Re: Win xp sp2 firewall
- From: Leythos <Void@xxxxxxxxxxx>
- Date: Wed, 21 Mar 2007 13:47:21 -0500
On Tue, 20 Mar 2007 14:33:51 +0000, B. Nice wrote:
On Tue, 20 Mar 2007 07:06:05 -0500, Leythos <Void@xxxxxxxxxxx> wrote:
How is it that you guys miss the holes in XP Sp2 firewall while missing
that anything that makes it harder to put holes in a firewall is good?
I see two fundamentally different viewpoints or ways of thinking here.
The XP SP2 firewall approach builds on the idea that an admin is
supposed to know what he is doing.
The ZA firewall approach builds on the idea that since in real life
most windows users are in fact running as admins it makes sense to put
some kind of further control in place in order to protect the admin
I agree so far.
Is it fair to assume that an admin is supposed to know what he is
doing? - I think so.
No, as most users of Windows computers don't know there is an Admin or
Is it true that most windows users are running as admins? - Sure.
Yes, and those are the people that need protection in most all cases.
Is it fair to assume that most users running as admins don't know what
they are doing? - I think so.
Yep, we agree.
So the root cause seems to be the fact that users are running as
admins. Therefore also this is what needs to change.
And the problem is that many applications under Windows won't run as a
limited user, websites can't install their active-x as a limited user,
etc... Even QuickBooks won't run as a limited user without additional
setup beyond the scope of the type of users we talking about.
So, while we all agree that the root cause is ignorance and running as
Admins, what we need to change is way more than just people running as
1) ZA and others protect the ignorant and Admins far better than Windows
XP SP2 firewall.
2) Program developers need to write code that runs well, without
changes/hacks for limited user level accounts.
3) Websites need to be coded to NOT use active-x.
Until the time we can force the above 3 items, and until people stop using
Admin level by default, applications like ZA and others will provide more
protection than XP SP2 firewall does.
spam999free@xxxxxxxxxx (remove 999 for proper email address)
- Prev by Date: Re: DMZ or portforward
- Next by Date: Netscreen firewall configuration report parser
- Previous by thread: Re: Win xp sp2 firewall
- Next by thread: Re: Win xp sp2 firewall