Re: Why aren't there ANY firewalls?



spamdrew@xxxxxxxxxxx writes:

Forgive my naivete (and perhaps excessive subject)
but it seems to me that internet communication all comes
into a PC though a single port at a time and therefore through
a "bottleneck".

Is there some reason we can't just have a blacklist and a whitelist
with tick boxes against plain text strings to block or allow specific
things passing through that route?

Perhaps you'd need one for text itself eg www.spam.net or
123.123.123.123
and another set for commands (ie block ICMP or block ARP / HTTP)
along with logical AND and OR linking if required (eg www.spam.net AND
HTTP or whatever) .
The use of wildcard should be possible too.

That seems to me to eminently controlable and understandable.
If anything that isn't listed comes in/out it should ask for what to
do and add to the list of tick boxes as appropriate.

I've just been looking at Norton.symantic and it just looks like a
total mess to me. They couldn't have made it any more complicated
and less controlable if they tried. (Or perhaps they did and thats the
idea to keep people paying out - A real firewall surely should last
decades)

Norton is all very pretty and technical looking but
I've spent all day on norton and I havn't got a clue what might still
get though and what cant.

As far as I can see there is no way for a reasonably literate but
novice "net user" to gain any form of firewall. They all come
configured with so many holes they seem effectively pointless.

Try to block google or microsoft and you may as well
just chuck the PC in the bin. And that I suspect is very telling
about the overall state of security.

Perhaps there is something like that that works on vista
but I havn't found it.

At the risk of sounding even more like a newbe ... sigh.

Most of the problem is that you're looking for a very simple solution
to realities that are pretty complex.

What's your goal? Block "bad sites"? Be safe at the local coffee
shop on their open wireless network?

.