Re: A firewall won't stop this one

From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: 11/04/03 

Date: Mon, 3 Nov 2003 20:56:45 -0500

In article <bo6ds6$nq2$00$1@news.t-online.com>, bumens@dingens.org
says...
> Colonel Flagg <colonel_flagg@nosoupforj00internetwarzone.org> wrote:
> >> "Personal Firewalls" often try to implement host based packet filters
> >> and some kind of "sandboxing". Both things they're implementing bad.
> > They're not badly implemented, they're poorly marketed as being an "end
> > all" to personal computer security.
>
> Implementing port filtering by modifying a library is very bad.
> Implementing port filtering in user space is very bad at all.
> Implementing user interface for non-privileged users is very bad.
> Implementing sandboxing for processes without implementing virtual
> machines is very bad.
>
> These are only examples.
>
> > the *feel* for your
> > statements lead me to believe that you don't think personal/software
> > based firewalls will work, period. i disagree. they'll work, but not as
> > they're marketed to work.
>
> Perhaps they're stopping _some_ kind of attacks. But they're often
> offering possibilities for attacks, which would not exist without
> them.
>
> Some of the known exploits which "Personal Firewalls" had were:

So you throw out some links to vulnerabilities in Personal Firewalls,
without throwing out compatible links to hardware firewalls.. not nice,
not nice at all.

> So if you're installing a "Personal Firewall", such a software
> perhaps will close some leaks - perhaps it will open new ones.
>
> The producers of the "Personal Firewalls" appear to develop not very
> carefully.
>

*some* producers. not _all_.

> That you're calling "security"?

see, you're still thinking "inside the box". you're dwelling on the
mass-marketing efforts of companies such as Zone Alarm, Black Ice,
Norton, McAfee, etc. these are the "popular" choices, not the most
functional, not the most secure.

>
> Better than any "Personal Firewall" is to close the doors your
> system offers by disabling unwanted system services, and not to
> use software which is "phoning home".
>

you don't realize how many ways you're screwing up here.... sure, it's
great for a GURU to close the doors and keep from running "phone home"
software, it's not for the end-user. then again, why wouldn't the guru
install a good personal firewall to monitor everything connecting to and
from their system? who knows, guru's aren't perfect, they *could*
possibly screw up and click on something they shouldn't. end-users, on
the other hand, are totally clueless. how do i know this? i work with
clueless end-users daily. they're beyond clueless. there's no words to
describe how bad-off the end-user community really is.

without some level of protection offered by personal firewalls and
trustworthy anti-virus solutions, end users are more vulnerable. they'll
not close their ports, they'll not stop clicking on everything that
looks appealing, including spyware links, java applets, malicious
active-x scripts, links to programs, "ok'ing" whatever pop-ups that
occur. end-users will click anything, any time, as long as it removes
that GODDAMN POPUP that's interfering with their porn surfing.

NONE of my customers were effected by _any_ of the recent Microsoft
worms. NONE of my customers, once they've became customers of mine have
EVER been infected with a virus. why? because i layer the protection
offered to my customers.

my choice in personal firewalls has a higher learning curve than a
simplistic "zone alarm" type junk-ware. most end-users can't grasp the
functions of it, but it works and works well. sure, i sit behind two
other hardware firewalls, however, i know when EVERY application on my
computer attempts to contact the internet.

> Beside that, the NT kernel offers portfiltering itself without
> any "Personal Firewall".
>

sure it does, but does it disallow unknown applications from requesting
information from an unknown? does it show you what's connecting? can you
tweak the settings per application, per connection?

> Sandboxing of processes without implementing a virtual machine is
> ridiculous,

you're incorrect, it adds a layer of security for folks that otherwise
wouldn't do anything.

> BTW. How should that work reliably?
>
> VB.
>

just the way I have it setup on my system. which, unless you're a client
of mine, you'll never know.... and frankly, telling you how mine is,
over usenet, would be the first step in losing what security i do have.

of course if you don't understand that, you're probably not capable of
understanding the rest of the concepts. 

-- 
Colonel Flagg
http://www.internetwarzone.org/
Privacy at a click:
http://www.cotse.net 
Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."
"...I see stupid people."