Re: Firewall Security
From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 02/16/05
- Next message: Carey Frisch [MVP]: "Re: logfile file determine who has logged in?"
- Previous message: Bruce Chambers: "Re: Is software firewall nessasery if hardware is available?"
- In reply to: Ken Gardner: "Re: Firewall Security"
- Next in thread: Ken Gardner: "Re: Firewall Security"
- Reply: Ken Gardner: "Re: Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 20:14:20 -0700
Ken Gardner wrote:
>
>
> Adding a third party firewall
> to this setup would be more like adding extra armor plating, which will make
> your vehicle safer but also result in a performance hit because the car is
> heavier, less fuel efficient, etc.
There's always a trade-off between convenience, performance, and
security. If you're already operating at your "comfort level," you may
not need to change anything.
> On the other hand, if I could be
> convinced that a third party software doesn't result in a transparent
> performance hit (other than the necessary "training" that goes with any such
> firewall), then my analogy doesn't hold up, either. I have to confess that
> you now have me thinking about this issue a bit more closely.
Not all 3rd party firewalls carry the quite noticeable performance hit
of Norton's Personal Firewall. I use the free edition of Sygate,
myself. I find it to be easily configurable, and it has a much lower
impact upon performance then does the Symantec product.
> Most users, I suspect,
> would block the communication rather than to take the trouble to find out
> that they should allow the communication.
>
>
I don't see this as a necessarily bad thing. The more recent 3rd party
firewalls that I seen all seem to automatically allow the "normal"
Internet applications (Internet Explorer, Outlook Express, etc.), while
asking about unknown programs and those processes that can hijacked. If
the uniformed user does block the wrong application, it's usually a
simple matter to "unblock" it, once he realizes that something is no
longer working correctly. My biggest fear is the the uninformed user
will instead allow the unknown program access to the Internet. While
this option is also easily reversible, there's no telling what amount of
damage or system compromise has already taken place.
>
>
> To be honest, this is one of the things I really liked about using third
> party firewalls. I did learn much about Windows by researching which
> programs should be permitted to access the Internet.
>
.....
>
> And you have me thinking about this entire issue again. If I could be
> convinced that there really is no downside in performance to adding a third
> party firewall to everything else I do, I will probably concede defeat and
> reinstall NIS. :)
>
Don't reinstall NIS. instead try one or more of the free personal
firewalls, such as Sygate or Kerio. I think you'll be pleasantly surprised.
-- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
- Next message: Carey Frisch [MVP]: "Re: logfile file determine who has logged in?"
- Previous message: Bruce Chambers: "Re: Is software firewall nessasery if hardware is available?"
- In reply to: Ken Gardner: "Re: Firewall Security"
- Next in thread: Ken Gardner: "Re: Firewall Security"
- Reply: Ken Gardner: "Re: Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
