In article <WB4of.3115$PQ3.578166@news20.bellglobal.com>,
triffid@nebula.net says...
Leythos wrote:
In article <439fab4f@news.uni-ulm.de>,
bumens@dingens.org says...
Kyle Stedman <kyle_st@yahoo.com> wrote:
Only idiots use personal software firewalls.
This is not true. Many people use them, because they don't understand
what's going on and are believing the manufaturors of "Personal Firewalls",
what they're promising.
Actually, many security types, people that make a living designing
secure solutions, run PFW solutions on their mobile devices with 100%
effectiveness. To bad people want you to believe that FPW are 100%
useless.
PFWs are designed around the patently false assumptions that a firewall
process can control the behavior of other processes running under the
same OS kernel instance, and is somehow immune to being controlled by
other processes.
I accept that your experience as a person making a living designing
secure solutions leads you to believe PFWs are 100% effective, yet I
somehow doubt you would recommend your clients run anything other than
firewall processes on their firewalls. Same thing.
Can you cite an instance where a PFW provided protection which was not
afforded by best practice - i.e. services minimised, least privilege,
user vigilance?
Yes, taking my laptop into a government agency, where they were
compromised by a exploit that was killing their network, infecting
machines that a patch had not been issued for yet. My laptop running
Tiny was set to block all INBOUND and ALL OUTBOUND (my normal starting
point when I walk into a new client/wild). I was able to see the inbound
traffic, keep my computer from being infected by the exploit.
A good example of the outbound protection was the 4 computers that were
infected with a SMTP engine virus at a Sorority. While one machine had a
PFW, it was setup to only allow SMTP access to the local outbound email
server - this computer was "Trying" to spew more than 100 emails/sec to
random addresses, but the PFW blocked it from reaching outbound via SMTP
of it's own engine (the virus didn't try and relay through the local
server). The other three machines were not protected by a PFW and were
spewing virus containing emails all over the planet. At the same time,
after being called in, I set my laptop to block all in/out, then setup
an IP on the network, then watched the traffic hitting my laptop -
determined the compromised machines and disconnected them until clean.
As a side not we got a contract to setup their network and secure their
systems - keep in mind that these are all different types of computers,
various OS's, various AV/PFW products, etc... In the following periods
this group has only had one infection (in three years) and it was an
exploit in AOL IM that caused 5 machines to be compromised, but, that
was through a path that was normally open and easy to pass through - it
was odd that the AV software didn't pick it up (it did a couple days
later)... Almost every system arriving for this year had quality AV
software, all were running at least SP2 and had the Windows Firewall
enabled, about 40% were running NIS or ZAP, and the ones running a PFW
have had the least issues this year.
--
spam999free@rrohio.comremove 999 in order to email me
