[EMAIL PROTECTED] wrote:
>> Likewise, it doesn't take a rocket scientist to realize that the name
>> of the
>> file can be changed. So having to have these fundamental flaws in
>> architecture
>> pointed out to them before they begin to concern themselves with
>> addressing them
>> severely damages their credibility at a very fundamental level for me.
>
> This strikes me as an overreaction - what exactly should they be doing? Unless they
>perform a checksum on every application every time it connects to the 'Net, this sort
>of a problem will likely exist. I would say that checking port numbers and executable
>names is pretty good - a standard packet filter makes its decisions based strictly on
>ports.
At the very least they should be checking execution path! c:\Program
Files\Internet Exploder\iexplore.exe should be allowed, while
c:\temp\iexplore.exe should be recognized as a seperate application. If
windows will not report the execution path somehow (Which I would have
trouble believing, even from microsoft) then yes, they should checksum.
It's a reasonable approach.
> Tools like personal firewalls are not a cureall. While I think the current hype is
>largely that - hype, it's good that people are being told that a personal firewall
>isn't an excuse to ignore all other aspects of security. A personal firewall, an
>up-to-date virus scanner, and the sense to only execute things you trust will serve
>you quite well.
The sad part is that under NT or Windows 2000 your virus scanning
choices are somewhat ridiculous. The only program I've been able to live
with for any length of time is AVP, but I can't leave it running because
it slows the system down so dramatically if it's in live mode, where it
does the most good. Mostly, I just don't run outlook :)
> In a corporate environment, users who don't understand this need to be educated, and
>users who deliberately ignore these rules should have their 'Net access curtailed.
Then again, in a corporate environment, the best thing to do (sadly!)
may be to force the users to have the virus software running, via
diabolical microsoft support tools if necessary, and take away certain
of their rights by default, handle all traffic via proxies, et cetera.
At least this way you know they're doing the right thing.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
