Re: Software Firewalls
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 03/06/05
- Next message: Jupiter Jones [MVP]: "Re: Microsoft AntiSpyware by Unknown ? Virus ?"
- Previous message: Changbeom Park: "To install mysql on Power users groups."
- In reply to: Scott M.: "Re: Software Firewalls"
- Next in thread: JW: "Re: no longer true"
- Reply: JW: "Re: no longer true"
- Reply: Scott M.: "Re: Software Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 6 Mar 2005 00:21:38 -0500
Scott M. wrote:
> I agree with most of what you say with exception that no outbound
> blocking is usually enough.
For home/novice users, it usually is, unless they have something else
(gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
outbound). These things are inexpensive nowadays. I see no reason not to
have one.
> As you know, *most/many* home users are
> oblivious to what is running on their PCs and *many* have
> spyware/adware that they don't even know about. Having no outbound
> blocking for *most* people in these circumstances is like leaving the
> bank vault open and walking away.
Well - I somewhat disagree. First, the spyware got in there somehow - and it
didn't just blithely wander in through the guy's cable modem when he wasn't
looking, & install itself. And spyware infestation is not going to be
stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
safe hex, XP SP2, tightening browser security, running antispyware software
(Microsoft's beta, or others). In fact - this is a must, regardless.
Re *trojans* (which are more of an issue in the context we're discussing
here) yes, one can do the whole internet a favor by not allowing all but
needed traffic outbound, it's true - and this is a Good Thing. However,
again, the trojan got in somehow and didn't just blithely wander in through
the... (see above). And the aforementioned guy needs good antivirus
software, kept updated regularly and needs to know how to practice safe hex,
as well as running WU regularly. Again, this is a must, regardless.
If this guy doesn't get how to deal with the above, you think he's going to
know exactly what to do when his local fw software asks him whether he would
like to allow svchost.exe to access the Internet? I don't. He'll get
frustrated and pick the wrong choice- or he'll simply turn off the annoying
thing to avoid being asked.
> For this reason, I say the Windows
> Firewall is crude at best.
Yes, it's simple, or if you must insist, I'll allow you your "crude." But it
won't be any *less* useful than a third party application with regard to
spyware. Spyware comes in and runs - it doesn't then launch attacks to the
Internet.
>
> I whole-heartedly agree that a perimeter firewall is a much better
> solution. Myself, I use a hardware firewall at my network perimeter
> and software firewalls (ZA) on each of my client machines.
Yep - belt & suspenders, but your clients had better be pretty savvy unless
you don't present them with "pick yes or no" messages.
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
>> Scott M. wrote:
>>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
>>> machines I use it with. I would NOT recommend the XP Firewall as
>>> the other person suggested. The Windows Firewall is crude at best.
>>
>> I'd say "simple", rather than "crude". It blocks *all* inbound
>> traffic by default....and no outbound, which is often enough.
>>
>> I personally don't use it myself, but I've found that for the
>> majority of home/small biz users, it's very confusing for them to
>> continually get popup
>> messages asking if they want to allow blah.exe to access the
>> Internet. They
>> either click No all the time out of (reasonable) paranoia and mess up
>> something, or they allow things they shouldn't.
>>
>> I prefer perimeter network firewalls, even for home networks.
>>>
>>>
>>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
>>> message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>>>> "Rod P." wrote:
>>>>
>>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
>>>>> but my computer would not boot, so I am wondering if there is a
>>>>> firewall out there
>>>>> that is compatible with the SP2 firewall.
>>>>
>>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>>>> date, you really don't need a third party firewall as long as you
>>>> use other measures to
>>>> keep viruses, trojans, worms, adware, and spyware from getting on
>>>> your system
>>>> in the first place -- and you will also be free of all the problems
>>>> (did someone mention Zone Alarm?) that people seem to experience
>>>> whenever they attempt to install a third party firewall with SP2
>>>> (as you can quickly learn
>>>> by regularly following these newsgroups).
>>>>
>>>> If, despite all this, you want to use a third party firewall, you
>>>> should turn off the Windows firewall. You should have only one
>>>> firewall running at
>>>> any time on your system. Ditto for antivirus.
>>>>
>>>> Ken
- Next message: Jupiter Jones [MVP]: "Re: Microsoft AntiSpyware by Unknown ? Virus ?"
- Previous message: Changbeom Park: "To install mysql on Power users groups."
- In reply to: Scott M.: "Re: Software Firewalls"
- Next in thread: JW: "Re: no longer true"
- Reply: JW: "Re: no longer true"
- Reply: Scott M.: "Re: Software Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
