E. <bellyup@the.bar> wrote:
> I have encountered, in the wild, a worm which went straight through
> (from outside) windows firewall and infected machines. I do not recall
> the name of the virus. The vulnerability that allowed this has since
> been patched.

Would be very interesting to know, what you're talking about. Could you
find any proofs for it?

> So it has been done, and will probably be done again.

Please understand, that I will believe this after I saw the proof.

To explain: I'm not very convinced about security in Microsoft's products
either. In fact, I'm typing this on a Apple Powerbook running Debian
GNU/Linux. I'm doing my Windows development on a Windows 2003 Server using
rdesktop in our inner zone.

But if one is using Windows, then she/he is trusting in Microsoft. If one
is not trusting in Microsoft, he/she just should not use Microsoft's
products.

And the Windows-Firewall is just a GUI for the packet filters in Windows'
kernel. If one isn't trusting into Windows kernel, then one should not
use Windows at all, because an operating system's kernel is the software
which has to control any other software program running on the OS, including
the "Personal Firewall" software programs of third party.

The KISS principle, I think, is very important for security either. So to
keep Windows as simple as possible (as a matter of fact, it's much too
complex already), adding another software program to make it secure is not
a very good idea anyway. This added software program then should offer a
huge extra of being secure against other attack vectors, so this compensates
making the system more complex.

I cannot see this with every "Personal Firewall" we tested. I only saw
very incompetent hacked software, most of them even breaching security
by ignoring Microsoft's design principles for system software.

And I saw no additional security at all compared with the Windows-Firewall.

But if the Windows-Firewall has such huge holes like you're claiming,
I will change my mind of course. Then Windows' packet filter would be
not a good idea to use. Then I would call people not to trust into any
host based packet filtering for Windows I know. I would call people
to filter with second devices before each Windows box, or to disable
Windows' servers only.

But until I see a proof here, I will not believe that. Sorry.

I know of a bug in Windows' IP stack, detected in June this year. It was
patched. Windows even was vulnerable to the "good old" LAND attack again.
Shame on Microsoft. But this has nothing to do with the Windows-Firewall,
and if it was used, a Windows box was not vulnerable in this way.

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc