- Thread starter
- #161
R
Root Kit
On Sun, 20 Jul 2008 10:24:26 -0300, "John John (MVP)"
<audetweld@nbnet.nb.ca> wrote:
>The point to be made is that before XP was released third party firewall
>products were the only alternative to hardware firewalls
That's not entirely true. You are missing the obvious (and in fact
most secure) alternative of shutting down the unneeded network
services (which should of course have been the windows default
setting). I used to run a W2K machine with a direct Internet
connection without any inbound "protection" at all and without
problems for several years. And to be honest, still today I wouldn't
loose any sleep over operating a hardened W2K client machine directly
on the net.
>These were trusted applications from trusted companies.
I guess that's an opinion open for debate.
>Then, overnight, just because Windows XP was released, in the eyes of a
>zealous few these companies became villains peddling worthless products!
That's also not true. They were highly criticized among specialists
already before that. It's just hard to get through the marketing
noise.
>A couple of individuals decided to tar and feather a whole ISV group with the same
>wide brush! That is wrong, absolutely wrong, and the attack on some of
>those ISVs is completely unwarranted, those ISVs were trusted companies
>the day before XP hit the market and they were no less trustworthy the
>day after XP was released. Much of the hype against those ISVs is
>nothing more than blind zealotry!
I think it's absolutely fair that some people stand up against the
obvious hype and in cases utter nonsense that the marketing
departments of these companies were and are still using to fool less
knowledgeable users into buying their products. I find it a bit
worrying that an MVP does not have the technical insight to see
through the smoke.
I've asked this before without getting any responses: Why are there no
web pages with listings of personal firewall software available for
Linux? Well, don't bother. I already know the answer.
Please understand that I'm not in any way trying to "defend" MS. I
fully recognize that windows has it's serious security flaws. But when
claiming that it can be made more secure by adding further highly
questionable code to it, one has stepped away from technical sense and
into emotional reasoning - often backed by non-applicable analogies.
>There is also a developing and troubling trend in this whole debate, one
>that some people are bent on spreading at all costs, that because
>software firewalls are not immune to exploits by malware attempting to
>send data to outside networks, then by simple deduction any and all
>egress filtering as a security concept is unnecessary.
Who is that? - I for sure have not been spreading that thought.
>Egress filtering at the perimeter, done by reliable network appliances, is a vital part
>of network security,
Agreed.
<audetweld@nbnet.nb.ca> wrote:
>The point to be made is that before XP was released third party firewall
>products were the only alternative to hardware firewalls
That's not entirely true. You are missing the obvious (and in fact
most secure) alternative of shutting down the unneeded network
services (which should of course have been the windows default
setting). I used to run a W2K machine with a direct Internet
connection without any inbound "protection" at all and without
problems for several years. And to be honest, still today I wouldn't
loose any sleep over operating a hardened W2K client machine directly
on the net.
>These were trusted applications from trusted companies.
I guess that's an opinion open for debate.
>Then, overnight, just because Windows XP was released, in the eyes of a
>zealous few these companies became villains peddling worthless products!
That's also not true. They were highly criticized among specialists
already before that. It's just hard to get through the marketing
noise.
>A couple of individuals decided to tar and feather a whole ISV group with the same
>wide brush! That is wrong, absolutely wrong, and the attack on some of
>those ISVs is completely unwarranted, those ISVs were trusted companies
>the day before XP hit the market and they were no less trustworthy the
>day after XP was released. Much of the hype against those ISVs is
>nothing more than blind zealotry!
I think it's absolutely fair that some people stand up against the
obvious hype and in cases utter nonsense that the marketing
departments of these companies were and are still using to fool less
knowledgeable users into buying their products. I find it a bit
worrying that an MVP does not have the technical insight to see
through the smoke.
I've asked this before without getting any responses: Why are there no
web pages with listings of personal firewall software available for
Linux? Well, don't bother. I already know the answer.
Please understand that I'm not in any way trying to "defend" MS. I
fully recognize that windows has it's serious security flaws. But when
claiming that it can be made more secure by adding further highly
questionable code to it, one has stepped away from technical sense and
into emotional reasoning - often backed by non-applicable analogies.
>There is also a developing and troubling trend in this whole debate, one
>that some people are bent on spreading at all costs, that because
>software firewalls are not immune to exploits by malware attempting to
>send data to outside networks, then by simple deduction any and all
>egress filtering as a security concept is unnecessary.
Who is that? - I for sure have not been spreading that thought.
>Egress filtering at the perimeter, done by reliable network appliances, is a vital part
>of network security,
Agreed.