I'm sorry, but that's ridiculous, I can assure you that a firewall is needed.
I work in computer security, so I'm pretty sure I know how to set up a network securely. I run, amongst other things, gateway FW, AV, IDS, vunl + rootkit scanners, and I don't even have any network services switched on (apart from a honeypot in a DMZ at times for fun)
I think the statistics for hooking up an unprotected Windows machine to the internet are something like 10 minutes before it becomes infected.
I think I understand the angle your looking at, if you don't run any services then effectively nothing can exploit you, but his is just not true. Consider you pick up a 0 day via your web browser. This in turn loads software which contacts an IRC botnet, installing a trojan turning your machine into a zombie. That zombie can now send out whatever data it wants unchecked by an outbound checking firewall. The fact you don't use an AV means it'll probably never be picked up unless you notice traffic congestion, or happen to see it in via 'netstat -a'. This is just one scenario out of thousands.
What if you actually wanted to run some services. ROS will one day be used in this manner, whether it be for web and mail servers or something else, it will certainly need a firewall to control traffic.
If firewalls aren't needed, why does nearly everyone use them, and why is Cisco's PIX so popular?
-----Original Message----- From: Richard Campbell [mailto:eek2121@comcast.net] Sent: 15 November 2005 01:31 To: ReactOS General List Subject: Re: [ros-general] Re: TDI-Based Open Source Personal Firewall
That's your opinion.
Do you know that on this box i've never run a firewall or a virus scanner? Occasionally i'll run a web based scanner to check suspicious files, etc. but i've never found need for a firewall/virus scanner. As long as you stay up to date and don't run questionable files you are fine. A firewall is not NEEDED as long as the OS is properly configured and working.
Richard
************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster@exideuk.co.uk mailto:postmaster@exideuk.co.uk and then delete this message.
Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com