Almost no user really needs a firewall (was: [OT] Updates of Firefox and Mozilla)
From: Andreas Kohlbach (ankman_at_email.com)
Date: 03/28/05
- Next message: Barry Margolin: "Re: GoToMyPC secure?"
- Previous message: generalpf_at_gmail.com: "Re: More apparent M$ spyware"
- Next in thread: Michael Pelletier: "Re: Almost no user really needs a firewall (was: [OT] Updates of Firefox and Mozilla)"
- Reply: Michael Pelletier: "Re: Almost no user really needs a firewall (was: [OT] Updates of Firefox and Mozilla)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 15:20:01 -0500
Ian Rawlings wrote on 28. March 2005:
>
> On 2005-03-27, Andreas Kohlbach <ankman@email.com> wrote:
>
>> A desktop firewall does not really work. It gives you the feeling of
>> fake security. And might things you don't want (block stuff you
>> don't want), expands the code basis and so provides a bigger surface
>> for attacks.
>
> A desktop firewall offers you far more control than stopping services
> as I said in a previous post (e.g. allowing some addresses but not
> others), while stopping services reduces your patching requirements it
> also limits what you can do. One of the services that you have little
> control over are the RPC services, if you stop those, important parts
> of the Windows OS will no longer function, however it's important to
> stop access to the RPC services. ISTR that you can use the dcom
> configuration tool to help out with this, my memory fails me at this
> point.
>
> Stopping services as a means of securing a system is fine in
> restricted environments as I said in previous posts, but for a
> computer where rich functionality is a requirement, e.g. a desktop,
> it's not a practical option, especially for the majority of people who
> have better things to be doing with their time.
The script I metioned does stop unnecessary services that no ports are
listening, and you still have a full functioning computer.
>> IMO you're better off without a desktop firewall. Shut down services
>> and be up to date, don't use dangerous software like the Internet
>> Explorer and outlook Express, and you should be fine.
>
> For most users it's not an option
Because they can't handle it. A firewall is additional code and so a
potential security risk. If you are able to close all service you don't
need you are more secure without a firewall. As long as the TCP stack
itself is not vulnerable (seems it is with XP SP2).
X'post + F'up comp.security.misc (don't wanna annoy MAME users here :-).
-- By(e) Andreas Old school arcade classics at http://www.tombstones.org.uk/~ankman/ Linux without installation? http://www.knopper.net/knoppix/index-en.html OE user? Ease the pain and try the better newsreader http://xnews.newsguy.com/ Registered as user #289125 with the Linux Counter http://counter.li.org/
- Next message: Barry Margolin: "Re: GoToMyPC secure?"
- Previous message: generalpf_at_gmail.com: "Re: More apparent M$ spyware"
- Next in thread: Michael Pelletier: "Re: Almost no user really needs a firewall (was: [OT] Updates of Firefox and Mozilla)"
- Reply: Michael Pelletier: "Re: Almost no user really needs a firewall (was: [OT] Updates of Firefox and Mozilla)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
