[Klug-general] Linux to offer a paradigm-shift in computer
security
Karl Lattimer
karl at qdh.org.uk
Wed Nov 28 19:12:26 GMT 2007
On Wed, 2007-11-28 at 18:55 +0000, Peter Childs wrote:
>
>
> On 28/11/2007, Karl Lattimer <karl at qdh.org.uk> wrote:
>
> On Wed, 2007-11-28 at 15:34 +0000, Peter Childs wrote:
> >
> >
> > On 28/11/2007, Karl Lattimer <karl at qdh.org.uk> wrote:
> > OK, this is bad advice ^^ see bad advice... The
> firewall in
> > windows is
> > the only thing stopping the slammer worm and a bunch
> of
> > others. Don't
> > switch it off because it is added bloat!!!! It
> isn't, the
> > standard
> > windows firewall is an adequate solution its not
> ideal but it
> > WORKS for
> > the purposes it is intended, protecting windows'
> penchant for
> > opening
> > ports on LAN networks.
> >
> >
> > If its a worm the virus protection should have stopped it. A
> Firewall
> > will not stop a worm.
> >
>
> The biggest load of shit I've ever heard!!!!
>
> A WORM/REMOTE EXPLOIT CAN ATTACK USING A BUFFER OVERFLOW
> EXPLOIT AGAINST
> AN OPEN PORT FOR INSTANCE, A FIREWALL BLOCKS THIS INITIAL
> ATTACK RATHER
> THAN REMOVING THE MALWARE AFTER INFECTION HAS TAKEN PLACE!
>
> Anti-virus is a damage limitation tool (and by no means
> perfect,
> generally leaving a few twitching tendrils of malware), not an
> active
> interrogator of incoming traffic like DEEP PACKET INSPECTION,
> firewalls
> ultimately prevent services being exploited in the most part
> by blocking
> access to certain ports.
>
> > A firewall is a dedicated appliance, or software running on
> another
> > computer, which inspects network traffic passing through it,
> and
> > denies or permits passage based on a set of rules.
>
> appliance meaning... a computer with software in it? And why
> does it
> need to be dedicated? I mean if my web server is in a DMZ its
> gonna have
> ip tables on it!
>
> > see http://en.wikipedia.org/wiki/Firewall_(networking)
>
> Of course, you get all your knowledge regarding firewalls
> from
> wikipedia, not erm... I dunno Cisco internetworking systems
> (great free
> as in beer book) or the netfilter mailing list, or the
> countless white
> papers on IP Tables you've read.
>
>
> Actually this is what I was taught at University. Its the standard
> definition of a firewall.
Well that's funny, I was taught it was a method or system for
controlling incoming and outgoing traffic based on TCP/IP header
information.
Notice the ambiguous "method or system", but the very unambiguous
declaration of its purpose.
Regardless of the definition, you have such a skewed understanding of
the purpose of a firewall or the details of malware that it is important
to clarify these points.
Someone can walk away from you with a hand grenade, it can go one of two
ways, you told them to leave the pin in, or you said it doesn't matter
if the pin is in or not, and in reality its just a waste of metal.
> Just like not all things people call viruses are in fact viruses they
> may be worms, trojan horses etc etc but all covered by what is a now a
> standard tool that protects against many things.
>
> All I'm trying to say is that most windows firewall software is badly
> set up and usually people just blindly click Yes when asked.
You keep referring to other software, the trick is to use the standard
windows firewall, it has a sensible policy and doesn't actually harass
you. Well unless you're using vista! but still I don't think it
questions you about incoming traffic
> If used properly its a useful too but most people don't understand whats what...
Please realise giving people advice to turn their firewall off because
its a waste of resources is very very bad advice. Especially if people
turn to you for help, even if a firewall is using resources it is not a
waste. The trick is to use the right tool for the job, not one of these
over-featured GUI tools that cost $$$.
However even an over-featured GUI tool is better than NOT HAVING A
FIREWALL! Stating that worms attack via a method that cannot be
prevented by using a firewall is also bad information to be passing over
to someone.
K,
More information about the Kent
mailing list