Re: XP's Firewall

B. Nice wrote:

Under the right circumstances, it's a very good approach, actually.
One just has to understand the premises.

How do you for example help people having just a single machine and an
internet connection when a firewall is not available in their local
language and they are not very good at reading and understanding
english - and they are by no means techies. I can guarantee you that
they are better off with a hardened machine and some simple ground
rules than with a firewall asking questions they have absolutely no
chance other than 50% to answer correctly.

That might be true, in fact it's a very good point that I had not thought
about.

I was thinking in terms of the majority of people likely to be reading or
writing articles in this newsgroup. I thought you were going to go for the
"false security" problem with firewalls that make people think "It's ok to
do something (dangerous/stupid) because I've got a firewall". I'd have
agreed with that also had you mentioned it ;-) but we have to assume that
we're talking about sensible users in sensible situations.

Now if you're asking: "is it an easy solution" - heck no. But it's
possible.

I'm not sure what you mean by "it's not an easy solution". A script
that can shut down unnescessary services on windows can be downloaded
and executed faster than you can download and configure a personal
firewall.

Perhaps - but how quickly can someone assess whether or not to trust a
script, or it's author?

Let's say I decide to write such a script myself and post it on my
website. Now I'm (arguably) trustworthy - I've been invovled in security
and antivirus discussions for years. I've been a MVP since about 1998.
I've got a fair pedegree, you could say.

Yet all that guarantees is that if you download a script from my website
and run it, that the script won't *intentionally* upset the smooth running
of your computer.

--
--
Rob Moir, Microsoft MVP for Security
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ -
http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked:
"Have you checked (event viewer / syslog)".


.

Relevant Pages

  • Re: netzero hijacking my homeoage in ie6
    ... I have xp media center w/ firewall I ran e-trust pest patrol, ... Download nosethomepage.vbs and save this file to your hard drive. ... The VB Script ...
    (microsoft.public.windowsxp.general)
  • Re: FW1 NGX R62 on IP530 issue
    ... Monitor your firewall usage during the 3/4 days while it's ... You can download a script from the Nokia support site that does this ...
    (comp.security.firewalls)
  • Re: RFC: my firewall ruleset(s)
    ... IPFW numbers rules that increment by 1. ... > The reasoning behind this is so I have a single firewall script for all ... Depending on the rc.conf entries on that server, the firewall ...
    (freebsd-questions)
  • Re: Turing of SP2 Firewall via registry entry?
    ... Group Policy that disables the firewall (see WF_XPSP2.doc ... Disabling the Use of Windows Firewall Across Your Network ... you create a script file that is read by ...
    (microsoft.public.windowsxp.security_admin)
  • Re: MS Security CD, wsh topic buried, non automated post (promise)
    ... Their stuff is for server is seems. ... you most likely want to script your 'access'. ... the firewall still inserted stuff in about every ... > Saying that you network drives may cease working. ...
    (microsoft.public.scripting.wsh)