Re: Recurrent question
- From: Volker Birk <bumens@xxxxxxxxxxx>
- Date: 20 Dec 2005 13:03:50 +0100
Ric <me@xxxxxxxxxxx> wrote:
> Yes. But if the user has no PFW they get no pop-up and the packets get
> out anyway.
Yes. It's hard to see maybe, but this is a really good idea to do so
for most of the users. Not only, but also for the "update Acrobat"
problem.
We're not talking about a person like you, who knows, what this tech
speak on those popups means, do you remember? ;-)
> >> >FSM-dammed *RIGHT* not to know, what's going on technically, but just
> >> >_use_ their computer, isn't it? Especially, if she/he buys _security_
> >> >software for being _protected_.
> >> Do you know of any software that can achieve this?
> >Yes, I'm working with Macintosh computers from time to time ;-)
> And? Do you mean OS X? :)
Yes. And: yes, I know, that OS X is far from being perfect. It's just
light years before Windows for home users. But I know, that many home
users are using Windows in spite of this fact. This is, why I hacked
www.dingens.org for Windows 2000 and Windows XP before SP2.
> <snip>
> >> >So we agree, that you can remove your "Personal Firewall" and enable
> >> >the Windows-Firewall, and nothing will change (with the exception, that
> >> >you'll not have the problems of your "Personal Firewall" any more)? ;-)
> >> I would have swapped one set of problems for another. :)
> >No, why?
> The windows firewall comes with it's own set of problems. If I want to
> use it I have to install ICS, and have ports permanently open.
This is not true. To use it with Windows XP SP2, you have to do _nothing_
with your Windows. And this exactly is the maximum you can expect from a
home user.
> And I
> think Microsoft's security reputation speaks for itself.
Yes. So what?
I have no problem with people calling not to buy a PC with Windows, but
better buy a Macintosh. I'm recommending this for every home user.
And why not?
But: "Personal Firewalls" don't solve this problem, too, because as long
as you're trusting in the Windows kernel, you're trusting in Microsoft's
code anyway.
> >Then please explain _one_ _single_ _feature_ of a "Personal Firewall",
> >which results into more security, which cannot be achived much easier
> >without a "Personal Firewall".
> They stop my keyboard from phoning home.
;-) Stopping the _keyboard_ from phoning home. Unbelievable. But I must
say: this answer is _very_ creative, and it's a pleasure to discuss with
you *ROTFL*
> Why should my keyboard want
> to phone home? It's a Microsoft Internet Pro Keyboard, and I like it
> apart from this strange fault/feature.
You know, that you cannot prevent your keyboard from phoning home, if
Microsoft is a little bit evil, and ignores your "Personal Firewall"
for just this traffic? Remember: keyboard drivers are kernel code ;-)
So this has nothing to do with security, what you're stating, creative
or not.
If some code is running in kernel, no "Personal Firewall" can help.
> They can offer fine ICMP control. Firewall logs are always good a
> source of amusement. Logs may be sorted by source IP, source port,
> destination port etc.
Security features, please. And: for a home user, please.
> >- opening useless popups, which usually are leading into wrong decisions
> > from home users, and at best are abused by malware like the AutoClicker
> > shows us
> Bad config.
Yes. And the default config for at least Norman, Outpost, Zone Alarm and
Symantec Norton.
Please think about the fact, that a home user cannot implement a correct
configuration. The default config will be the best one, she/he is able
to have. All what she/he is clicking afterwards, will be worse in case of
doubt ;-)
> >- giving a "good feeling" to home users, where they better shouldn't have
> > one by lying to them "we defended you from an ICMP attack from 127.0.0.1!"
> And scan sites like grc telling you that because you passed their
> "stealth test" you are invisible to "hackers" on the internet.
Yes. http://www.grcsucks.com
> >- adding extra code to an already complex system, and by that increasing
> > the code base for possible exploits (as the Witty-worm showed)
> Like wanting to install ICS when you enable the XP firewall.
Enabling the Windows-Firewall does not install any extra code to your
system, you don't have installed already. This is one of the reasons, why
I'm recommending the Windows-Firewall.
> Here's a little help. :)
;-) THX.
> It takes a while to figure out which ports apps/protocols usually
> run on, but PFW's can help to teach people this. Admittedly a few good
> books might be better, but playing with PFW's can be interesting.
This may be true. But not for home users, but for interested people,
who are wanting to understand, what's going on.
The problem is, "Personal Firewalls" want to be products for regular
home users. And this does not work at all.
Yours,
VB.
--
Ein vision statement ist in aller Regel planfreies Gelalle einer Horde
realitätsferner Spinner.
Dietz Pröpper in d.a.s.r
.
- Follow-Ups:
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- References:
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Sla#s
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- Prev by Date: Nokia IP330 firewall
- Next by Date: Re: Kerio 2.1.5: handling fragmented packets
- Previous by thread: Re: Recurrent question
- Next by thread: Re: Recurrent question
- Index(es):
Relevant Pages
|
