Re: It seems every firewall is slagged as snake oil. So how should it be done?
- From: Ansgar -59cobalt- Wiechers <usenet-2009@xxxxxxxxxxxxxxxx>
- Date: Fri, 13 Mar 2009 13:21:03 +0100 (CET)
Geoff Smith <geoff915@xxxxxxxxx> wrote:
Definitely use a NAT router.
Make sure you disable UPnP on it, though, or malware on a user's
computer will still be able to poke holes in it. Also this doesn't
affect tunneling stuff through other protocols.
But in addition to that, ALL of the firewalls you mention are very
good. Anyone claiming they are snakeoil is just ignorant.
- A system that doesn't have any open ports, because it doesn't have any
services listening on the external interface, doesn't need a personal
firewall to protect the system from direct inbound attacks.
- A system that is properly patched isn't vulnerable to attacks
targeting the already patched bugs.
- Personal firewalls cannot protect services that are supposed to be
accessible to begin with.
- When the user is working with admin privileges, personal firewalls can
be disabled from the inside, even if they employ rootkit techniques.
- Malware should be prevented from being run in the first place, not
from communicating outbound after it's already running. There are
various measures helping to achieve the former, including, but not
limited to: disabling autostart on removable media, using Software
Restriction Policies, setting appropriate "execute" permissions, or
running (up-to-date) AV software.
- The popups of personal firewalls are more confusing than anything
else, because in order to understand these messages, the user would
have to have a good understanding of both networking and Windows
internals. Which is quite uncommon with the target group of personal
- The logging of personal firewalls usually is laughable, since vital
information is omitted.
On top of that, more often than not personal firewalls introduce
additional vulnerabilities on the system they're supposed to protect:
- Automatic network shunning (default with various personal firewalls)
can be abused by an attacker for a DoS attack.
- Some personal firewalls run interactive services with elevated
privileges, making them susceptible to shatter attacks.
- Exploitable bugs in personal firewalls can be used to compromise the
system. This has already happened ITW (W32/Witty.worm).
And you dare calling the critics of personal firewalls ignorant?
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
- Prev by Date: Re: Comodo Firewall
- Next by Date: Re: Online Arrmor
- Previous by thread: Re: It seems every firewall is slagged as snake oil. So how should it be done?
- Next by thread: Re: It seems every firewall is slagged as snake oil. So how should it be done?