Re: ZoneAlarm and AVG cause "Shut Down" to Fail

sonar007@xxxxxxxxx wrote:
A single PC. It was very intriguing, but how do you explain that all
the other tech sites are recommending the use of a Firewall while this
one says they're snake oil? What does that author know that almost
everybody else, evidently, does not?

You're referencing newspapers or magazines.

Usually, journalists are not the people, who are inventing things.
This is not their job. Their job is to report about things that happen
in the domain they're reporting about.

A good journalist has to understand the basics of her/his domain, though.
But she/he does not need to be a perfect technician or to be able to
understand each line of code like a good developer has to.

But a good journalist has to have the nose to scent, what a good story
is. A good story is something many people want to read, because
journalists are dyeing paper with black ink, and if they're doing a good
job, than much more people want to have this paper than before ;-)

With the idea of public relations, PR, you're using this effect as a
company. You're making so a big story out of your products (in what way
ever you will manage to do this, some million $ for advertizing will
help anyway), that every journalist catches the ball.

A second effect is, that before Windows XP SP2, "Personal Firewalls" had
a positive effect: they're implementing packet filters. And to have a
packet filter for Windows looks like a very good idea, because Windows
starts many servers in the default configuration, which are offering
services to the complete Internet, when there is a connection.

This is exactly, what the Windows-Firewall does, too. And, having a
closer look, it's idiotic.

It's idiotic from Microsoft to start so many servers, because then they
have to be filtered away afterwards. If Microsoft would not start these
servers in the default configuration, then you won't need to filter any-
thing.

This is, what http://www.dingens.org and Torsten's script are doing.
They're just stopping the server programs, Microsoft starts in the
default configuration. And you don't need a packet filter any more.

But filtering is the second best option, and it's much better than to
do nothing.

Now, since such solutions are there, and that the Windows-Firewall is
there, the manufacturers of "Personal Firewalls" are running into
trouble.

No-one needs there products any more.

So they're "inventing" bells and whistles. It's an old idea, coming from
the fact, that people are comparing products before buying one. So you
have to have features, the competitor does not have. And, having only
the view of a layperson, the customer is not able to differ between the
features, which are sensible, and the features, which are of the kind
"bells and whistles".

Additionally, the customer is forced to believe something. No regular
user can decide, which feature is a good idea and which is useless or
even counterprodictive. All is with believing or not. It's like with
religion.

So most of the customers are buying the product, they have the best
feeling with. They're not dumb to do so, because how should they decide?

And this is why manufacturers are designing their products so, that the
user has a good feeling with. This is the reason for having popups with
"Your Personal Firewall saved you from an attack again!!!1!11". This is
why Symantec implements filtering your "secret data" away, even if it's
counterproductive. They give you, the customer, a good feeling that
everything is "highly" secure. It does not matter, if this is sensible or
not.

And the newspapers and magazines are reporting about it.

Yours,
VB.
--
was ist wenn $BACKUPSERVER und $PRODUKTIVSERVER in einem Gebäude, Stockwerk
oder Serverraum stehen und die Löschanlage (Fehlfunktion oder Brandfall)
die komplette IT zerstört
Murphy meets Darwin. (Timm Thiemann zu Thomas Wildgruber in d.a.s.r)
.

Relevant Pages

  • Visa PCI Firewall Requirements and Windows Networks
    ... Windows Security Experts and registered CISSP's: ... public networks by a 2-tiered firewall architecture, ... Lets say that the database servers are the only things ... that need access to the data only need those ports open. ...
    (Focus-Microsoft)
  • Re: Visa PCI Firewall Requirements and Windows Networks
    ... GP without the risk of open ports or a DC in the DMZ. ... Outbound access should be minimized but if windows update is your ... alternative tools on trusted servers to patch your machine. ... > behind the second firewall. ...
    (Focus-Microsoft)
  • Re: Cannot ping DC server
    ... > When I go to Control Panel/Windows Firewall, ... >>> can ping the other servers and receive replies just fine. ... >>> (Sorry for the cross posting with DNS group but I would bet I set up ...
    (microsoft.public.windows.server.networking)
  • Re: GP Firewall Settings
    ... need to "filter" these settings - they will simply be completely ignored by ... any cvomputer that has Windows XP RTM or Windows XP SP1. ... I suggest removing the putting the Firewall settings into a seperate GPO ... But the workstation has SP2 installed ...
    (microsoft.public.win2000.group_policy)
  • Re: Microsoft and their IPSEC security - no firewall?
    ... firewalls in front of at least some of their web servers where ever ... I don't see a good reason here for removing the firewall. ... as there is no IP logging native in Windows ... Microsoft might be able to do this because presumably they may have ...
    (microsoft.public.win2000.security)