Thread: Why do I need a software firewall?
View Single Post
  #24 (permalink)  
Old 09-30-2005, 10:02 PM
E.
Guest
  
Posts: n/a
Default Re: Why do I need a software firewall?
Volker Birk wrote:

> Maybe, an host-based IDS could work, why not? But most people already
> have some, which work very well: Virus Scanners. They don't need any
> "Personal Firewall" for that case.

PFW's are basically crap for end users. In order to configure one
properly you need to know what communications, on what port, from what
application and to where should be allowed. End users do not have this
knowledge. End users see something popup on screen, so the click to get
rid of it. "Allow sirc32.exe (the sircam virus) access to the internet
Y/N?"

The purpose of PFW's is this....

- to scare the user with meaningless alerts and make them paranoid
enough to buy the next version.
- to hog most of the system resources and make their machines run like crap.
- to give them yet more popup ?'s to ignore
- to break applications whenever the software is updated
- to give a false sense of security
- to provide a visible notification that it's all gone pear-shaped as
the PFW crashes and exits due to an infection which targets PFW's.
- to interfere with printer daemons (such as Canon or lexmark) and keep
them pesky haxors out of your print spooler by stopping the printer from
working <snigger>
- to stop your local network from working
- to make sure you pay regular bills to support technicians who have to
come and fix the mess the PFW made, then come back again to re-fix it
after you ran an update, which stopped everything working. Again.
- to secure your machine by making it so slow and unuseable that you
don't bother actually using it.
- to prove there's a sucker born every minute

Tho it's not all bad. I some instances, such as dialup, direct DSL
connections a small, lightweight filter such as XP's FW or ZA is
mandatory to stop inbound worms.


> Yes, and your point being? I claimed that hardware devices in general are
> _not_ non-complex.
>
> Yours,
> VB.

From and end user perspective, hardware devices are non-complex. They
plug them in, make sure the lights come on, stick in the CD and run the
setup wizard. An end user can configure a nat router correctly, but has
basically no chance with PFW's.

Light and tight PFW's such as Outpost, XP's one and ZA are useful *if
you have a clue* what you really want it to do. NIS, MCAfee and Trend
are bloated crap. I do not know anyone with a clue that would allow one
of the latter products on their machines.

And none of them(personal security suites) do bugger-all in terms of
malware protection, despite claiming to.
E

Reply With Quote