Thread: Why do I need a software firewall?
View Single Post
  #41 (permalink)  
Old 10-03-2005, 02:30 PM
Todd H.
Guest
  
Posts: n/a
Default Re: Why do I need a software firewall?
Volker Birk <bumens@dingens.org> writes:
> Todd H. <comphelp@toddh.net> wrote:
> > Volker Birk <bumens@dingens.org> writes:
> > > Leythos <void@nowhere.lan> wrote:
> > > > the NAT device will protect
> > > > the user regardless of the settings in the Windows Firewall
> > > The Windows-Firewall will protect the user regardless of the settings
> > > of the NAT device. So what?
> > Harder to crash
>
> Please show one single way to crash the Windows-Firewall from outside.
> After you showed, I will believe.

Today: Email attachment with proper social engineering for grandma to click
on it, leverage a zip buffer overflow, executable overflow turns of
the windows firewall.

Future potential: as yet unkown vulnerability in the program or OS
that brings down the protection directly.

> > harder to disable
>
> *plug* *plug* vs. *click* *click* - Maybe you're judging this so.

Yes...any time a support technician would have to convince my 70 year
old mother say, has to crawl behind the desk out of the chair and
recable something, I'd say it's harder to disable than "Click this
icon in the bottom right of the screen, now click Disable."

I'll also point out that clicking on no executable email attachment
would EVER recable her network for her.

>
> > Security in depth.
>
> Please explain. If you want to say, maybe one could use a filtering NAT
> router _and_ the Windows-Firewall, I'd agree. Why not?

Yes...bejesus! He sees the light!

Volker, that is what I've been advocating in this whole thread.
Remember way back to the original post where the guy with a firewall
device asked why he needed a software firewall too?

And please don't argue Leythos's points with me please.

> His claim, the Windows-Firewall is "a piece of crap" and badly
> implemented, we can forget, of course. He had no single argument for
> that.

As personal firewalls go, though, Windows Firewall is inferior because
it, while running, is NO better than a border firewall device, and
more likely to go down.

A personal firewall that actually has the ability to inercept/track
outbound traffic on a per-application basis would be a better choice
as complimentary protection to a hardware based SPI firewall device.

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote