Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
"Mike Hall (MS-MVP)" wrote:
> "If you really need the additional capability to block outgoing
> communications with a firewall (e.g. you are a security novice, or you have
> teenagers who use the computer with Administrator privileges -- trust me,
> they know how to find Kazaa), then they are right: by this standard, the
> Windows firewall is not good enough."
> Most users would benefit from a firewall that warns of outgoing events, or
> be made aware of programs that will try to phone home.. it saves having to
> watch every single step that you make..
I don't dispute that a third party firewall is effective in preventing
crudware from phoning home. I do dispute that this capability, as a
practical matter, is much of a security benefit, because it means that the
user's machine has already been compromised -- otherwise, the crudware
wouldn't be there in the first place. At best, this feature makes an
insecure computer slightly less insecure, but they don't help an already
secure computer be any more secure than it already is with the Windows
firewall.
Moreover, third party firewalls are harder to configure properly. A user
who doesn't even know enough to prevent his computer from being compromised
isn't going to know how to configure the firewall, either. See, e.g., my
brother.
Speaking of my brother -- and he doesn't even rise to the
security novice level, "total security dumbass" best describes him -- he has
been problem free since the day months ago when I wiped the crud off his hard
drive, installed SP2 and the Microsoft beta antispyware program, showed him
how to use Ad Aware, and -- most important -- set up his teenage daughter on
a limited account. I shudder to think what would happen to him if, e.g., he
ran into the same types of problems that I used to have with Zone Alarm.
> Crudware can be imported on the back of innocuous programs and files, and
> then do its work from inside.. the classic 'inside job'.. a third party
> firewall can stop this..
Right, but so can an up-to-date Windows XP with SP2 set to the default
settings, an effective and up to date antivirus program, an effective and up
to date antispyware program, an effective and up to date anti-adware program,
and just a decent modicum of common sense and good judgment in downloading
files and opening attachments. The difference is that if the user does all
of these other things, his machine won't be compromised in the first place.
>
> " Second, no one has ever explained why a third party firewall that blocks
> outgoing communications will make a computer more secure than a computer
> running Windows firewall."
> This is an easy one.. a third party software firewall will warn the user
> that unauthorised events are about to happen, and the user can say NO.. this
> action will prevent any information being sent out.. an example.. in a
> clothes store, you see gates at the entrance/exit that warn of unauthorised
> exits of stock..
But how does this feature make me more secure? It tells me only that some
program is trying to access the Internet, and purports to give me (usually
inadequate) information and/or advice about the program. In the very best
case scenario, it warns me that crudware is trying to phone home -- but this
goes back to my point that these firewalls make insecure machines less
insecure, but they do nothing to increase the security of an already secure
machine. In the worst case scenario, legitimate outbound communications on
an already secure machine are being blocked, often without my knowledge or
consent.
> "A third party firewall does not prevent a computer from becoming
> compromised, but only helps limit the damage ...... "
> How can you say this on the basis that a third party software firewall
> blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
> all know that software firewalls of any type can be breached, but it takes a
> determined effort.. you can just type 'Open Sesame'
To the extent that it blocks incoming communications, well, all firewalls do
that, and all of them do it well. To the extent that it blocks outgoing
communications, either the communication is legitimate (in which case it is a
hindrance) or illegitimate (in which case the machine is already
compromised). Either way, it doesn't enhance security, although it does
reduce the level of insecurity of an otherwise insecure machine.
> "Besides, would you trust a computer that has been compromised by crudware,
> but was apparently blocked from "phoning home" by a third party firewall? I
> wouldn't. And that's assuming the user even knows that the program is
> crudware and therefore elects to block it."
> This assumes that third party firewalls only stop outgoing events, a
> statement that you know to be patently untrue..
Again, I don't deny that they also stop incoming attacks, but so does
Windows firewall. The issue here is not whether a firewall is better than no
firewall, but whether, from a security standpoint, users who take a few
simple steps to secure their machine really need the additional ability of a
third party firewall to block certain outgoing communications. I haven't
seen a compelling argument that they do.
> All of the people that I support use McAfee Suite 8 firewall and anti-virus
> (not spam killer or privacy service).. none of them have had problems
> setting up or using the suite.. in fact, many forget it is even there, which
> is how it should be..
That may be the case, although I have had enough bad experiences with
MacAfee in the past never to use it again. The ideal third party firewall
would be one that required as little user interaction as possible. This
ideal state of affairs certainly doesn't describe the two third party
firewalls I am most familiar with: Norton and Zone Alarm.
> And what's with the 'security novice' jive?.. companies may not use a third
> party software firewall like Zonealarm, but the firewalls that they do use
> are configurable re. stopping access outbound.. do you think that a company
> like IBM just protects against incoming stuff?..
I'm saying that people who pay little or no attention to computer security
are much more likely to need a third party firewall. Even then, it is
possible to set up their machines so that they don't need one -- as I did
with my brother.
> Microsoft don't have a full software firewall and anti-virus programs
> included in their OSes as protection against lawsuits, and come the day that
> they are allowed so to do, your words here are going to look a little
> stupid..
I'm not following you here. Are you saying that Microsoft doesn't use
outbound blocking in its Windows firewall because it fears litigation? As
for antivirus, isn't Microsoft preparing to introduce its own antivirus
software sometime this year or at least in the next version of Windows? I
read something to that effect a month or so ago (I can probably find the link
if I need to).
Ken
Facebook
Twitter
Instagram