Re: The Coalition against Personal Firewalls


"zzy" <anon@xxxxxxxxxxx> wrote in message
news:127cl65tcq6334b@xxxxxxxxxxxxxxxxxxxxx
Rod Engelsman wrote:
zzy wrote:
I take it that the chief function of a personal firewall is a way to close
those ports. So why do some of the seeming experts here call personal
firewalls "useless"? Is there a better way to close the ports? If so,
better in what way?

They say that commercial third party products are no more useful than the
free firewall now built in to windows, and in fact in many cases open up
additional vulnerabilities that don't exist in the MS product.

Those that claim that using a Microsoft security feature is a risk in itself
are ignoring the fact that any third party app in fact depends on microsoft
code in order to run, since MS has control of the OS.

Thanks for the insights. I do like outgoing notification, since I don't
like my system contacting Microsoft every time I compile my program, for
example, or Windows Media Player contacting it every time I load a tune.
Just a twitch of mine, I guess. Without the notification, I wouldn't have
known it was going on and so wouldn't have been able to prevent it.

The problem with this feature is that it can be circumvented by the user or
*by a program* without user intervention. So, it's like a lock that
sometimes unlocks itself for no reason. People get a warm fuzzy feeling
from watching things get blocked while they are in fact open for
exploitation and, believing that they are not, have taken no additional
steps to prevent it.

I allow sharing of only one folder, which is generally empty. Would this
be risky to leave enabled?

In the past, there have been exploits that start from a simple folder share
and elevate things from there to gain access to additional areas on the
drive. Perhaps such exploits will never occur again. I'd sure like to
think so.

However, if the service is not enabled, then it's not available to be
potentially exploited.


Thanks very much for taking the time and trouble to give some good,
constructive advice that average users like me can put to use to improve
the security of our systems!

I hope I was able to shed a bit more light on what some of the vocal users
have been saying in this group, without "being an ***" or being a
"dickless little boy" as alluded by Notan.

-Russ.


.

Loading