OT: Trend Micro WFBS beta starting soon
- From: "Gregg Hill" <greggmhill at please do not spam me at yahoo dot com>
- Date: Tue, 30 Sep 2008 12:21:34 -0700
Hello!
Trend is starting the WFBS 5.1 beta soon. To all users who may want to
participate, please bring up the following issues that remain unresolved.
You can log in or register here:
https://www.trendbeta.com/login/register_en.php
1) Keystroke Encryption causes "abababab..." characters on remote systems
when using RWW or LogMeIn.
2) Pattern updating is not "network aware" and results in long delays before
getting pattern updates for laptops off the LAN. I reported it during
previous beta as "Laptop has been on the Internet on a different network for
six hours, and still shows old pattern 5.239.00 dated 2008-04-24. How about
you make pattern updating "network connection aware" so that as soon as it
sees a network connection, it automatically tries to update, whether on the
LAN via the server or remote in roaming mode via the Internet? Six hours
without an update is crazy!" The pattern file was several days old and did
not update until I rebooted the laptop again, and then only after 30
minutes.
3) When viewing the Live Status screen, it shows green for Outbreak Defense
even if there are computers on the network with known MS vulnerabilities, as
determined by the Vulnerability Assessment feature that resides under the
Outbreak Defense umbrella. It still showed green even with three "Critical"
vulnerable computers at one of my clients. A green light or icon is a
universal symbol of "Go!" or "Good" and should NOT show when a vulnerability
exists. At the least, it should be yellow even if there is only one
vulnerability in order to draw attention to it for further examination.
Trend's reply was basically "Outbreak Defense was not designed to alert
users about vulnerabilities." I replied, "Your system should do one of two
things: WARN with a yellow symbol indicating that the system has
vulnerabilities, or MOVE the "Vulnerable Computers" item out from under
Outbreak Defense into its own console section, and flash the yellow light,
if that is not the function you intended for the Outbreak Defense section of
the console." They have the Vulnerability Assessment feature, but it is
apparently mistakenly placed under the Outbreak Defense, where it is
ignored.
If you want the details of why this can be a problem, send an email to
"greggmhill" on my Yahoo account.
4) Pattern update frequency: Question posed during 5.0 beta: In the beta, we
could not set the scheduled update interval. Can we do that now, so that
laptops can be set to check every hour, or at least more often than every 8
hours? I just tried via the registry ScheduleUpdateInterval but it reset
itself to 28800 after a few minutes. I suggested during the beta that we be
allowed to set the interval, and I thought that it would enabled in the
final release. Am I missing something, or is it fixed at 8 hours?
A: This is by design and it will always return to 8 hrs. Our developers
decided not to change this for this release. We have this as a feature
request instead and for approval of the Product Manager for next versions.
5) Trend firewall, even set to High, has inbound NetBIOS ports open. My
notes to them during last beta:
a.. Maybe you could add a "Super Secure Laptop" firewall choice to future
versions to ease configuration. I created a "Laptops" group, and with its
firewall settings for Out of Office set to High, I want to be able to have
access to a terminal server that accepts connections on the default 3389
port, web browsing, email, etc. I changed all the default settings except
for MSA and set them to Outbound only, so that all ports inbound are closed,
in order to mimic a high-end corporate hardware firewall. Most high-end
firewalls can block all outbound traffic, yet allow one to open an outbound
port, then the inbound side is trusted only when someone makes a connection
outbound first, and there is no need to have the port explicitly open
inbound. For example, DNS requests outbound on port 53 should be allowed,
but there is no reason to always have port 53 open inbound unless one is
running a public DNS server. The DNS request from a browser should go out,
hit a DNS server, and be allowed back in because it is not an unsolicited
connection. For my Laptops group, I have set all ports in Advanced mode High
setting to Outbound only (except for MSA, because I do not know how it
behaves), and I added Outbound only ports for Remote Desktop Protocol on
port 3389, NNTP on 119, NTP on 123, RPC on 135, IMAP on 143, SharePoint (for
SBS clients) on 444, ICMP protocol to allow troubleshooting with ping, and
oddball web ports 8080 and 8081 for some router config ports. This setup
gives me a very secure firewall and leaves only one thing open inbound, MSA,
and I am not sure it even needs to be open.
a.. Since Beta period is over, what we can do is to file this as
Feature Request for now.
a.. Barring adding the above firewall choice, perhaps you could change the
defaults for the High setting so that the ports are not open inbound, with
the possible exception of MSA. Having inbound ports open is not necessary,
and should NEVER be the default for a "High" firewall security setting,
ESPECIALLY since you allow inbound NetBIOS connections, which is possibly
the most-hacked port in existence.
a.. We'll be raising this as feature request and for approval of the
Product Manager
a.. My testing with my custom Laptops firewall settings (all inbound blocked
except MSA) and my added ports seems to allow completely normal Internet
access.
Regarding NetBIOS, it should NEVER be open by default for a "High" firewall
security setting! If it is open, it is UNSECURED. Unsecured is NOT "high"
security!
For the Medium setting, NetBIOS should not be open inbound (not in my
opinion), since laptops tend to be used at WiFi spots and that would make
them susceptible to hacking. On my LAN, with NetBIOS blocked, I can still
browse shares on the other computers or on my server. If another computer
were to try to reach a share on my laptop, it would be blocked.
Please remember that you are protecting CORPORATE computers with this
software, not some pokey little home user, and corporate systems should be
more secure than home systems.
I believe that another menu choice to **temporarily** disable the firewall
would be good (they can kill it now, but then they have to remember to
re-enable it). Also, maybe a choice to allow users to change it from High to
Medium or to Low, would be a good addition to allow laptop users to
**temporarily** lower their defenses when on their home networks. Perhaps a
choice to disable it for an hour or until the next reboot, at which time it
would go back to its administrator-chosen settings.
I just thought of another firewall choice, one that users could be allowed
to enable while on a home network. You could call it "Temporarily Enable
File and Printer Sharing" and when someone chooses it, it opens inbound
NetBIOS connections until the laptop is rebooted. Just a thought!
They replied that they would add it as a feature request.
6) Anyone else have suggestions?
Gregg Hill
.
- Follow-Ups:
- Re: Trend Micro WFBS beta starting soon
- From: Gregg Hill
- Re: Trend Micro WFBS beta starting soon
- From: Holz
- Re: Trend Micro WFBS beta starting soon
- Prev by Date: Re: vbscript: Remote Desktop Disconnected
- Next by Date: how do you add windows xp sp3 to the list of Client Operating Syst
- Previous by thread: Internet dropping periodically: DNS/DHCP related?
- Next by thread: Re: Trend Micro WFBS beta starting soon
- Index(es):
Relevant Pages
|
