Main Area and Open Discussion > General Software Discussion

Stop Windows from calling home

<< < (5/11) > >>

Tuxman:
Disable Windows Firewall - And there it is!-Innuendo (January 04, 2010, 04:18 PM)
--- End quote ---
How many reasons why the Windows "Firewall" is neither a firewall nor of any use would be enough to convince you that disabling it is a good idea? I think I could find dozens of them.

Josh:
Tuxman: I would like to see those reasons backed by some sort of evidence documenting them as valid. The windows firewall might not be as advanced as some, the Windows vista/7 one is quite advanced and powerful, but it does far more than any average home user will ever need at protecting them.

So please, post some examples because I am quite interested to see what you deem a valid reason to disable it.

Tuxman:
A "personal firewall" (basic packet filtering, user-controlled, which should be enough reason to doubt its usefulness) does not actually act as a firewall.

1. It can not detect if "explorer.exe" is really "explorer.exe" when asking you if explorer.exe may access the internet.
2. It is not that hard to write a script which automatically clicks "Allow".
3. It is behind your internet connection, so any packets passing it are already on your computer.
4. ... if they pass it anyway (there is always a way to create your own, independent TCP connections).
5. A virus, worm or trojan runs with your own user privileges, so it can easily disable your PFW completely.

Now what is the point in using something like that which also depends on the user's own "Brain 1.0"?
If you actually use software from dubious sources and click unknown links (the only ways to get infected), you'll fail anyway. A "personal firewall" can not help you.

Josh:
1. It can not detect if "explorer.exe" is really "explorer.exe" when asking you if explorer.exe may access the internet.
-Tuxman (January 04, 2010, 04:57 PM)
--- End quote ---

That is an application change detector. Firewalls filter internet connections, they do not check checksum values or file integrity by nature. Some advanced firewalls ADD THIS FEATURE ON but it is not something that most do. Do iptables or other *nix variants do this? Do they check integrity of files?

2. It is not that hard to write a script which automatically clicks "Allow".

--- End quote ---

And this can be done with just about ANY firewall application...

3. It is behind your internet connection, so any packets passing it are already on your computer.

--- End quote ---

This acts as a host-level firewall. If the user has a home router, which most do and most provide some basic firewalling functions, how can this additional layer be bad? There is a reason the US Military has mandated the use of HIDS on all systems using the "Defense in depth" strategy and protection at the lowest level (host).

4. ... if they pass it anyway (there is always a way to create your own, independent TCP connections).

--- End quote ---

I am really not sure what you are getting at here.

5. A virus, worm or trojan runs with your own user privileges, so it can easily disable your PFW completely.

--- End quote ---

And again, this can be done to ANY firewall product and it is not the firewalls job to prevent malware from getting onto the system. It filters traffic. Again, some firewalls add application layer filtering, malware and spyware checkers, but not all. So, if you install something bad, then chances are your firewall is the last thing you need to worry about.
Now what is the point in using something like that which also depends on the user's own "Brain 1.0"?
If you actually use software from dubious sources and click unknown links (the only ways to get infected), you'll fail anyway. A "personal firewall" can not help you.
[/quote]

Tuxman:
2. It is not that hard to write a script which automatically clicks "Allow".

--- End quote ---

And this can be done with just about ANY firewall application...-Josh (January 04, 2010, 05:02 PM)
--- End quote ---
You see?

if you install something bad, then chances are your firewall is the last thing you need to worry about. -Josh (January 04, 2010, 05:02 PM)
--- End quote ---
Indeed. So again: What is your reason to call the Windows Firewall "useful"? For what purpose?

Navigation

[0] Message Index

[#] Next page

[*] Previous page