| Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. | | Speaking of host firewalls, why is there so much noise about outbound | filtering? Think for a moment about how ordinary users would interact | with a piece of software that bugged them every time a program on their | computer wanted to communicate with the Internet. What would such a | dialog box look like? "The program NotAVirus.exe wants to communicate on | port 34235/tcp to address 207.46.225.60 on port 2325/tcp. Do you want to | permit this?" Ugh! How would your grandmother answer that dialog box? | Thing is, your grandmother just got an e-mail with an attachment that | promises some rather sexy naked dancing pigs. Then this crazy dialog box | appears. We promise: when the decision is between being secure and | watching some naked dancing pigs, the naked dancing pigs win every time. | The fact is, despite everyone's best efforts, outbound filtering is | simply ignored by most users. They just don't know how to answer the | question. So why bother with it? Outbound filtering is too easy to | bypass, too. No self-respecting worm these days will try to communicate | by opening its own socket in the stack. Rather, it'll simply wait for | the user to open a Web browser, then hijack that connection. You've | already given the browser permission to communicate, and the firewall | has no idea that a worm has injected traffic into the browser's stream. | Outbound filtering is only useful on computers that are already | infected. And in that case, it's too late - the damage is done. If | instead you do the right things to ensure that your computers remain | free of infection, outbound filtering does nothing for you other than, | perhaps, to give you a false sense of being more secure. Which, in our | opinion, is worse than having no security at all.
(Jesper Johansson, Steve Riley)
I'm happy to read, that Microsoft is learning about security. Maybe we can hope, that Windows Vista will correct some concepts. Let's see...
Hey, Jesper, Steve, could you please, *PLEAZE* work on the topic, that Torsten's Script on
Thank you for helping fighting bot-nets! And, by the way: please,
*PLEAZE* offer this as a patch for older Windows versions, too! We're all suffering from your failures in the past.Yours, VB.