Thread: Why do I need a software firewall?
View Single Post
  #21 (permalink)  
Old 09-30-2005, 08:56 PM
Volker Birk
Guest
  
Posts: n/a
Default Re: Why do I need a software firewall?
Leythos <void@nowhere.lan> wrote:
> > Please explain, why an appliance for an home user is more important
^^^^^^^^^
> > than the Windows-Firewall. The Windows-Firewall is a software firewall
> > without any doubt, isn't it? And to configure it, the user has to do
> > _nothing_.
> The Windows firewall does not protect the Network, it only protects a
> single computer, only blocking inbound for the ports it was set to
> block, if properly setup.

We're talking about a home user here. Usually, the typical home user
has no LAN. If she/he has one, we both agree, that she/he should use
an appliance.

The Windows-Firewall is properly configured in Windows XP SP2 as default.

> Since the user is almost always running as an
> administrator there is a serious exposure there to compromise the
> firewall.

Good point. Of course, no user should work as administrator. It's
catastrophic, that Microsoft determines so many users to work as
administrator because of the disastrous misconfiguration, which is
default for many Windows products.

> The Windows firewall has not been certified, it's only a port
> blocker.

It works without problems. Just test it out.

> > And it does not allow to attack the user out of the network with
> > network worms or by manual attacks against servers, right? So no
> > appliance is needed for any home user, who is using a single PC.
> Wrong, the appliance is most important if the user has a single node or
> multiple nodes - it's blocking the connections BEFORE they reach the
> node. That means when the user misconfigured their PFW they don't have
> near the exposure since the NAT box is blocking most of what is coming
> at them.

And why not using the Windows-Firewall, if one has Windows XP?
It's properly configured by default.

If malware is already running on a box, then it's too late. Also an
appliance will not secure this box any more.

> You claim the Windows SP2 firewall is all that's needed - which is a
> sign that you don't have experience in the wild with users/compromised
> machines.

I'm claiming that for single hosts only. Beside that, you're wrong. I have
23 years of experience now with computers, 21 years of them with users.

And many, many incidents of compromized machines. Usually, before I come
the very first time ;-)

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc

Reply With Quote