Hi stuart,
On Sunday, May 5, 2002 at 21:53:45 [GMT +0100], you wrote:
LG>> The problem with a "personal firewall" is that the security it can
LG>> offer is rather limited (or "almost 0").
sw> Care to back that statement up with some evidence?
Most of this was already in my last message, although a bit hidden, I
admit. I hope this is the kind of evidence you are looking.
There are basically two threat scenarios in the marketing departments of
personal firewall vendors:
a) Someone from the internet connects to a service on your box,
installed by default on your system (IIS comes to mind).
b) Someone connects to a trojan horse on your system.
Please feel free to correct me about this if I forgot something
important.
Now, let's have a look at these scenarios.
a) Why do you have a service on your system if you don't want people to
connect to it? Just switch it off, that will do the same purpose as
your PF denying access to the port the service is listening on. I'd
say that you can't gain much security here with a PF which you
couldn't get some other way, don't you agree?
b) Why did you install the trojan horse on your system? OK, maybe that
happened by accident. And now you think that the PF will prevent
access to the trojan horse? It won't. Perhaps this works for some
malware. But what prevents the malicious program from disabling the
PF? They are in fact running on the same box. (OK, on an NT based
system, it is harder for a malicious program to do this, *if* a user
is logged in as user, not as administrator. If the user logs in as
admin regularly, the malware can simply disable the PF.) Again, I
don't see a reason here
The problem is that you can't buy anything as a "firewall". Such a thing
doesn't exist. It's a concept of security, usually involving separate
hardware with little or no important data on it. Even the best security
solutions are useless if the users click happily on every attachment
they can get hold of.
And that is basically my opinion about personal firewalls: You can't get
any security out of them which you wouldn't get with some work on your
system and some common sense. Instead you are adding software to your
system which could have even more security holes than it is supposed to
fix. On the other hand, a personal firewall can lead to a feeling like
"ZoneAlarm (or any other PF product) is protecting me, let's open this
attachment". This is about the worst thing a PF can bring you, a false
feeling of security.
I could come up with more reasons why a personal firewall is useless
(and only one why it is actually useful), but this is still off topic,
so let's continue this in private mail (which I asked for in the message
before anyway).
--
Regards,
Lars
The Bat! 1.60j on Windows XP 5.1 Build 2600
____________________________________________________________
| Lars Geiger | <mailto:[EMAIL PROTECTED]> |
________________________________________________________
Current Ver: 1.60i
FAQ : http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://bt.ritlabs.com
