15 Nov
2005
15 Nov
'05
8:28 a.m.
I'm sorry, but that's ridiculous, I can assure you that a firewall is
needed.
I work in computer security, so I'm pretty sure I know how to set up a
network securely.
I run, amongst other things, gateway FW, AV, IDS, vunl + rootkit scanners,
and I don't even have any network services switched on (apart from a
honeypot in a DMZ at times for fun)
I think the statistics for hooking up an unprotected Windows machine to the
internet are something like 10 minutes before it becomes infected.
I think I understand the angle your looking at, if you don't run any
services then effectively nothing can exploit you, but his is just not true.
Consider you pick up a 0 day via your web browser. This in turn loads
software which contacts an IRC botnet, installing a trojan turning your
machine into a zombie. That zombie can now send out whatever data it wants
unchecked by an outbound checking firewall. The fact you don't use an AV
means it'll probably never be picked up unless you notice traffic
congestion, or happen to see it in via 'netstat -a'.
This is just one scenario out of thousands.
What if you actually wanted to run some services. ROS will one day be used
in this manner, whether it be for web and mail servers or something else, it
will certainly need a firewall to control traffic.
If firewalls aren't needed, why does nearly everyone use them, and why is
Cisco's PIX so popular?
-----Original Message-----
From: Richard Campbell [mailto:eek2121@comcast.net]
Sent: 15 November 2005 01:31
To: ReactOS General List
Subject: Re: [ros-general] Re: TDI-Based Open Source Personal Firewall
That's your opinion.
Do you know that on this box i've never run a firewall or a virus
scanner? Occasionally i'll run a web based scanner to check suspicious
files, etc. but i've never found need for a firewall/virus scanner. As
long as you stay up to date and don't run questionable files you are
fine. A firewall is not NEEDED as long as the OS is properly configured
and working.
Richard
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster(a)exideuk.co.uk
<mailto:postmaster@exideuk.co.uk> and then delete this message.
Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at www.exide.com
15 Nov
15 Nov
9:43 a.m.
New subject: TDI-Based Open Source Personal Firewall
On Tue, 15 Nov 2005, Murphy, Ged (Bolton) wrote:
I'm sorry, but that's ridiculous, I can assure
you that a firewall is
needed.
As can I. And I felt fine without one until I had Windows 2000 and a
static IP.
I think the statistics for hooking up an unprotected
Windows machine to the
internet are something like 10 minutes before it becomes infected.
5-10, or something like that.
Within a day after moving to a static IP (and my reverse-lookup advertises
this fact, making me more vulnerable -
static-141-149-129-16.buff.east.verizon.net - I got attacked by a worm
that ground my system down to a halt and then killed LSASS.EXE, forcing a
reboot. Ever since then I have kept my computer firewalled - first by
software, and then when that made my computer unusable for some of my
vital projects (running the Japanese P2P client Share, for example) I set
up a second computer as a firewall. It is that second computer I am
sending this mail from (a 486 running Debian Linux).
-uso.
16 Nov
16 Nov
12:50 a.m.
New subject: TDI-Based Open Source Personal Firewall
If you pick up an exploit via a web browser a firewall isn't going to
help you anyway. The process needs
only to hook into another process, or install a rootkit, or in the case
of windows firewall, things can be added
to the firewall 'convincing' it to not say anything. A firewall may be
needed for those who don't know what they
are doing, but to say that EVERYONE should run a firewall is ludicrous.
I've been running firewall free for many
years and i've NEVER gotten exploited. To say an unprotected windows
box can be owned in 10 minutes isn't
true. All new copies of windows xp run at least sp2, which isn't
subject to the exploits the original release was.
Murphy, Ged (Bolton) wrote:
I'm sorry, but that's ridiculous, I can assure
you that a firewall is
needed.
I work in computer security, so I'm pretty sure I know how to set up a
network securely.
I run, amongst other things, gateway FW, AV, IDS, vunl + rootkit scanners,
and I don't even have any network services switched on (apart from a
honeypot in a DMZ at times for fun)
I think the statistics for hooking up an unprotected Windows machine to the
internet are something like 10 minutes before it becomes infected.
I think I understand the angle your looking at, if you don't run any
services then effectively nothing can exploit you, but his is just not true.
Consider you pick up a 0 day via your web browser. This in turn loads
software which contacts an IRC botnet, installing a trojan turning your
machine into a zombie. That zombie can now send out whatever data it wants
unchecked by an outbound checking firewall. The fact you don't use an AV
means it'll probably never be picked up unless you notice traffic
congestion, or happen to see it in via 'netstat -a'.
This is just one scenario out of thousands.
What if you actually wanted to run some services. ROS will one day be used
in this manner, whether it be for web and mail servers or something else, it
will certainly need a firewall to control traffic.
If firewalls aren't needed, why does nearly everyone use them, and why is
Cisco's PIX so popular?
-----Original Message-----
From: Richard Campbell [mailto:eek2121@comcast.net]
Sent: 15 November 2005 01:31
To: ReactOS General List
Subject: Re: [ros-general] Re: TDI-Based Open Source Personal Firewall
That's your opinion.
Do you know that on this box i've never run a firewall or a virus
scanner? Occasionally i'll run a web based scanner to check suspicious
files, etc. but i've never found need for a firewall/virus scanner. As
long as you stay up to date and don't run questionable files you are
fine. A firewall is not NEEDED as long as the OS is properly configured
and working.
Richard
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster(a)exideuk.co.uk
<mailto:postmaster@exideuk.co.uk> and then delete this message.
Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at www.exide.com
_______________________________________________
ros-general mailing list
ros-general(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-general
6879
days inactive
6880
days old
2 comments
3 participants
participants (3)
-
Lyrical Nanoha -
Murphy, Ged (Bolton) -
Richard Campbell