[Klug-general] Linux to offer a paradigm-shift in computer
security
Karl Lattimer
karl at qdh.org.uk
Wed Nov 28 14:21:36 GMT 2007
On Wed, 2007-11-28 at 12:31 +0000, Peter Childs wrote:
>
> What many people on windows tell you is a firewall is not in fact a
> firewall in the true sense.
>
> A firewall in the true sense is a separate box that checks all the
> packets coming in and going out. Most people's ADSL hubs are closer to
> being a true firewall than anything that can be supplied in software.
Show me a "true firewall" in your estimation and I'll show you an
embedded computer running something suspiciously like software running
that "true firewall".
> Linux has everything to do what a firewall does very simply.
>
> ie well know port numbers you need to be root to use ie below 1024,
> and if you really want to block things you can setup iptables.
I would say a _true_ firewall is intended to do far more than this, or
at least a GOOD firewall is. iptables is the number one firewall
building tool, it beats the hell out of all the rivals (even cisco), it
only lacks DPI.
> Most firewalls under windows offer people a false sense of security
> because they are badly set up and practically everything runs as a
> superuser*....
The windows default firewall isn't a permit all firewall, and I doubt
any of the other policy based firewalls are. Sure zone alarm asks dumb
questions to dumb people, and probably a few other high profile packages
do.
>
> *This may not be as true in XP, NT and Vista as it used to be
>
> Generally so long as your spyware protection and virus scanning
> software is up to date you don't need the firewall software its just
> added bloat. The "firewall" will not be doing anything under windows
> because the user just selects yes to every question because they don't
> understand the question. Firewalls are about setting up policy and
> most peoples policies are just to let everything in and out that they
> don't understand.
OK, this is bad advice ^^ see bad advice... The firewall in windows is
the only thing stopping the slammer worm and a bunch of others. Don't
switch it off because it is added bloat!!!! It isn't, the standard
windows firewall is an adequate solution its not ideal but it WORKS for
the purposes it is intended, protecting windows' penchant for opening
ports on LAN networks.
To be blunt about it, windows is that kid that at school was always ill,
never quite looked on top of the world, had a lot of time off, then you
found out he had leukemia and you never saw him again...
in context...
YAY Leukemia!
K,
More information about the Kent
mailing list