Re: It seems every firewall is slagged as snake oil. So how should it be done?



Rick <rsimon@xxxxxxxx> wrote:
There are pros and cons to running s/w based "firewalls".

Just tell me one single sensible pro argument. I'm waiting for that for
years now in this "discussion".

All I'm reading is incompetent nonsense. And for all what I can see,
this is one of the main reasons of the security desaster of Microsoft
Windows PCs we all are facing today.

IMHO - whether the overall result falls on the pro side or the con side
depends on a number of factors, including the knowledge/abilities of the
end user.

For the end user, the most stupid concept I ever heard of is that of
popup windows where /he/ has to make the decisions which are relevant for
his own security.

The person who should be protected, is imposed to take over the
responsibility for all technical decisions of protection.

This is the concept of /every/ "Personal Firewall" I ever saw, any of
them seem to implement this totally ridiculous b0rken concept together
with the absurd "outbound filtering" idea.

To be clear: absurd is the idea to let malware run on your computer, and
then try to filter away its communication.

To maintain that every system should be hardened properly and should not
run a s/w based firewall is to ignore the fact that doing so is beyond
the abilities of a great many users.

This is why I'm saying, that Microsoft should deliver hardened systems,
of course. The catastrophic spread of botnets is their fault.

This really is layered security.

While that may not be your intent, that IS the way you tend to come
across.

I really don't care.

Usually, people don't want to hear the facts. Of course, it's much
easier for them /not/ to switch systems, and of course, they /want/ to
hear, that security can be bought in boxes. It would make their life
much easier as it is, if this would be true, so they want to believe
that.

And we all have to filter away all that Spam from millions of zombies,
because of this. And all of the many companies who are blackmailed by
DDoS racketeers have to pay and to hush up their vulnerability.

Or what do /you/ think, why are millions of Windows PCs zombies and part
of botnets?

Yours,
VB.
--
Bitte beachten Sie auch die Rückseite dieses Schreibens!
.



Relevant Pages

  • [NT] Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Al
    ... Get your security news from a reliable source. ... A security vulnerability exists in the H.323 filter for Microsoft Internet ... Security and Acceleration Server 2000 that could allow an attacker to ... overflow a buffer in the Microsoft Firewall Service in Microsoft Internet ...
    (Securiteam)
  • Re: linux-next: add utrace tree
    ... issue of "I'd much rather have explicit interfaces than have generic hooks ... generic filter engine out of the current ftrace filter engine (which is really ... controlled via ASCII space filter expressions [broken down into ... tasks so that security restrictions percolate down automatically. ...
    (Linux-Kernel)
  • [NT] Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities
    ... Get your security news from a reliable source. ... Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities ... to filter injection into HTTP headers, which will drive hackers to focus ... CRLF Injection is also XSS type 1 and is not mitigated by ...
    (Securiteam)
  • RE: How to restrict users to see data in a mutiuser environment?
    ... interested setting up workgroup security. ... ' Gets the userid of the current user. ... Dim Length As Long ... which you open the form you want to filter. ...
    (microsoft.public.access.modulesdaovba)
  • Re: Do I really need a FW besides WXP
    ... Controlling aleady running programs what ... > Since XP Home doesn't really have good security like XP Pro ... If the "router" is running a packet filter and maybe NAT, ... data security to filter away to hide something. ...
    (comp.security.firewalls)