Re: A firewall won't stop this one

From: Dazz (cashdj_at_hotmail.com)
Date: 11/04/03 

Date: Tue, 04 Nov 2003 11:44:31 +1000

On Mon, 3 Nov 2003 21:29:58 +0100, Volker Birk <bumens@dingens.org>
wrote:

<snipped>

>Implementing port filtering by modifying a library is very bad.
>Implementing port filtering in user space is very bad at all.
>Implementing user interface for non-privileged users is very bad.
>Implementing sandboxing for processes without implementing virtual
>machines is very bad.

Yes. On this, I tend to agree with you.

>These are only examples.
>
>> the *feel* for your
>> statements lead me to believe that you don't think personal/software
>> based firewalls will work, period. i disagree. they'll work, but not as
>> they're marketed to work.
>
>Perhaps they're stopping _some_ kind of attacks. But they're often
>offering possibilities for attacks, which would not exist without
>them.

So instead, systems should be left without any protection at all?

Isn't some sort of protection better than none?

Do you drive a car? Does your car have seatbelts? Do you happen to
wear a seatbelt?

A seatbelt doesn't offer complete protection, but it does offer some
protection.

Did you make your seatbelt? How do you know there isn't some soft of
design or manufacturing fault that hasn't been detected?

Simple - you don't. But I bet you still wear one.

>Some of the known exploits which "Personal Firewalls" had were:
>
>http://cert.uni-stuttgart.de/archive/bugtraq/2003/08/msg00056.html
>http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00365.html
>http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00163.html
>
>So if you're installing a "Personal Firewall", such a software
>perhaps will close some leaks - perhaps it will open new ones.

Even hardware firewalls do not offer complete protection, and while
you seem to delight in attacking personal firewalls, I need to mention
that there have been vulnerabilities in

You like to attack personal firewalls, but I've seen hardware
firewalls that are also vulnerable to attacks as well, yet you don't
mention this.

Why is that?

>The producers of the "Personal Firewalls" appear to develop not very
>carefully.

Not quite correct.

What you should have written is this:

The producers of *most* software appear to develop not very carefully.

Look at OpenSSH, Apache, (just as examples) etc etc for further
proof.

>That you're calling "security"?
>
>Better than any "Personal Firewall" is to close the doors your
>system offers by disabling unwanted system services, and not to
>use software which is "phoning home".

Disabling unwanted system services offers an extra degree of
protection, but what about those services that you need running (ie
services that other services depend on)?

The simple truth is that firewalls, software or hardware, don't offer
complete protection, even taking out the weakest link - the user
themselves.

But I'd still rather have a software firewall running, then no
firewall at all.

>Beside that, the NT kernel offers portfiltering itself without
>any "Personal Firewall".

Yes it does, and it's rather poorly implemented.

For starters, it only offers protection on inbound traffic, and not
outbound.

Quote from
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/reskit/prcc_tcp_ltxs.asp

"TCP/IP filtering allows you to specify exactly which types of
incoming IP traffic are processed as the destination for each IP
interface."

So, you don't believe outbound protection is important?

And with all the security flaws already found in Micro$oft systems,
you'd trust their security over a personal firewall that may have only
had a couple of flaws?

But I'll also add that according to Microsofts own website,
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

"Some Internet service providers (ISPs) do not allow the use of the
Windows XP ICF. If this is the case, you should contact your ISP for
their recommended security measures."

Hmmm, that's interesting in itself.

What would you suggest for those people?

Not to use anything?

>Sandboxing of processes without implementing a virtual machine is
>ridiculous, BTW. How should that work reliably?

How about you telling us?

Dazz

>VB.

Relevant Pages

  • Re: ZoneAlarm backdoor / GRC.com?
    ... >> outbound protecting firewalls by trivial usage of windows messaging ... >> firewall, and as firewalls go, ZA is okay. ... Any hacker who manages to fool you into running a trojan ... > - if no trojan is there, inbound protection is useless. ...
    (comp.security.firewalls)
  • Re: Personal firewalls question (for Windows)
    ... I would personally recommend against the free version of ZoneAlarm. ... my not so humble opinion, you get what you pay for;) As I work in an ... For genuine protection from malware, ... interact with a range of firewalls, ...
    (Security-Basics)
  • Re: UPDATING
    ... the latest protection, what the benefits are, especially ... Using two firewalls ... Windows XP Internet ... >Connection Firewall or different software firewall, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Firewall for small office network?
    ... The plethora of fake Microsoft Network Upgrades that we have ... > You should learn about the other firewalls more in depth when you have the ... > protection for your office before you take your leave)... ... >> to the internet via a dialup connection on a computer using Windows XP ...
    (comp.security.firewalls)
  • Re: Firewall for small office network?
    ... The plethora of fake Microsoft Network Upgrades that we have ... > You should learn about the other firewalls more in depth when you have the ... > protection for your office before you take your leave)... ... >> to the internet via a dialup connection on a computer using Windows XP ...
    (comp.security.firewalls)