Vista Forums - View Single Post

08-15-2007

Like I said, I can't explain that--I've never seen such behavior myself, nor
have I heard of it before. Malware can enter a computer in many ways.
Firewalls are only one of many methods for defending a computer. But in the
case of Windows Mobile, firewalls are unnecessary because the kind of
defense they provide isn't required for that operating system.

Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley

"JJ" <JJ@discussions.microsoft.com> wrote in message
news:8E59FD50-041C-4504-BA5A-C909F71D4AE4@microsoft.com...
> Thanks for the Firewall 101. However, how do you explain applications
> starting up randomly and my Wi-Fi access turning on randomly when I leave
> my
> device connected to the Internet?
>
> JJ
>
> "Steve Riley [MSFT]" wrote:
>
>> Folks, let's review what a firewall is supposed to do.
>>
>> Consider desktop (meaning not Mobile) Windows. Its IP stack has a number
>> of
>> listening sockets--ports that are open and waiting for incoming
>> connections.
>> For instance: RPC portmapper on 135/tcp, various NetBIOS components on
>> 137/udp and 138/udp and 139/tcp, plus a few others.
>>
>> If you connect this computer to the Internet, you really don't want it to
>> accept any incoming connections on these ports. The purpose of a firewall
>> is
>> to block unsolicited inbound traffic. Without a firewall, you have no
>> control over what someone might hurl at your network connection. A
>> firewall
>> gives you this control. When the firewall is configured, the only traffic
>> that enters your computer is reply traffic to outbound requests. (Plus,
>> you
>> could write rules to permit inbound traffic to certain ports, if you
>> want.)
>>
>> What if the IP stack had *no* listening sockets? Well, that stack
>> wouldn't
>> need a firewall. There's nothing there for a firewall to protect.
>> Firewalls
>> protect stacks by blocking inbound traffic to listening sockets. If there
>> are no listening sockets, firewalls are useless.
>>
>> The stack in Windows Mobile is this kind of stack. It has no listening
>> sockets. The only traffic that enters the stack is reply traffic--which
>> all
>> firewalls permit anyway. Because of its design, the Windows Mobile stack
>> doesn't require a firewall. Save your money (and memory and CPU
>> power)--don't install one.
>>
>> JJ, a firewall isn't a panacea. It can't stop every kind of attack. I
>> can't
>> comment on the troubles that you seem to be having (and, like the others
>> here, my WM device is always connected to the network and hasn't had a
>> single problem) -- but I can assure you that a firewall wouldn't have
>> helped.
>>
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>>
>>
>> "Jorge" <Jorge@discussions.microsoft.com> wrote in message
>> news:537A36E4-3BEB-48CE-B6C9-7A5C8D584892@microsoft.com...
>> > Agree... I don´t know how Windows mobile implements tcp/ip security,
>> > but
>> > it
>> > should implement some kind of firewall.
>> >
>> > If it has or not, I don't know. However, most development is done on
>> > .net
>> > which is a less vulnerable platform to be succesfully "hacked" from
>> > outsiders.
>> >
>> > If your wireless is on, it will still drain your battery... The
>> > firewall
>> > should check if packages are allowed or not.
>> >
>> > Here is something you may want to look at. Just did a google search.
>> >
>> > http://www.mobilearmor.com
>> >
>> > "JJ" wrote:
>> >
>> >> I bought a Windows Mobile 5 device since the only carrier that had a
>> >> Windows
>> >> Mobile 6 device did not have Wi-Fi capability on that device (at
