mailing list archives
Re: Microsoft to ship new versions with firewall enabled
From: Daniel Senie <dts () senie com>
Date: Thu, 14 Aug 2003 12:56:25 -0400
At 12:07 PM 8/14/2003, Eric A. Hall wrote:
on 8/14/2003 9:29 AM Sean Donelan wrote:
> John Markoff reports in the New York Times that Microsoft plans to change
> how it ships Windows XP due to the worm. In the future Microsoft will
> ship both business and consumer verisons of Windows XP with the included
> firewall enabled by default.
Wouldn't it make more sense to ship with all of the services disabled?
I mean, if the role of the firewall is to block packets to weak services,
wouldn't it be simpler to just disable the damn services since they aren't
going to be usable anyway?
There are many services that ARE useful on the local machine, which may not
need to listen to the outside world in all configurations. While I think
the intent of your question was reasonable, the better way to phrase it
"Wouldn't it make more sense to ship products with services listening only
on loopback interfaces, rather than listening on all interfaces?"
The same exact issue applies to every operating system. Indeed, some
vendors are dealing with this well. RedHat changed the default
configuration of sendmail in RH9 to listen only on 127.0.0.1. The user can
change that to listen to the outside IF the machine in question has a need
to listen (i.e. it really was intended to me a mail server). This approach
is to be commended, and should be followed for other services that may be
necessary to run on a local machine, but which need not be reachable from
outside the machine.
Re: Microsoft to ship new versions with firewall enabled Daniel Senie (Aug 14)
Re: Microsoft to ship new versions with firewall enabled Bill Owens (Aug 14)
Re: Microsoft to ship new versions with firewall enabled John Neiberger (Aug 14)
RE: Microsoft to ship new versions with firewall enabled McBurnett, Jim (Aug 14)