Re: Stealth vs. Blocked

From: Whoever (nobody@devnull.none)
Date: 04/11/03


From: Whoever <nobody@devnull.none>
Date: Fri, 11 Apr 2003 05:34:40 GMT

On 11 Apr 2003, Donut wrote:

> Whoever <nobody@devnull.none> wrote in
> news:Pine.LNX.4.44.0304101737480.707-100000@c941211-a:
>
> > If you read www.grc.com, you will see that he promotes firewalls
> > essentially to mitigate the effects installing a virus, trojan,
> > spyware or other malware. Personally, I feel that:
> >
> > 1. Viruses, trojans, etc can disable software firewalls, so the
> > effectiveness of a software firewall may be very limited.
>
>
> First, the virus or trojan has to get inside, which is exactly what the
> firewall prevents. Yes, it could get inside via an email, which is why you
> need an up to date virus scanner running, and also to be very careful about
> strange emails.

Very few Windows viruses use transmission methods that firewalls block.

There was one virus/worm recently that exploited open shared C: drives.
That is about the only type of worm/virus that a firewall can stop -- and
re-configuring or disabling the file sharing will have the same effect.

The vast majority of viruses are spread by email, with other methods such
as on file sharing networks (kazaa, etc.) providing another method that is
immune to blocking by firewalls.

>
> I use a Yahoo account for general email, and my private one is only
> available to trusted people. Yet, I STILL ended up with a virus last year,
> because I wasn't practicing what I just preached. My virus scanner at that
> time didn't scan incoming POP3 mail, and I trusted Eudora to be virus safe,
> which it certainly is not.

You just confirmed my point: firewalls offer little to no protection
against viruses. Safe email practices are much more important.

With the greatest respect, your experience above does not qualify you as
an expert -- rather the reverse, is qualifies you as someone who is not
very good at computer security.

I am not advocating that firewalls should not be used. Rather that an
external firewall is far preferable.

>