Re: Firewall Security
From: Ken Gardner (KenGardner_at_discussions.microsoft.com)
Date: 02/14/05
- Next message: Jupiter Jones [MVP]: "Re: Restore Points Dates"
- Previous message: AngelaB: "Virus"
- In reply to: Bruce Chambers: "Re: Firewall Security"
- Next in thread: Bruce Chambers: "Re: Firewall Security"
- Reply: Bruce Chambers: "Re: Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 13 Feb 2005 21:53:02 -0800
"Bruce Chambers" wrote:
> All of which begs the question, somewhat. How do you detect the
> presence of malware that your antivirus and anti-spyware applications
> don't recognize as such? The experienced, advanced computer user may
> well notice subtle odd behaviour and investigate, but what about the
> average consumer? Most lack the technical knowledge, the inclination,
> or even the desire to have that level of understanding. Unless some
> goes egregiously awry, the average computer user simply won't be aware
> that he's just sent his credit card info off to Eastern Europe. A 3rd
> party firewall at least tells them that there's something wrong, even if
> they don't quite know what to do about it.
I don't think we disagree as much as I earlier thought we did. My view is
that if someone isn't really sure that they have the knowledge and
inclination to protect themselves from crudware, then a third party firewall
is a better choice than the Windows firewall.
> I can't argue with any of that; it mirrors my own opinions and
> practices. Most other people, however, are nowhere near as
> conscientious about performing these hygienic chores.
It really comes down to this very point. For these others, a third party
firewall is a better solution.
[...]
> While it certainly true that there's no "one size fits all" solution to
> computer security, I have to disagree with your contention that only
> people who practice unsafe computing need a firewall. Anyone is capable
> of making a mistake; it only makes good sense to have a mechanism in
> place that can detect that mistake. Do you disdain the use of seat
> belts because you've never been involved in a traffic accident, and you
> have an air-bag to protect you if necessary? (Shaky analogy, but I like
> it.)
My response to this is that the anlogy doesn't hold up because I already use
seatbelts and airbags, i.e. antivirus software, antispyware software,
anti-adware software, and regular XP updates. Adding a third party firewall
to this setup would be more like adding extra armor plating, which will make
your vehicle safer but also result in a performance hit because the car is
heavier, less fuel efficient, etc. On the other hand, if I could be
convinced that a third party software doesn't result in a transparent
performance hit (other than the necessary "training" that goes with any such
firewall), then my analogy doesn't hold up, either. I have to confess that
you now have me thinking about this issue a bit more closely.
[...]
>Here, I must vehemently disagree. Having spent the past several years
> supporting all levels of computer users in multiple environments, I've
> observed that the vast majority of people don't know how to practice
> safe hex, and really aren't particularly interested in learning.
Well, I'm not a computer professional, although I am a computer enthusiast
and have been extensively messing, er, tinkering and experimenting with every
version of Windows since 3.1. So I would agree at least to this extent: my
way of doing things is not for everyone, and certainly not for the computer
novices that you are describing here.
[...]
> Having used both products, my experiences differed. I never found them
> to cause problems of that sort, at all. Of course, my experiences are
> obviously going to be different, so this is something of a moot point.
Right. And I don't mean to imply that the problems I encountered were major
problems. I would classify them as minor annoyances -- e.g., occasions when
the firewall blocked Internet access because of network changes at my ISP
level, or prevented legitimate programs it didn't recognize from accessing
the Internet.
[...]
> > The problems I always had with third party
> > firewalls was that the software was not properly configured -- by the
> > program, not by me. As a result, it would block many legitimate outbound
> > communications, so I would constantly be reconfiguring the firewall.
>
> How do you mean "the software was not properly configured -- by the
> program?" We you expecting that the firewall's default settings would
> be universally applicable and require no user intervention, no fine
> tuning, as it were?
Yes, that's what I meant, although I can see that "not properly configured"
probably overstates my case. And no, I don't expect the software's default
settings to be universally applicable and require no user intervention.
Incidentally, this is a problem that your novice users are going to have with
these third party firewalls. I personally found Norton sometimes hard to
use, and Zone Alarm even harder to use -- and I am one of those guys who
actually researched on Google and elsewhere what programs it was blocking to
see if I should allow them to access the Internet. Most users, I suspect,
would block the communication rather than to take the trouble to find out
that they should allow the communication.
> If I'm understanding you correctly, that strikes me
> as a rather naive outlook for someone who is as knowledgeable and
> experienced as you seem. And were you really "constantly"
> reconfiguring the firewall, or was it only after you'd made changes to
> one or more of the applications? There's always a brief period during
> which a new firewall must be "taught" about your computing habits and
> your applications, but after that initial "burn-in" period, it really
> shouldn't be necessary to constantly reconfigure the firewall.
Again, that's all I'm talking about here. Eventually one can "train" these
firewalls, at which point they don't bother you again unless there is some
major change to your network, or you add new software.
> This is because the firewall is reacting to the potentially dangerous
> behavior of an application, rather than checking a list to see if a
> program is one of the pre-defined bad guys. The firewall doesn't "know"
> that a program is a good guy until you tell it so. (And your definition
> of an acceptable outbound connection may well vary from any one else's.)
> The inconvenience of having to research the source of the firewall's
> alarm is, to me, just one of the prices that must be paid to have a
> secure computer. I look upon such an event as an educational opportunity.
To be honest, this is one of the things I really liked about using third
party firewalls. I did learn much about Windows by researching which
programs should be permitted to access the Internet.
[...]
> > I would rather spend my time arguing
> > with bright computer guys like you over Usenet. :)
> Thank you for the kind words. I've enjoyed our exchange of ideas, as well.
And you have me thinking about this entire issue again. If I could be
convinced that there really is no downside in performance to adding a third
party firewall to everything else I do, I will probably concede defeat and
reinstall NIS. :)
Ken
- Next message: Jupiter Jones [MVP]: "Re: Restore Points Dates"
- Previous message: AngelaB: "Virus"
- In reply to: Bruce Chambers: "Re: Firewall Security"
- Next in thread: Bruce Chambers: "Re: Firewall Security"
- Reply: Bruce Chambers: "Re: Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
