on such a device. > >> > > >> > Even Fsecure that has a a/v for mobile apps have stated that they've > >> > not > >> > seen many in the wild (if at all that I recall) > >> > > >> > The best way to prove true "intrusions" is to fire up some sort of > >> > packet sniffer. > >> > > >> > Furthermore WinMobile 6 is out. 5 is now out of date. > >> > > >> > JJ wrote: > >> > > OK. While I was connected to the Internet with the always-on > >> > > connection at > >> > > first(rather than Wi-Fi), the intrusions would start up applications > >> > > on my > >> > > device, start-up Wi-Fi access, which caused the battery level to > >> > > drop, etc. > >> > > > >> > > Are those intrusions adequate to warrant your support? > >> > > > >> > > And even if the attacks did not occur, which they did, I would still > >> > > blame > >> > > Microsoft for not bundling a firewall with Windows Mobile 2005. > >> > > > >> > > "Alun Jones" wrote: > >> > > > >> > >> I think Paul's point was to ask you to be specific about one or more > >> > >> such > >> > >> "attacks". > >> > >> > >> > >> So far, all you've said is that something vague has happened, and > >> > >> you blame > >> > >> Microsoft. You're apparently looking for support in your aspersions, > >> > >> which > >> > >> is something that most people will only give if they have > >> > >> information to > >> > >> start from. > >> > >> > >> > >> Alun. > >> > >> ~~~~ > >> > >> > >> > >> "JJ" <JJ@discussions.microsoft.com> wrote in message > >> > >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com... > >> > >>> Well, I would call any intrusion into my Windows Mobile device an > >> > >>> attack. > >> > >>> Wouldn't you? > >> > >>> > >> > >>> "Paul Smith" wrote: > >> > >>> > >> > >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message > >> > >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com... > >> > >>>> > >> > >>>>> I recently bought a Windows Mobile 2005 device. I use it to > >> > >>>>> connect to > >> > >>>>> the > >> > >>>>> Internet and check my email, check stock quotes, etc. And I was > >> > >>>>> attacked > >> > >>>>> every time I connected. So, I've now disabled the Internet > >> > >>>>> connection > >> > >>>>> feature > >> > >>>>> that comes with the device and only use Wi-Fi to connect. This > >> > >>>>> way, I > >> > >>>>> don't > >> > >>>>> have an always-on connection to the Internet. I can turn off > >> > >>>>> Wi-Fi > >> > >>>>> access > >> > >>>>> when I don't need it. > >> > >>>> What do you mean you were "attacked"? > >> > >>>> > >> > >>>> -- > >> > >>>> Paul Smith, > >> > >>>> Yeovil, UK. > >> > >>>> Microsoft MVP Windows Shell/User. > >> > >>>> http://www.dasmirnov.net/blog/ > >> > >>>> http://www.windowsresource.net/ > >> > >>>> > >> > >>>> Remove nospam. to reply by e-mail > >> > >>>> > >> > >>>> > >> > >>>> > >> > >> > >> > >> > >> >
My System Specs