Page 2 of 4 FirstFirst 1234 LastLast
Results 21 to 40 of 68

Thread: It seems every firewall is slagged as snake oil. So how should it be done?

  1. #21
    G
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    In article <9bqmr4d6dluc0ir39ni4i3cf36v9alg47m@4ax.com>,
    b__nice@hotmail.com says...
    >
    > On Fri, 13 Mar 2009 15:52:40 +0200, Geoff Smith <geoff915@yahoo.com>
    > wrote:
    >
    > >Anyone who claims they are snakeoil (i.e. They offer no added protection
    > >whatsoever) is ignorant. Of course there are valid criticisms. Are they
    > >perfect? No. Are they helpful as an additional layer of protection? For
    > >most people, yes.

    >
    > You sound just like a marketing guy being hit by technical facts.


    Maybe to you. Or maybe I just understand that it is just as important to
    understand the limitations of the user. It's ridiculous to expect that a
    typical Windows user (or Mac, for that matter) will even attempt to set
    up a VPN, edit the registry, disable services, etc.

  2. #22
    Root Kit
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    On Sat, 14 Mar 2009 10:23:57 +0200, G <geoff915@yahoo.com> wrote:

    >All the links you point to are from Microsoft itself. I'm not
    >comfortable putting 100% faith in what they have to say.


    That's understandable. I see no reason why software firewall vendors
    should be more trustworthy, though.

    >flaws in their OS is what has allowed the security issues to become so
    >significant today.


    Windows is exactly as secure as what makes sense from a business
    perspective. If you can't deal with that, feel free to use something
    else.

    BTW, flaws don't disappear by adding stuff to them. They only
    disappear by getting fixed.

    >If you don't want to use a software firewall, fine. Many people find
    >them useful.


    "Find" is the key word.

    > To call them "snakeoil" is to imply that they do absolutely
    >nothing.


    Wrong. Snake oil implies that the product provides value that isn't
    real. PFW's *do* provide value - otherwise people wouldn't buy them.
    The question is whether the value is based on technical reasons or on
    more emotional stuff.

  3. #23
    Ansgar -59cobalt- Wiechers
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    G <geoff915@yahoo.com> wrote:
    > All the links you point to are from Microsoft itself. I'm not
    > comfortable putting 100% faith in what they have to say.


    If you don't trust Microsoft (particularly their technical department)
    this far, you should stop running their operating system. Period. Ken
    Thompson explains in "Reflections on Trusting Trust" [1] why that is.

    > The holes and flaws in their OS is what has allowed the security
    > issues to become so significant today. And the arguments I read are
    > always filled with "might", "could", "possibly" and things like that.


    Actually the Windows Firewall has had less bugs (or "holes and flaws",
    as you put it) than any personal firewall in the market.

    > If you don't want to use a software firewall, fine. Many people find
    > them useful. To call them "snakeoil" is to imply that they do
    > absolutely nothing. And that just isn't true.


    It's an exaggeration, meant to open the eyes of those who still blindly
    trust in personal firewalls to protect them from all evil.

    [1] http://cm.bell-labs.com/who/ken/trust.html

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  4. #24
    Ansgar -59cobalt- Wiechers
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    G <geoff915@yahoo.com> wrote:
    > b__nice@hotmail.com says...
    >> On Fri, 13 Mar 2009 15:52:40 +0200, Geoff Smith <geoff915@yahoo.com> wrote:
    >>> Anyone who claims they are snakeoil (i.e. They offer no added
    >>> protection whatsoever) is ignorant. Of course there are valid
    >>> criticisms. Are they perfect? No. Are they helpful as an additional
    >>> layer of protection? For most people, yes.

    >>
    >> You sound just like a marketing guy being hit by technical facts.

    >
    > Maybe to you. Or maybe I just understand that it is just as important
    > to understand the limitations of the user.


