Yours, VB.
Or better shut down these network services, and you don't.
Many attacks are just ignoring all your firewalls if you don't know how FTP helpers work, for example.
Yours, VB.
You just don't understand.
After hyperinflation ;-)
Yours, VB.
A good advice.
Yours, VB.
If you're not trusing Microsoft, better don't use their systems.
Yours, VB.
But you're trusting in GRC. How freaky ;-) If you don't trust Microsoft, better don't use their systems. No "patch" or "tool" will be able to fix the design flaws of a system.
I agree. They're endangering your PC seriously, so they're far from doing nothing.
Yours, VB.
I don't think so, unfortunately.
Yours, VB.
You're misunderstanding the military strategy of defense in depth. To make a line of defense does not mean "taking masures which are commonly useless against the enemy, but offer additional attack vectors for them".
"Multi layer security" is advertizing nonsense of people who want you to misunderstand that, because they want you to buy their products, which most commonly are useless up to dangerous.
And that is the reason, why you should REMOVE software and SWITCH OFF software instead of adding even more to make your system more secure.
Yours, VB.
If you're not trust in Microsoft, better don't use their systems.
Yours, VB.
If you're not trusting in Microsoft, better don't use their systems.
Yours, VB.
Actually, no (or at least: not necessarily). It can be quite useful to have more than one line of defense. However, you need to be aware of the fact that it will increase the complexity of your system. You need knowledge and expreience to be able to handle it, otherwise you might create openings by mistake.
In addition to that your layers must be independent from each other. For instance, running two virus scanners on the same system is still just a single layer of defense. It may also create additional problems (e.g. the scanners interfering with each other, increased chance of an exploitable vulnerability in at least one of them, etc.).
However, in general it's better to have less complexity (makes it easier to handle the system and avoid mistakes), even if that means having just a single layer of defense for any given attack scenario.
cu
59cobaltVolker Birk wrote in news: snipped-for-privacy@news.in-ulm.de:
Incorrect. I simply don't agree with you and your friends on the "extreme anti-s/w firewall" side, nor the "GRC-ites" on the "extreme pro-s/w firewall" side. There are pros and cons to running s/w based "firewalls". IMHO - whether the overall result falls on the pro side or the con side depends on a number of factors, including the knowledge/abilities of the end user.
To maintain that every system should be hardened properly and should not run a s/w based firewall is to ignore the fact that doing so is beyond the abilities of a great many users. While it's very true in an "ivory tower" sense, it is also the equivalent of tilting at windmills when it comes to addressing the problems of the real world. Continuing to insist that these novices have to learn how to do it "your way" smacks of arrogance and disdain for those who are less knowledgeable than you. While that may not be your intent, that IS the way you tend to come across.
Likewise, to think that a software based firewall provides any large amount of security is foolish. It is simply too easy to get around and completely ignores the fact that such software can introduce other problems of their own. Continuing to insist that such firewalls are a crucial component of computer security shows a lack of in-depth knowledge of the inherent problems of computer network security. They have their uses, but those uses are far more limited and less effective than many end users realize. A great many people have bought into a lot of the marketing hype surrounding these "firewalls".
Now... I'll take my 2 cents back and bow out of your "discussion". I wouldn't want to interfere with your endless argument...
Just tell me one single sensible pro argument. I'm waiting for that for years now in this "discussion".
All I'm reading is incompetent nonsense. And for all what I can see, this is one of the main reasons of the security desaster of Microsoft Windows PCs we all are facing today.
For the end user, the most stupid concept I ever heard of is that of popup windows where /he/ has to make the decisions which are relevant for his own security.
The person who should be protected, is imposed to take over the responsibility for all technical decisions of protection.
This is the concept of /every/ "Personal Firewall" I ever saw, any of them seem to implement this totally ridiculous b0rken concept together with the absurd "outbound filtering" idea.
To be clear: absurd is the idea to let malware run on your computer, and then try to filter away its communication.
This is why I'm saying, that Microsoft should deliver hardened systems, of course. The catastrophic spread of botnets is their fault.
This really is layered security.
I really don't care.
Usually, people don't want to hear the facts. Of course, it's much easier for them /not/ to switch systems, and of course, they /want/ to hear, that security can be bought in boxes. It would make their life much easier as it is, if this would be true, so they want to believe that.
And we all have to filter away all that Spam from millions of zombies, because of this. And all of the many companies who are blackmailed by DDoS racketeers have to pay and to hush up their vulnerability.
Or what do /you/ think, why are millions of Windows PCs zombies and part of botnets?
Yours, VB.
I already tried to demarkate "multy layer security" from "defense in depth". The former is a common advertizing bosh commonly used by people who want other people to buy their useless (or even dangerous) products, the latter is a military strategy.
I never met people who were trying to sell me "multi layer security", who are knowing what they're talking about.
Commonly, it is an excuse to "your system is insecure": "Yes, but this is only one layer, and there are many of them".
Yours, VB.
: If you don't want to use a software firewall, fine. Many people find : them useful. To call them "snakeoil" is to imply that they do absolutely : nothing. And that just isn't true.
Many have found them useful. Some years ago malware/virus was released on the internet. It was the software firewalls that stopped the malware/virus from spreading. It was not the anti-virus software, or anti-adware, or even the anti-spyware software that protected these boxes. It was only the software firewalls that caught, and stopped the malware/virus. It was also just a few of your firewalls that did the protecting.
: > IMHO - whether the overall result falls on the pro side or the con side : > depends on a number of factors, including the knowledge/abilities of the : > end user.
Yes and 100% of them were not born with a silver mouse in hand. But they are suppose to know how to harden their boxes.
(shrugs)
: : For the end user, the most stupid concept I ever heard of is that of : popup windows where /he/ has to make the decisions which are relevant for : his own security. : : The person who should be protected, is imposed to take over the : responsibility for all technical decisions of protection.
And you better know what you are doing because if you don't you could have several back doors open. Plus, the first time a new user logs on to the net, they are suppose to already know which of the security websites are legit, and have valuable information, and which are bogus. Thus they are still suppose to have been born with that silver mouse in hand.
: : This is why I'm saying, that Microsoft should deliver hardened systems, : of course. The catastrophic spread of botnets is their fault.
Didn't Microsoft want to harden down Vista and the anti software vendors, and firewall vendors cried foul?
: Usually, people don't want to hear the facts. Of course, it's much : easier for them /not/ to switch systems, and of course, they /want/ to : hear, that security can be bought in boxes. It would make their life : much easier as it is, if this would be true, so they want to believe : that.
But this is not the users fault. As it stands buying a computer, and setting up the computer for use in a secure environment takes many hours, instead of minutes. Deciding on the right way to secure, and protect a box is getting more frustraiting. Far more to consider when securing today, than it was even five years ago.
Nice fairy tale.
Yours, VB.
: : Maybe to you. Or maybe I just understand that it is just as important to : understand the limitations of the user. It's ridiculous to expect that a : typical Windows user (or Mac, for that matter) will even attempt to set : up a VPN, edit the registry, disable services, etc.
But ...but they were born with that silver mouse in hand! I mean everyone knows this stuff from day one of logging onto the Internet!
/sarcasm
Luckily, if you've installed a Windows OS or service pack released in the last four and a half years, you've got a firewall turned on be default that blocks all listening services.
And like most firewalls, also this one (the Windows firewall) can be fooled easily i.e. with simulated FTP code.
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.