Re: The Coalition against Personal Firewalls



zzy wrote:
Are personal firewalls really useless? If I disable the PFW on my laptop and connect it directly to the Internet, will all those port scans fail, and nothing pernicious ever get into my system?

I doubt it.

If there's something better that "Joe Average" can set up and use reliably without learning the minutia of Internet communications, what is it?

Go to http://www.dingens.org/. You will find a small program that you can use to "lock down" your computer. Yes, this site is the brainchild of Volker Birk. I think he has done an excellent service here.

You see, I don't disagree with the /message/ of the anti-PFW crowd. I'm just sick of the attitude.

I think what PFWs /attempt/ to do or /purport/ to do sounds good, but the basic premise has a fatal flaw. The idea behind the outgoing filtering and application control is that if a virus gets on your system, then at least you can stop it from transmitting personal data or infecting other machines on your network.

The problem is that PFWs are themselves programs and by their very nature they have to insinuate themselves pretty deeply into the guts of your machine. Since they're just programs written by human beings they inevitably have flaws. So what happens is that the PFW itself becomes a big target for hackers and writers of malware. If they can compromise the PFW -- and this has definitely happened -- then due to the intimate "hooks" that the PFW has into the operating system they are actually able to cause much more damage than if the PFW wasn't there at all.

--

Rod
.