    IBTD. I didn't write

    | - The popups of personal firewalls are more confusing than anything
    | else, because in order to understand these messages, the user would
    | have to have a good understanding of both networking and Windows
    | internals. Which is quite uncommon with the target group of personal
    | firewalls.

    for no reason.

    Normal users do not understand what the popups (or logs) of personal
    firewalls tell them. And things are even worse when it comes to IPC
    between program windows. And yet they're expected to make a decision
    based on information that is a) insufficient and b) not understood in
    the first place. How sensible is that?

    > It's ridiculous to expect that a typical Windows user (or Mac, for
    > that matter) will even attempt to set up a VPN, edit the registry,
    > disable services, etc.


    Registry changes can be placed in .reg files, which anyone can inspect.
    And for services there are [1,2], both open source, so anyone can
    inspect the source or as a trusted person to do so.

    [1] http://www.ntsvcfg.de/ntsvcfg_eng.html
    [2] http://www.dingens.org/index.html.en

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. #25
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Martin C <martinC@invalid.com> wrote:
    > If the personal firewalls like Kerio, Comodo, Zone Alarm, Online Armor etc
    > are no good, then what should be used?


    http://www.ntsvcfg.de/ntsvcfg_eng.html

    If there is enough request, I will update http://www.dingens.org (as a
    matter of fact, it's outdated now, don't use it with modern Windows XP
    or Windows Vista boxes).

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  6. #26
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Bit Twister <BitTwister@mouse-potato.com> wrote:
    > If you have no services which respond to inbound connections then the
    > firewall is not needed. If running Micro$oft, we know there are a few
    > open services. :)
    > Therefore you need a firewall.


    Or better shut down these network services, and you don't.

    > We know malware either disables the firewall or poke holes in the OS firewall.
    > Therefore, it is better to have a router or dedicated hardware
    > firewall as first line of defense.


    Many attacks are just ignoring all your firewalls if you don't know how
    FTP helpers work, for example.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  7. #27
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Rick <rsimon@cris.com> wrote:
    > Personal firewalls are one of those things that people love to argue back
    > and forth. Both sides have some validity to their views so the argument
    > goes on ad infinitum. Sort of like asking "which auto brand is better,
    > Ford, Chevy or Chrysler?"


    You just don't understand.

    > Just my 2 cents worth.....


    After hyperinflation ;-)

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  8. #28
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Lie Ryan <lie.1296@gmail.com> wrote:
    > Rick wrote:
    >> #2) make sure you have all available Windows security updates installed,
    >> including IE7 if you use Internet Explorer as a browser (you might want to
    >> consider using a different browser such as Firefox).

    > I'd rather change that to:
    > #2) make sure you have all available Windows security updates installed,
    > including IE7, even though you don't use Internet Explorer as a
    > browser. It is not recommended to use IE as your daily browser. As long
    > as IE doesn't close one of its most outstanding bug: "Remove ActiveX
    > support" I would not consider it for any purpose.


    A good advice.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  9. #29
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Lie Ryan <lie.1296@gmail.com> wrote:
    >> Exploring the Windows Firewall.
    >> http://www.microsoft.com/technet/tec...l/default.aspx
    >> "Outbound protection is security theater—it’s a gimmick that only gives the
    >> impression of improving your security without doing anything that actually
    >> does improve your security."
    >> Managing the Windows Vista Firewall
    >> http://technet.microsoft.com/en-us/m.../cc510323.aspx
    >> *(read twice!)*

    > Of course it must be THE TRUTH, it is written by a Firewall vendor that
    > are not competent enough to provide two-way filtering.


    If you're not trusing Microsoft, better don't use their systems.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  10. #30
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    G <geoff915@yahoo.com> wrote:
    > All the links you point to are from Microsoft itself. I'm not
    > comfortable putting 100% faith in what they have to say.


    But you're trusting in GRC. How freaky ;-) If you don't trust Microsoft,
    better don't use their systems. No "patch" or "tool" will be able to fix
    the design flaws of a system.

