"Heimo Claasen" <[EMAIL PROTECTED]> wrote: > Well, in a way they do run the show. But with the presents for them. > Here's (pardon for crossposting) the tale of a desillusioned > cyberchild who hoped to get on the safe side, finally, with a M$ > product: > > --------------------quote:-------------- > [...] > Windows XP comes with a firewall on the Internet connection -- great, you > can't be hacked! BUT IT ONLY WORKS ONE WAY -- monitoring the data coming > into the system, but not going out. This means that any program installed on > the machine, be it mundane or malicious, can send out without you knowing > about it. > [...]
As opposed to which other operating systems? Thinking all the way back to DOS 2.11 (Apple DOS 3.3 actually) and up to the present, the best I've seen on a desktop or server is that comes pre-configured is INBOUND protection, and even that's been historically marginal until recently. And let's face it, if MS INCLUDED a full-blown firewall: A) Most users wouldn't be able to understand it, and so would disable it completely, thus removing even the inbound protection provides (which is significant if used properly). B) This list would be full of people bitching about MS including YET ANOTHER app in their behemoth and screaming for DOJ to step in. Besides, egress filtering doesn't make sense on a desktop, and only limited sense on a server. It belongs at the network perimeter so it can catch ALL of the outbound traffic from a single location. Imagine the nightmare of configuring detailed rules on 100 systems, when all that nasty outbound traffic can be monitored from ONE location and catch FAR MORE potentially malicious traffic! That's what a network Intrusion Detection System (IDS) is for. If it were running on the compromised machine (remember whatever compromised it got PAST the existing INBOUND protection to start with) then it could just as likely DISABLE the OUTBOUND protection, giving a false sense of security. I'd just as soon avoid XP, but I see this as another pointless case of MS bashing. - Bob To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