>> >> least,
>> >> at
>> >> the time I bought my device).
>> >>
>> >> All carriers in Canada still sell Windows Mobile 5 devices.
>> >>
>> >> And the attack surface shouldn't be the criteria that warrants a
>> >> firewall.
>> >> Any device connected to the Internet must be protected by a firewall.
>> >>
>> >> JJ
>> >>
>> >> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>> >>
>> >> > At this point in time the attack surface of such a device is such
>> >> > that
>> >> > you are probably the one and only person I've ever seen report
>> >> > "intrusions" on such a device.
>> >> >
>> >> > Even Fsecure that has a a/v for mobile apps have stated that they've
>> >> > not
>> >> > seen many in the wild (if at all that I recall)
>> >> >
>> >> > The best way to prove true "intrusions" is to fire up some sort of
>> >> > packet sniffer.
>> >> >
>> >> > Furthermore WinMobile 6 is out. 5 is now out of date.
>> >> >
>> >> > JJ wrote:
>> >> > > OK. While I was connected to the Internet with the always-on
>> >> > > connection at
>> >> > > first(rather than Wi-Fi), the intrusions would start up
>> >> > > applications
>> >> > > on my
>> >> > > device, start-up Wi-Fi access, which caused the battery level to
>> >> > > drop, etc.
>> >> > >
>> >> > > Are those intrusions adequate to warrant your support?
>> >> > >
>> >> > > And even if the attacks did not occur, which they did, I would
>> >> > > still
>> >> > > blame
>> >> > > Microsoft for not bundling a firewall with Windows Mobile 2005.
>> >> > >
>> >> > > "Alun Jones" wrote:
>> >> > >
>> >> > >> I think Paul's point was to ask you to be specific about one or
>> >> > >> more
>> >> > >> such
>> >> > >> "attacks".
>> >> > >>
>> >> > >> So far, all you've said is that something vague has happened, and
>> >> > >> you blame
>> >> > >> Microsoft. You're apparently looking for support in your
>> >> > >> aspersions,
>> >> > >> which
>> >> > >> is something that most people will only give if they have
>> >> > >> information to
>> >> > >> start from.
>> >> > >>
>> >> > >> Alun.
>> >> > >> ~~~~
>> >> > >>
>> >> > >> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> >> > >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
>> >> > >>> Well, I would call any intrusion into my Windows Mobile device
>> >> > >>> an
>> >> > >>> attack.
>> >> > >>> Wouldn't you?
>> >> > >>>
>> >> > >>> "Paul Smith" wrote:
>> >> > >>>
>> >> > >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> >> > >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>> >> > >>>>
>> >> > >>>>> I recently bought a Windows Mobile 2005 device. I use it to
>> >> > >>>>> connect to
>> >> > >>>>> the
>> >> > >>>>> Internet and check my email, check stock quotes, etc. And I
>> >> > >>>>> was
>> >> > >>>>> attacked
>> >> > >>>>> every time I connected. So, I've now disabled the Internet
>> >> > >>>>> connection
>> >> > >>>>> feature
>> >> > >>>>> that comes with the device and only use Wi-Fi to connect. This
>> >> > >>>>> way, I
>> >> > >>>>> don't
>> >> > >>>>> have an always-on connection to the Internet. I can turn off
>> >> > >>>>> Wi-Fi
>> >> > >>>>> access
>> >> > >>>>> when I don't need it.
>> >> > >>>> What do you mean you were "attacked"?
>> >> > >>>>
>> >> > >>>> --
>> >> > >>>> Paul Smith,
>> >> > >>>> Yeovil, UK.
>> >> > >>>> Microsoft MVP Windows Shell/User.
>> >> > >>>> http://www.dasmirnov.net/blog/
>> >> > >>>> http://www.windowsresource.net/
>> >> > >>>>
>> >> > >>>> *Remove nospam. to reply by e-mail*
>> >> > >>>>
>> >> > >>>>
>> >> > >>>>
>> >> > >>
>> >> > >>
>> >> >

