Re: It seems every firewall is slagged as snake oil. So how should it be done?



Geoff Smith <geoff915@xxxxxxxxx> wrote:
Definitely use a NAT router.

Make sure you disable UPnP on it, though, or malware on a user's
computer will still be able to poke holes in it. Also this doesn't
affect tunneling stuff through other protocols.

But in addition to that, ALL of the firewalls you mention are very
good. Anyone claiming they are snakeoil is just ignorant.

HAHAHAHAHAHAHAHAHAHAHAHAHAHA!

- A system that doesn't have any open ports, because it doesn't have any
services listening on the external interface, doesn't need a personal
firewall to protect the system from direct inbound attacks.
- A system that is properly patched isn't vulnerable to attacks
targeting the already patched bugs.
- Personal firewalls cannot protect services that are supposed to be
accessible to begin with.
- When the user is working with admin privileges, personal firewalls can
be disabled from the inside, even if they employ rootkit techniques.
- Malware should be prevented from being run in the first place, not
from communicating outbound after it's already running. There are
various measures helping to achieve the former, including, but not
limited to: disabling autostart on removable media, using Software
Restriction Policies, setting appropriate "execute" permissions, or
running (up-to-date) AV software.
- The popups of personal firewalls are more confusing than anything
else, because in order to understand these messages, the user would
have to have a good understanding of both networking and Windows
internals. Which is quite uncommon with the target group of personal
firewalls.
- The logging of personal firewalls usually is laughable, since vital
information is omitted.

On top of that, more often than not personal firewalls introduce
additional vulnerabilities on the system they're supposed to protect:

- Automatic network shunning (default with various personal firewalls)
can be abused by an attacker for a DoS attack.
- Some personal firewalls run interactive services with elevated
privileges, making them susceptible to shatter attacks.
- Exploitable bugs in personal firewalls can be used to compromise the
system. This has already happened ITW (W32/Witty.worm).

And you dare calling the critics of personal firewalls ignorant?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
.



Relevant Pages

  • Re: It seems every firewall is slagged as snake oil. So how should it be done?
    ... firewall to protect the system from direct inbound attacks. ... Personal firewalls cannot protect services that are supposed to be ... When the user is working with admin privileges, personal firewalls can ... disabling autostart on removable media, ...
    (comp.security.firewalls)
  • Re: GhostWall
    ... I seriously doubt that most people (average users) will be able to ... What I meant is, that if you can avoid a type of attack, avoid it. ... that they have to hope that the malware author is so ... some "Personal Firewalls" like Sygate and Outpost for example are helping ...
    (comp.security.firewalls)
  • Re: It seems every firewall is slagged as snake oil. So how should it be done?
    ... Anyone claiming they are snakeoil is just ignorant. ... firewall to protect the system from direct inbound attacks. ... Personal firewalls cannot protect services that are supposed to be ... When the user is working with admin privileges, personal firewalls can ...
    (comp.security.firewalls)
  • Re: Zone Alarm (Freeware-) stopped reporting intrustions..
    ... "Outbound filtering" is too late - it should work, when malware already ... common "Personal Firewalls": to work as a little IDS. ... Unfortunately, for home users this is not suitable at all in practice, ... positives, and are flooding users with useless popups, so nobody will ...
    (comp.security.firewalls)