    > If you don't want to use a software firewall, fine. Many people find
    > them useful. To call them "snakeoil" is to imply that they do absolutely
    > nothing. And that just isn't true.


    I agree. They're endangering your PC seriously, so they're far from
    doing nothing.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  11. #31
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Root Kit <b__nice@hotmail.com> wrote:
    > Windows is exactly as secure as what makes sense from a business
    > perspective.


    I don't think so, unfortunately.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  12. #32
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Geoff Smith <geoff915@yahoo.com> wrote:
    > Are they helpful as an additional layer of protection? For
    > most people, yes.


    You're misunderstanding the military strategy of defense in depth. To
    make a line of defense does not mean "taking masures which are commonly
    useless against the enemy, but offer additional attack vectors for
    them".

    "Multi layer security" is advertizing nonsense of people who want you to
    misunderstand that, because they want you to buy their products, which
    most commonly are useless up to dangerous.

    > Is it possible that they can include bugs that compromise a system? Yes.
    > But you could say that about ANY piece of software.


    And that is the reason, why you should REMOVE software and SWITCH OFF
    software instead of adding even more to make your system more secure.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  13. #33
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Lie Ryan <lie.1296@gmail.com> wrote:
    >> Exploring the Windows Firewall.
    >> http://www.microsoft.com/technet/tec...l/default.aspx
    >> "Outbound protection is security theater—it’s a gimmick that only gives the
    >> impression of improving your security without doing anything that actually
    >> does improve your security."
    >> Managing the Windows Vista Firewall
    >> http://technet.microsoft.com/en-us/m.../cc510323.aspx
    >> *(read twice!)*

    > Of course it must be THE TRUTH, it is written by a Firewall vendor that
    > are not competent enough to provide two-way filtering.


    If you're not trust in Microsoft, better don't use their systems.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  14. #34
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Lie Ryan <lie.1296@gmail.com> wrote:
    >> Exploring the Windows Firewall.
    >> http://www.microsoft.com/technet/tec...l/default.aspx
    >> "Outbound protection is security theater—it’s a gimmick that only gives the
    >> impression of improving your security without doing anything that actually
    >> does improve your security."
    >> Managing the Windows Vista Firewall
    >> http://technet.microsoft.com/en-us/m.../cc510323.aspx
    >> *(read twice!)*

    > Of course it must be THE TRUTH, it is written by a Firewall vendor that
    > are not competent enough to provide two-way filtering.


    If you're not trusting in Microsoft, better don't use their systems.

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  15. #35
    Ansgar -59cobalt- Wiechers
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Volker Birk <bumens@dingens.org> wrote:
    > Geoff Smith <geoff915@yahoo.com> wrote:
    >> Are they helpful as an additional layer of protection? For most
    >> people, yes.

    >
    > You're misunderstanding the military strategy of defense in depth. To
    > make a line of defense does not mean "taking masures which are
    > commonly useless against the enemy, but offer additional attack
    > vectors for them".
    >
    > "Multi layer security" is advertizing nonsense of people who want you
    > to misunderstand that, because they want you to buy their products,
    > which most commonly are useless up to dangerous.


    Actually, no (or at least: not necessarily). It can be quite useful to
    have more than one line of defense. However, you need to be aware of the
    fact that it will increase the complexity of your system. You need
    knowledge and expreience to be able to handle it, otherwise you might
    create openings by mistake.

    In addition to that your layers must be independent from each other. For
    instance, running two virus scanners on the same system is still just a
    single layer of defense. It may also create additional problems (e.g.
    the scanners interfering with each other, increased chance of an
    exploitable vulnerability in at least one of them, etc.).

