RE: IPv6 deployment excuses

["Keith Medcalf" <kmedcalf () dessus com>]

> There is no difference between IPv4 and IPv6 when it comes to
> firewalls and reachability. It is worth noting that hosts which
> support IPv6 are typically a lot more secure than older IPv4-only
> hosts. As an example every version of Windows that ships with IPv6
> support also ships with the firewall turned on by default.

Just because the firewall is turned on does not mean that it is configured properly.

Every version of Windows that ships with IPv6 support also ships with the Firewall configured in such a fashion that 
you may as well have it turned off.

This is especially true in Windows 8 and later where the firewall is reconfigured without your permission by Microsoft 
every time you install any update whatsoever back to the "totally insecure" default state -- and there is absolutely no 
way to fix this other than to check, every single minute, that the firewall is still configured as you configured it, 
and not as Microsoft (and their NSA partners) choose to configure it.

All versions of Windows 8 and later whether using IPv4 or IPv6 are completely unsuitable for use on a network attached 
to the Internet by any means (whether using NAT or not) that does not include an external (to Windows) -- ie, in 
network -- statefull firewall over which Windows, Microsoft, (and their NSA partners) have no automatic means of 
control.  If you allow UPnP control of the external statefull firewall from Windows version 8 or later, you may as well 
not bother having any firewall at all because it is not under your control.