Home page logo

nanog logo nanog mailing list archives

Re: Microsoft to ship new versions with firewall enabled
From: Scott McGrath <mcgrath () fas harvard edu>
Date: Thu, 14 Aug 2003 12:37:37 -0400 (EDT)

ipchains and similar firewalls are indeed far superior.  I manage "real"
firewalls as part of my responsibilities.

However the new microsoft policy will help protect the network from Joe
and Jane average who buy a PC from the closest "big box" store and hook it
up to their cable modem so they can exchange pictures of the kids with the
grandparents in Fla.  This is the class of users who botnet builders dream
about because these people do not see a computer as a complex system which
_requires_ constant maintenance but as a semi-magical device for moving
images and text around.

                            Scott C. McGrath

On Thu, 14 Aug 2003, Greg Maxwell wrote:

On Thu, 14 Aug 2003, Eric A. Hall wrote:

Wouldn't it make more sense to ship with all of the services disabled?

I mean, if the role of the firewall is to block packets to weak services,
wouldn't it be simpler to just disable the damn services since they aren't
going to be usable anyway?

'Firewall' is more buzzword compliant.

This doesn't even begin to address the fact that the firewalling included
in windows is nowhere near as functional as the firewalling in other OSes
(such as FreeBSD or Linux).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]