08-15-2007	#18 (permalink)
Steve Riley [MSFT] n/a posts	Re: Microsoft's security initiatives Like I said, I can't explain that--I've never seen such behavior myself, nor have I heard of it before. Malware can enter a computer in many ways. Firewalls are only one of many methods for defending a computer. But in the case of Windows Mobile, firewalls are unnecessary because the kind of defense they provide isn't required for that operating system. Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley "JJ" <JJ@discussions.microsoft.com> wrote in message news:8E59FD50-041C-4504-BA5A-C909F71D4AE4@microsoft.com... > Thanks for the Firewall 101. However, how do you explain applications > starting up randomly and my Wi-Fi access turning on randomly when I leave > my > device connected to the Internet? > > JJ > > "Steve Riley [MSFT]" wrote: > >> Folks, let's review what a firewall is supposed to do. >> >> Consider desktop (meaning not Mobile) Windows. Its IP stack has a number >> of >> listening sockets--ports that are open and waiting for incoming >> connections. >> For instance: RPC portmapper on 135/tcp, various NetBIOS components on >> 137/udp and 138/udp and 139/tcp, plus a few others. >> >> If you connect this computer to the Internet, you really don't want it to >> accept any incoming connections on these ports. The purpose of a firewall >> is >> to block unsolicited inbound traffic. Without a firewall, you have no >> control over what someone might hurl at your network connection. A >> firewall >> gives you this control. When the firewall is configured, the only traffic >> that enters your computer is reply traffic to outbound requests. (Plus, >> you >> could write rules to permit inbound traffic to certain ports, if you >> want.) >> >> What if the IP stack had no listening sockets? Well, that stack >> wouldn't >> need a firewall. There's nothing there for a firewall to protect. >> Firewalls >> protect stacks by blocking inbound traffic to listening sockets. If there >> are no listening sockets, firewalls are useless. >> >> The stack in Windows Mobile is this kind of stack. It has no listening >> sockets. The only traffic that enters the stack is reply traffic--which >> all >> firewalls permit anyway. Because of its design, the Windows Mobile stack >> doesn't require a firewall. Save your money (and memory and CPU >> power)--don't install one. >> >> JJ, a firewall isn't a panacea. It can't stop every kind of attack. I >> can't >> comment on the troubles that you seem to be having (and, like the others >> here, my WM device is always connected to the network and hasn't had a >> single problem) -- but I can assure you that a firewall wouldn't have >> helped. >> >> Steve Riley >> steve.riley@microsoft.com >> http://blogs.technet.com/steriley >> >> >> "Jorge" <Jorge@discussions.microsoft.com> wrote in message >> news:537A36E4-3BEB-48CE-B6C9-7A5C8D584892@microsoft.com... >> > Agree... I don´t know how Windows mobile implements tcp/ip security, >> > but >> > it >> > should implement some kind of firewall. >> > >> > If it has or not, I don't know. However, most development is done on >> > .net >> > which is a less vulnerable platform to be succesfully "hacked" from >> > outsiders. >> > >> > If your wireless is on, it will still drain your battery... The >> > firewall >> > should check if packages are allowed or not. >> > >> > Here is something you may want to look at. Just did a google search. >> > >> > http://www.mobilearmor.com >> > >> > "JJ" wrote: >> > >> >> I bought a Windows Mobile 5 device since the only carrier that had a >> >> Windows >> >> Mobile 6 device did not have Wi-Fi capability on that device (at >> >> least, >> >> at >> >> the time I bought my device). >> >> >> >> All carriers in Canada still sell Windows Mobile 5 devices. >> >> >> >> And the attack surface shouldn't be the criteria that warrants a >> >> firewall. >> >> Any device connected to the Internet must be protected by a firewall. >> >> >> >> JJ >> >> >> >> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote: >> >> >> >> > At this point in time the attack surface of such a device is such >> >> > that >> >> > you are probably the one and only person I've ever seen report >> >> > "intrusions" on such a device. >> >> > >> >> > Even Fsecure that has a a/v for mobile apps have stated that they've >> >> > not >> >> > seen many in the wild (if at all that I recall) >> >> > >> >> > The best way to prove true "intrusions" is to fire up some sort of >> >> > packet sniffer. >> >> > >> >> > Furthermore WinMobile 6 is out. 5 is now out of date. >> >> > >> >> > JJ wrote: >> >> > > OK. While I was connected to the Internet with the always-on >> >> > > connection at >> >> > > first(rather than Wi-Fi), the intrusions would start up >> >> > > applications >> >> > > on my >> >> > > device, start-up Wi-Fi access, which caused the battery level to >> >> > > drop, etc. >> >> > > >> >> > > Are those intrusions adequate to warrant your support? >> >> > > >> >> > > And even if the attacks did not occur, which they did, I would >> >> > > still >> >> > > blame >> >> > > Microsoft for not bundling a firewall with Windows Mobile 2005. >> >> > > >> >> > > "Alun Jones" wrote: >> >> > > >> >> > >> I think Paul's point was to ask you to be specific about one or >> >> > >> more >> >> > >> such >> >> > >> "attacks". >> >> > >> >> >> > >> So far, all you've said is that something vague has happened, and >> >> > >> you blame >> >> > >> Microsoft. You're apparently looking for support in your >> >> > >> aspersions, >> >> > >> which >> >> > >> is something that most people will only give if they have >> >> > >> information to >> >> > >> start from. >> >> > >> >> >> > >> Alun. >> >> > >> ~~~~ >> >> > >> >> >> > >> "JJ" <JJ@discussions.microsoft.com> wrote in message >> >> > >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com... >> >> > >>> Well, I would call any intrusion into my Windows Mobile device >> >> > >>> an >> >> > >>> attack. >> >> > >>> Wouldn't you? >> >> > >>> >> >> > >>> "Paul Smith" wrote: >> >> > >>> >> >> > >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message >> >> > >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com... >> >> > >>>> >> >> > >>>>> I recently bought a Windows Mobile 2005 device. I use it to >> >> > >>>>> connect to >> >> > >>>>> the >> >> > >>>>> Internet and check my email, check stock quotes, etc. And I >> >> > >>>>> was >> >> > >>>>> attacked >> >> > >>>>> every time I connected. So, I've now disabled the Internet >> >> > >>>>> connection >> >> > >>>>> feature >> >> > >>>>> that comes with the device and only use Wi-Fi to connect. This >> >> > >>>>> way, I >> >> > >>>>> don't >> >> > >>>>> have an always-on connection to the Internet. I can turn off >> >> > >>>>> Wi-Fi >> >> > >>>>> access >> >> > >>>>> when I don't need it. >> >> > >>>> What do you mean you were "attacked"? >> >> > >>>> >> >> > >>>> -- >> >> > >>>> Paul Smith, >> >> > >>>> Yeovil, UK. >> >> > >>>> Microsoft MVP Windows Shell/User. >> >> > >>>> http://www.dasmirnov.net/blog/ >> >> > >>>> http://www.windowsresource.net/ >> >> > >>>> >> >> > >>>> Remove nospam. to reply by e-mail >> >> > >>>> >> >> > >>>> >> >> > >>>> >> >> > >> >> >> > >> >> >> >
My System Specs