Re: OT: Which firewall is best? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: OT: Which firewall is best?


Quoted text here. Click to load it

Then please explain the reasoning behind providing an API to modify the
exclusions list. If the personal firewall's job is to stop programs from
accessing the internet, why write an API to facilitate a program's
ability to create a "hole" as you call it?

Sure, an untrusted program should not be allowed to disable or otherwise
get around or through the firewall, but a program running with the
permission of a user *with* the authority - should be able to. Imagine a
PFW that wouldn't allow *you* to control *it*! Now *that* would be
undesirable.



Re: OT: Which firewall is best?

erratic@nomail.afraid.org says...
Quoted text here. Click to load it

You're mistaken again, the hole is almost always INBOUND, meaning that
something/one on the internet can access the workstation.

As far as I'm concerned, exposing the interface of the firewall to
anything except the firewall program is a flaw, bad idea, serious risk
considering the level of understanding of the people using the
computers.

Quoted text here. Click to load it

And that's why people have compromised systems, thinking like yours.

The PFW should require a user/password to make changes, should make sure
that the user knows changes are being made to it, and should not let
third party apps make changes.

You seem to want to take this discussion down a ridiculous direction -
I've not once said that people should not be able to modify a firewall.
I've been very clear in my statements, don't read MORE into them than
what I've said.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Quoted text here. Click to load it

No need to get personal here, besides - I'm mostly agreeing with you. I
only take exception to your use of the word "hole" in that it implies a
failure.

Quoted text here. Click to load it

Say you went off to work and locked your door. Your intent is to keep
possible burglars out as well as keeping your scarlet macaw in. The
problem is that you left your kitchen window open.

A burglar may consider that a hole to get in through. Your bird may
consider that a hole to get out through. You may consider it to be a
hole in your security. I would only object to your considering it to be
a hole in the window because it is a feature of that window that it be
openable from the inside by you (but not by your parrot). The window is
operating within its designed parameters and so has not failed.

Quoted text here. Click to load it

I agree. But if it wasn't designed to do so, it can hardly be considered
a failure when it doesn't.

Quoted text here. Click to load it

Appearances can be deceiving.

Quoted text here. Click to load it

I don't think I am. I'm just saying that if a firewall has a feature
that allows programs to configure both inbound and outbound rules
without any further authentication than the credentials provided by the
user that installed and/or is running the program - the use of such a
feature is not a 'hole'. If a kitchen window is designed to be openable
by a parrot, it is not a hole but rather a misunderstanding of the
function of that window that allowed the parrot to escape.




Re: OT: Which firewall is best?

says...
Quoted text here. Click to load it
Except that the "Window" may be opened by more than just myself, it
could be opened by the Bird, the company that provided the bird food
once the bird food is in the house, it could be opened by one of the
kids in the house, etc.... all without my being aware of it.

HOLE is a path, exploit is a failure, making a hole without the
controller of the firewall being aware of it is a failure.

Any HOLE created without the user understanding that the hole is there
is a failure of the security system. I don't care if it's a designed
feature, that just means that the designers failed.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Quoted text here. Click to load it

If it can be run without the user allowing it or understanding it, then
it doesn't matter.

HOLE is a path, period.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Quoted text here. Click to load it

The whole idea of outbound 'firewalling' software running on the
"protected" computer is a hole. At least with a dedicated appliance it
is not expected to provide a UI to the protected computer's users to
configure or defeat itself. If a dedicated firewall appliance allowed
users of the protected computers to defeat it without additional
credentials - *that* would be a hole.

Maybe Vista's firewall makes it more like a dedicated firewall than
previous PFWs did, but it still runs on the machine it hopes to protect.



Re: OT: Which firewall is best?

says...
Quoted text here. Click to load it

Any firewall that runs on a computer that USERS logon to and have
unconfirmed control of the firewall makes that computer less secure.

In the case of Windows firewall it means there is little protection.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

wrote:

Quoted text here. Click to load it

There is no "unconfirmed control" except in your fantasy land.

Re: OT: Which firewall is best?

only.invalid says...
Quoted text here. Click to load it
And you've proven that you don't really have much experience with
Windows XP firewall by that statement.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

Little protection from what?
You fear mongers are always talking about some mysterious bogeyman
waiting to take control of someone's system unless they have fallen for
the hype and bought a router. Guess what, I don't have a router, use the
native inbound only windows FW, have a fat pipe DSL connection, yet my
exhortations to whomever to compromise me go unanswered.

Re: OT: Which firewall is best?

Quoted text here. Click to load it

And that just means that you're not, it would appear, one of the
ignorant masses that would be compromised.

So, you're stating that people running Windows XP/Vista directly
connected to the internet don't have any problems and that they always
know exactly what inbound connections are setup/permitted and their
machines never get hacked by any inbound connection that they don't
really know about....

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

I only speak for myself,
apparently from the traffic this and similar groups get,
I fall out of the majority category of low hanging fruit.
Maybe something to do with the public's mass usage
of the bundled malware facilitator package called "Internet Explorer"?

Re: OT: Which firewall is best?

Quoted text here. Click to load it

Which doesn't change my position at all. Windows XP is crappy at
protecting ignorant users that should know better after almost a decade
of threats being in the media each month.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Quoted text here. Click to load it
James, not that I want to sound sarcastic, but you're showing your level
of experience and lack of experience.

The fact remains that it's easy to punch holes in Windows Firewall
without the user knowing, not to mention all of the apps/malware that
does it.

Windows XP Firewall is fine, as long as you have a barrier device
between you/your network and the Internet.

You might want to read/study up on Security and Firewalls before you
reply again.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?


wrote:

Quoted text here. Click to load it

At least I know what a firewall is and what it's supposed to do. You
clearly don't.


Jim.


Re: OT: Which firewall is best?

Quoted text here. Click to load it

James, I design secure networks for a living, and not one of them has
ever been compromised. We have to pass audits at most sites every 6
months, never failed one yet; in fact we've never taken a single hit on
our setup by any audit.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

You're in communications with the idiot name Egan, who wouldn't know
what a firewall was if he ran into one. :-P

Re: OT: Which firewall is best?

Investigative Reporter Web server <"Investigative
Reporter1123.Web.server"> says...
Quoted text here. Click to load it

Yea, but when I'm bored I often try and teach the terminally
unteachable.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

LOL

Re: OT: Which firewall is best?

On Sun, 22 Feb 2009 20:33:08 -0500, Investigative Reporter Web server
<"Investigative Reporter1123.Web.server"> wrote:

Quoted text here. Click to load it

Please explain, what is a firewall?

Site Timeline