Re: guidance sought

On 3-Apr-2006, Volker Birk <bumens@dingens.org> wrote:

> > Please stop telling people to turn off their firewalls
>
> I'm not doing so.

Oh, excuse me, I missed the word 'personal'.

> I'm telling people not to offer services if they don't
> want to,

Fine and dandy - IF they knew how in the first place, they wouldn't be
asking questions here.

> and I'm telling people to use a simple host based packet filter
> if required, and not a "Personal Firewall".

That is fine if people know what a packet filter is, but the majority of
people don't, so all you are doing is adding to the confusion.

> I'm not the only one talking
> like this. At the CCC ERFA Ulm / Chaostreff Bad Waldsee, we had a test
> of common "Personal Firewalls". All tested programs didn't offer extra
> security above just disabling services

Isn't that what you are trying to tell people to do on their own?
The problem is that most people do not know how!

> or using a simple host based
> packet filter like the Windows-Firewall, but most of them (with the
> exception of Kerio) are adding additional attack vectors, and we proofed
> that. Kerio was the only one, which only added additional risk in theory
> because of the extra code, and no concrete additional attack vectors we
> found.

Then why don't you just advise people to use Kerio?

>
> > you seem to be
> > about the only person in the world with this viewpoint.
>
> I don't think so. As a matter of fact, not only this is the common view
> in de.comp.security.*, the German sister groups of these groups here, it
> is a view which is shared i.e. by Heise Verlag, the leading publishers
> for the European computer market.
>
> > Your advice can make people more vulnerable than they were before
>
> The opposite is true.

We went over this earlier, Leythos posted about the results of REAL WORLD
testing - where personal firewalls protected home computers and WindowsXP
firewall did not. Why is this so hard for you to understand?

>
> If you're interested, then I will show you the most important additional
> attack vectors, the common "Personal Firewalls" are adding.

If they are all so open to attack, then they wouldn't be making money,
and, we would all be hearing about it from multiple sources.
There would be white papers galore.

> Because I
> did here already, this would be an reply. You can use a searching
> engine of your choice to find older postings here, where you can read
> yourself.

I did read your long post. I still say that most of it is not applicable
to the majority of 'normal' home computer users in the real world.
Some of it was simply 'nit-picking' - i.e. 'feel good' stuff.
I think that perhaps you are one of these brainy types that has their
'heads in the clouds' a bit. You are worried about things that are much
too esoteric for the normal user.
Your advice may indeed be correct for people that have the knowledge about
these things, but then they wouldn't be bothering to ask, they would
already know. Those people that are asking about these things here are
_usually_ much less knowledgeable, and your 'holier than thou' attitude
does them no good whatsoever. They come here to have their hands held and
be spoon fed a little, you seem to want to shove a funnel down their
throats and force-feed them unwanted and un-needed information. All this
does is to confuse the poor users more!

One last time, in real world testing personal firewalls protected
computers better than either no firewall or WindowsXP firewall.
You can not get much more 'bottom line' than that.

-- 
We apologize for the inconvenience