Re: What version of ZOneAlarm fastest with XP SP2



In comp.security.firewalls prophet <user@xxxxxxxxxxxxxx> wrote:
The damage is done, but outbound filtering could have prevented the
payload from being delivered.

Yes. "Could have". Or couldn't, because it's not possible to implement
that securely.

But what about those cases where a
PFW can limit the damage when infected? Doesn't that have _any_ merit at
all, especially for inexperienced users?

If common "Personal Firewalls" wouldn't have security design flaws
(which they have), then I'd agree. Why not? It's a bad disproportion of
effort to fruits, implementing such complex software programs,
which cost so much resources. And for what? To have the unlikely
possibility to limit damage if the security system already failed.

But: why not? Nice try.

But many common "Personal Firewall" implementations don't only make a PC
more insecure only in theory because of adding more complexity.

We're talking about design flaws like system services, which open
windows, opening popups and asking the user important security related
questions (which he or she does not understand for sure and therefore
only can answer wrongly). We're talking about counterproductive nonsense
like filtering PINs away, which is an idiotic misinterpretation of data
security.

We are talking about software programs, which make a PC much more
insecure compared to a PC, which does not have such design flaws.

And for what? For the unlikely possibility, that it might help if we're
very, very lucky?

IBTD!

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc
.