    However, in general it's better to have less complexity (makes it easier
    to handle the system and avoid mistakes), even if that means having just
    a single layer of defense for any given attack scenario.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  16. #36
    Rick
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Volker Birk <bumens@dingens.org> wrote in
    news:gpga8dUk27L9@news.in-ulm.de:

    > Rick <rsimon@cris.com> wrote:
    >> Personal firewalls are one of those things that people love to argue
    >> back and forth. Both sides have some validity to their views so the
    >> argument goes on ad infinitum. Sort of like asking "which auto brand
    >> is better, Ford, Chevy or Chrysler?"

    >
    > You just don't understand.



    Incorrect. I simply don't agree with you and your friends on the "extreme
    anti-s/w firewall" side, nor the "GRC-ites" on the "extreme pro-s/w
    firewall" side. There are pros and cons to running s/w based "firewalls".
    IMHO - whether the overall result falls on the pro side or the con side
    depends on a number of factors, including the knowledge/abilities of the
    end user.

    To maintain that every system should be hardened properly and should not
    run a s/w based firewall is to ignore the fact that doing so is beyond
    the abilities of a great many users. While it's very true in an "ivory
    tower" sense, it is also the equivalent of tilting at windmills when it
    comes to addressing the problems of the real world. Continuing to insist
    that these novices have to learn how to do it "your way" smacks of
    arrogance and disdain for those who are less knowledgeable than you.
    While that may not be your intent, that IS the way you tend to come
    across.

    Likewise, to think that a software based firewall provides any large
    amount of security is foolish. It is simply too easy to get around and
    completely ignores the fact that such software can introduce other
    problems of their own. Continuing to insist that such firewalls are a
    crucial component of computer security shows a lack of in-depth knowledge
    of the inherent problems of computer network security. They have their
    uses, but those uses are far more limited and less effective than many
    end users realize. A great many people have bought into a lot of the
    marketing hype surrounding these "firewalls".

    Now... I'll take my 2 cents back and bow out of your "discussion". I
    wouldn't want to interfere with your endless argument...



    --
    Rick Simon rsimon@cris.com

    Include "spam(trap)key" somewhere in the
    body of any email to avoid spam filters.

  17. #37
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Rick <rsimon@cris.com> wrote:
    > There are pros and cons to running s/w based "firewalls".


    Just tell me one single sensible pro argument. I'm waiting for that for
    years now in this "discussion".

    All I'm reading is incompetent nonsense. And for all what I can see,
    this is one of the main reasons of the security desaster of Microsoft
    Windows PCs we all are facing today.

    > IMHO - whether the overall result falls on the pro side or the con side
    > depends on a number of factors, including the knowledge/abilities of the
    > end user.


    For the end user, the most stupid concept I ever heard of is that of
    popup windows where /he/ has to make the decisions which are relevant for
    his own security.

    The person who should be protected, is imposed to take over the
    responsibility for all technical decisions of protection.

    This is the concept of /every/ "Personal Firewall" I ever saw, any of
    them seem to implement this totally ridiculous b0rken concept together
    with the absurd "outbound filtering" idea.

    To be clear: absurd is the idea to let malware run on your computer, and
    then try to filter away its communication.

    > To maintain that every system should be hardened properly and should not
    > run a s/w based firewall is to ignore the fact that doing so is beyond
    > the abilities of a great many users.


    This is why I'm saying, that Microsoft should deliver hardened systems,
    of course. The catastrophic spread of botnets is their fault.

    This really is layered security.

    > While that may not be your intent, that IS the way you tend to come
    > across.


    I really don't care.

    Usually, people don't want to hear the facts. Of course, it's much
    easier for them /not/ to switch systems, and of course, they /want/ to
    hear, that security can be bought in boxes. It would make their life
    much easier as it is, if this would be true, so they want to believe
    that.

    And we all have to filter away all that Spam from millions of zombies,
    because of this. And all of the many companies who are blackmailed by
    DDoS racketeers have to pay and to hush up their vulnerability.

    Or what do /you/ think, why are millions of Windows PCs zombies and part
    of botnets?

