In article <>, Tue, 08 Apr 2008 22:18:16
+0200 Sebastian G. says...
> Poutnik wrote:

> Yes, that's the opinion of obviously clueless people. Say I setup a packet
> filter to drop every packets, how exactly would you try to circumvent this?

Such settings will be soon replaced by something useful.
Similarly it can be said PC switched off is 100% secure.
But such one is useless one.
> As for a more practical example: I setup a packet filter to only allow HTTP
> on port 80 via a proxy, and the proxy does both DNS forwarding and HTTP
> proxying. In both application protocols I set up a whitelist of allowed
> domains - now how exactly would you circumvent it?

easily, by human press to cancel such limited funtionality.

There will be always forced trade off between functionality
and security. Any system is as strong as people let him to be,
not as it could be. This trade off will be always
a weakness by principle, not less serious than
principial ability of PFW to be compromised.
> > BTW tests shows malware have hard time to get through PFWs.

> Serious tests show how blatantly wrong these tests are.

Not proved. Well, most you say about PFW, can be easily applied
to AV solutions. Would you persuade people not to use AV ?
The fact there is no 100% secure sw solution of any kind
( and I have never claimed the opposite )
does not mean we should not use it.
Would you not trying to cure a disease, just because there is
no garance of success ?

> > Their low level drivers are blocking all connection activity
> > until PFW application is running.

> And what happens before the driver is loaded?

Then there are suspicious data transactions
between other already booted devices
within so called secured LAN HW FWs do not care after.
Who would care about FW in age of notebooks,
palms, IR, wifi, bluetooth and all related stuff ? :-D

I think this discussion probably leads to nowhere.
But I take it like an income, not lost.
Glad to share opinions with all of you.
Thanks for cooperation.