On 21/12/2010 15:12, The Natural Philosopher wrote:
I happily agree that you have to turn off the firewall (or at least add
an exception) before shares (hidden administrator shares or otherwise)
are accessible. But assuming you've done that, I've never had to do
anything else to get sharing working.
One thing that may make a difference is "home" and "professional"
versions of windows - I have only ever used "professional" versions. So
if "home" versions take more effort and configurations, then I'll have
to take your word for it.
I also have fairly limited experience of windows after XP. I've managed
to avoid Vista almost entirely, and my impression of Win 7 is that it
works, but looks a mess and does things differently for no apparent
reason. So if things are different in Win 7, then again I don't know.
For WEP, it doesn't take long. For WPA and WPA, it depends a lot on the
pre-shared key and whether or not you use pre-calculated tables.
I'm just warning about possible weak points in security - nothing more.
Many people have poor passwords (or no passwords at all). Many people
have their firewalls disabled without realising the issues this has.
And I think most people have the administrative shares enabled, because
they never knew such a thing existed. This all adds up to many people
being susceptible to hacks through these shares.
For people who understand about security, it can be hard to appreciate
how insecure many windows systems are. But the millions of zombie
machines around the world that testify to poor security. (I know that
attacks via wireless networks are not the main cause of these zombies -
the point is that people regularly disable or abuse the security
features they have.)
Windows software firewall is far from impenetrable. There are many
common attack strategies. It comes with holes - not every port is
blocked by default. There are flaws in the implementation of the
windows networking system - these are regularly fixed, and new ones are
found. People use third-party software firewalls - in my opinion, these
often lead to more vulnerabilities than windows own firewall, as they
add layers of complication that introduce new bugs and then new security
flaws. But one of the biggest flaws is that people get so many pop-ups
(especially with third-party firewalls) or have so many problems getting
things like bittorrent to work that they disable the whole firewall.
I prefer to be paranoid - I use a hardware firewall between windows
machines and the internet. But if that's not possible, then the
standard windows firewall, when properly configured (i.e., no
inappropriate exceptions), is good enough for short-term usage. It is
not perfect, but it is seldom the weakest link.