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  18. #38
    Volker Birk
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    Ansgar -59cobalt- Wiechers <usenet-2009@planetcobalt.net> wrote:
    > Volker Birk <bumens@dingens.org> wrote:
    >> Geoff Smith <geoff915@yahoo.com> wrote:
    >>> Are they helpful as an additional layer of protection? For most
    >>> people, yes.

    >> You're misunderstanding the military strategy of defense in depth. To
    >> make a line of defense does not mean "taking masures which are
    >> commonly useless against the enemy, but offer additional attack
    >> vectors for them".
    >> "Multi layer security" is advertizing nonsense of people who want you
    >> to misunderstand that, because they want you to buy their products,
    >> which most commonly are useless up to dangerous.

    > Actually, no (or at least: not necessarily). It can be quite useful to
    > have more than one line of defense.


    I already tried to demarkate "multy layer security" from "defense in
    depth". The former is a common advertizing bosh commonly used by people
    who want other people to buy their useless (or even dangerous) products,
    the latter is a military strategy.

    I never met people who were trying to sell me "multi layer security",
    who are knowing what they're talking about.

    Commonly, it is an excuse to "your system is insecure": "Yes, but this
    is only one layer, and there are many of them".

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  19. #39
    CJ
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    : If you don't want to use a software firewall, fine. Many people find
    : them useful. To call them "snakeoil" is to imply that they do absolutely
    : nothing. And that just isn't true.

    Many have found them useful. Some years ago malware/virus was released on
    the internet. It was the software firewalls that stopped the malware/virus
    from spreading. It was not the anti-virus software, or anti-adware, or even
    the anti-spyware software that protected these boxes. It was only the
    software firewalls that caught, and stopped the malware/virus. It was also
    just a few of your firewalls that did the protecting.



  20. #40
    CJ
    Guest

    Re: It seems every firewall is slagged as snake oil. So how should it be done?

    : > IMHO - whether the overall result falls on the pro side or the con side
    : > depends on a number of factors, including the knowledge/abilities of the
    : > end user.

    Yes and 100% of them were not born with a silver mouse in hand. But they
    are suppose to know how to harden their boxes.

    (shrugs)

    :
    : For the end user, the most stupid concept I ever heard of is that of
    : popup windows where /he/ has to make the decisions which are relevant for
    : his own security.
    :
    : The person who should be protected, is imposed to take over the
    : responsibility for all technical decisions of protection.

    And you better know what you are doing because if you don't you could have
    several back doors open. Plus, the first time a new user logs on to the
    net, they are suppose to already know which of the security websites are
    legit, and have valuable information, and which are bogus. Thus they are
    still suppose to have been born with that silver mouse in hand.

    :
    : This is why I'm saying, that Microsoft should deliver hardened systems,
    : of course. The catastrophic spread of botnets is their fault.

    Didn't Microsoft want to harden down Vista and the anti software vendors,
    and firewall vendors cried foul?

    : Usually, people don't want to hear the facts. Of course, it's much
    : easier for them /not/ to switch systems, and of course, they /want/ to
    : hear, that security can be bought in boxes. It would make their life
    : much easier as it is, if this would be true, so they want to believe
    : that.

    But this is not the users fault. As it stands buying a computer, and
    setting up the computer for use in a secure environment takes many hours,
    instead of minutes. Deciding on the right way to secure, and protect a box
    is getting more frustraiting. Far more to consider when securing today,
    than it was even five years ago.




Similar Threads

  1. Gas Prices
    By Sava700 in forum General Discussion Board
    Replies: 1252
    Last Post: 01-20-15, 04:20 PM
  2. Bush to Congress: Embrace energy exploration now
    By Debbie in forum General Discussion Board
    Replies: 64
    Last Post: 06-20-08, 02:55 PM
  3. Oil exec: Prices driven by 'fundamentals'
    By Roody in forum General Discussion Board
    Replies: 66
    Last Post: 05-21-08, 08:57 PM
  4. Replies: 22
    Last Post: 12-20-06, 04:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •