Re: Win xp sp2 firewall



On Tue, 20 Mar 2007 14:33:51 +0000, B. Nice wrote:

On Tue, 20 Mar 2007 07:06:05 -0500, Leythos <Void@xxxxxxxxxxx> wrote:

How is it that you guys miss the holes in XP Sp2 firewall while missing
that anything that makes it harder to put holes in a firewall is good?

I see two fundamentally different viewpoints or ways of thinking here.

The XP SP2 firewall approach builds on the idea that an admin is
supposed to know what he is doing.

The ZA firewall approach builds on the idea that since in real life
most windows users are in fact running as admins it makes sense to put
some kind of further control in place in order to protect the admin
from himself.

I agree so far.

So

Is it fair to assume that an admin is supposed to know what he is
doing? - I think so.

No, as most users of Windows computers don't know there is an Admin or
Limited account.

Is it true that most windows users are running as admins? - Sure.

Yes, and those are the people that need protection in most all cases.

Is it fair to assume that most users running as admins don't know what
they are doing? - I think so.

Yep, we agree.

So the root cause seems to be the fact that users are running as
admins. Therefore also this is what needs to change.

And the problem is that many applications under Windows won't run as a
limited user, websites can't install their active-x as a limited user,
etc... Even QuickBooks won't run as a limited user without additional
setup beyond the scope of the type of users we talking about.

So, while we all agree that the root cause is ignorance and running as
Admins, what we need to change is way more than just people running as
admins.

1) ZA and others protect the ignorant and Admins far better than Windows
XP SP2 firewall.

2) Program developers need to write code that runs well, without
changes/hacks for limited user level accounts.

3) Websites need to be coded to NOT use active-x.

Until the time we can force the above 3 items, and until people stop using
Admin level by default, applications like ZA and others will provide more
protection than XP SP2 firewall does.

--
Leythos
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.



Relevant Pages

  • Re: NT 4 server firewall?
    ... I would never run a firewall application on ... >> the same server I wanted to protect. ... > administrator's word that security is in place. ... system is then hire an Admin that you do trust. ...
    (comp.security.firewalls)
  • Re: Should I still buy SBS 2003 Premium w/ ISA in light of XP SP2s ICF2?
    ... Admin rights is a very simple story. ... relying upon the firewall to block accordingly the access to workstations, ... don't have the same level of packet-filtering in your favor that ISA ...
    (microsoft.public.windows.server.sbs)
  • RE: Hacking to Xp box
    ... and an admin with knowledge of their environment would be able ... I think there was a misunderstanding in the firewall point: ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
    (Pen-Test)
  • Re: The Coalition against Personal Firewalls
    ... then anything *you* can do as an admin a malicious program can do as ... If you're running as a limited user you can't ... Internet can't do it either. ...
    (comp.security.firewalls)
  • Administrator/Limited User Accounts - cant view online streamin vi
    ... I have 1 Admin and 1 Limited User accounts. ... However, only if I am logged into my Admin a/c, I can still watch video on ...
    (microsoft.public.windowsxp.general)