Re: Hardware vs Software

From: N. Miller (nsm_at_blackhole.aosake.net)
Date: 04/21/04


Date: Wed, 21 Apr 2004 02:57:07 -0700

In article <1a3c01c426fa$cdf12930$a601280a@phx.gbl>,
anonymous@discussions.microsoft.com says...

> Why is it whenever people on this NG ask about what they
> should do to protect themselves from the evils rampant on
> the Internet, everyone always responds with "install NIS"
> or "install ZoneAlarm"? Always install, install, install!

> Personally, I have always been an advocate of the "less
> software = more stable system" school of thought, and
> would *much* rather have a router hooked up between me and
> my cable modem to protect me than any software installed
> on my machine. I don't have any firewall software -- not
> even any anti-virus software -- and I've never had any
> problems whatsoever as long as I'm plugged into my
> precious router.

> Considering you can pick up a four-port router for about
> the same amount of money as NIS, why do more people not
> consider this an option? (Admittedly, ZoneAlarm is free,
> but then you have ZoneAlarm on your computer, always
> asking you if Site A is safe or if Popup B should be
> allowed.)

The typical user of MS-ware does not know how to lock down MSIE and MSOE
against exploits. Even with the current patches, if the security settings of
these programs is set too low, bad things will happen. MSIE is safest with
all but the most trustworthy sites left to the "Internet" zone, and that
zone set for scripting to either prompt for action, or be disabled. Alas,
either way, many sites will present the user with a wad of pop ups, either
requesting permission to run script (if the security setting is "Prompt"),
or warning that the security settings prevent scripts from running, and the
site may not display properly. Most users will just notch their security
settings down until those warnings are not presented. Those users are the
ones always asking about how their browser start page got changed.

MSOE has its own security issues. A properly designed email message can
exploit weakness, both in the client, and the user, and induce the running
of malware, causing a viral or Trojan infection.

All of the above will happen, even if a router is in place. A NAT router is
not a firewall, though the NAT process generally has a comparable effect as
a firewall device.

Using a combination of anti virus, firewall, and other prophylactic software
can make the Internet safer for users of MSFT products, which are often
installed with exploitable defaults.

And, in my case, running an MTA with ports punched through the router, the
personal firewall software gives me an extra point at which to deny abusers
access to my MTA. And the MTA can invoke an AV Policy on demand, so scanning
of email for viruses is practical for me.

All of which does not negate the fact that a careful user can surf the
Internet safely without FW and AV software. I suspect that the typical home
user just doesn't know enough geeky stuff to do so.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint