05-13-2004, 03:40 PM
"Break out" was the wrong term, yes. What I meant was "occured". Although maybe it did break out. AFAIK, that is not known yet ;)
An uninformed user is doomed to use the PFW incorrectly.
It will be an endless race, yes. A race with only one winner: Those who make money selling useless programs to uninformed users.
I tell anyone I know not to use PFWs :)
I don't trust the companies that produce PFWs any more than I trust M$.
A user who can not recognize wether a program is potentially malicious is also not able to configure his PFW correctly. I have seen this countless times: Users either allow every program to access the internet, or they accidentaly restrict programs they want to use. The result of the latter usually is that they turn the PFW off completely while using certain applications. Great security concept, a firewall that only runs 50% of the time ;-)
Plus: Once a malicious prorgam has been run, the PFW may allready be compromised. See below.
That part of the article really is complete BS. A real FW can protect you from trojans, to some small extent, IF it is configured correctlly. A PFW can NOT, NEVER, even if configured well, because the trojan can just disable the PFW (takes about 10 lines of code - example programs are floating around Usenet), or make the PFW think the user clicked on "allow connection", or change the PFW configuration, etc. The fact that this has not been imtegrated in wide-spread worms so far does not change the structural problem. You can be sure that in the future, there *wiill* be trojans that are designed to work around PFWs. It is only a matter of time until the first "super-worm" will emerge that includes functions to fool these programs.
If you want real protection against trojans, you must setup firewall systems that are much too complicated to be used as the average home user. The protection against tojans one should use is: Do not install them.
All the common routers for home networks are NAT routers. They offer very good security against attacks that rely on incoming connections (like Sasser, Blaster, etc) even without any special configuration.
Quote:Uninformed users aren't aware of any problems. My grandparents have internet, and they aren't aware of any risks, no way.
An uninformed user is doomed to use the PFW incorrectly.
Quote:You forget that there will also be newer versions of firewalls.
It will be an endless race, yes. A race with only one winner: Those who make money selling useless programs to uninformed users.
Quote:You forget that there will also be newer versions of firewalls. It's a question of whom to trust: the capability of microsoft's programmers to close every security hole fast enough? (come on!) Or rather the smaller firewall producing companies, which are out of simple prestige reasons more unlikely to get hacked (how many people that you know use the same firewall compared to how many you know use the same OS?)
I tell anyone I know not to use PFWs :)
I don't trust the companies that produce PFWs any more than I trust M$.
Quote:Yeah, sure. Any user can of course easily estimate the danger potential that lies in some programs. I think you are concluding from yourself to others here. (example:my grandparents)
A user who can not recognize wether a program is potentially malicious is also not able to configure his PFW correctly. I have seen this countless times: Users either allow every program to access the internet, or they accidentaly restrict programs they want to use. The result of the latter usually is that they turn the PFW off completely while using certain applications. Great security concept, a firewall that only runs 50% of the time ;-)
Plus: Once a malicious prorgam has been run, the PFW may allready be compromised. See below.
Quote:According to PC Professional, these have holes, too. In any case they don't protect you from trojans.
That part of the article really is complete BS. A real FW can protect you from trojans, to some small extent, IF it is configured correctlly. A PFW can NOT, NEVER, even if configured well, because the trojan can just disable the PFW (takes about 10 lines of code - example programs are floating around Usenet), or make the PFW think the user clicked on "allow connection", or change the PFW configuration, etc. The fact that this has not been imtegrated in wide-spread worms so far does not change the structural problem. You can be sure that in the future, there *wiill* be trojans that are designed to work around PFWs. It is only a matter of time until the first "super-worm" will emerge that includes functions to fool these programs.
If you want real protection against trojans, you must setup firewall systems that are much too complicated to be used as the average home user. The protection against tojans one should use is: Do not install them.
Quote:What the heck is a NAT router? And how should I or even lesser informed people know?
All the common routers for home networks are NAT routers. They offer very good security against attacks that rely on incoming connections (like Sasser, Blaster, etc) even without any special configuration.