NIS will not let me synchronize the PC Date/Time

That actually depends on the defintion of "firewall", but I know what You mean.

That depends on the definition of "normal", but I certainly agree that many types of home users would be way better off with just a properly configured PC and a list of ground rules.

Makes no sense at all.

Leythos has taught me a lot. You have taught me a few things too.

It's rediculos that you're both at each other's throats like this.

Duane :)

To be honest, I don't know exactly what You mean by that.

/B. Nice

It means that they are at each other's throats.

Duane :)

May I mind you about some facts?

- A vulnerable service not offered on the network doesn't oppose any remote vulnerability.

- These are quite rare on an up-to-date Windows install.

- However, Windows Firewall does add an additional layer of defense.

- Personal Firewalls only add complexity and a lot of well-known remote vulnerabilities, ranging from all-common DoS to remote code execution.

- Users don't know how to make qualified decisions, yet won't know how to configure it correctly in first place (you know, the default configuration sucks way more than a vacuum cleaner). They don't achieve any security through any serious or non-serious host-based packet filter (whereas PFWs are the latter).

- Many users do utilize a router. Admitted, the NAT isn't a firewall at all, but its effect on security is still way bigger than any PFW.

Now get a grip on reality and some technical clue on why PFWs are bullshit and superfluos.

The common definition of a firewall is a concept of separating network by filtering traffic between them. Anyway, serious host-based packet filters (means: not a PFW) may be part of the firewall concept (specifically the host security part).

Point is that NetBIOS can be easily bound to an interface. Or, if you're inside a LAN, the router usually is the boundary.

In any case, Windows firewall is a host-based packet filter, not a firewall, that works as supposed!

Usually a malware will easily circumvent the PFW, shut it down or simply click away the message.

You seem to believe his story.

Yours, VB.

I know.

I know it is just a host-based packet filter. But if the definition of firewall is "a piece of hard- and/or software to control communication between different zones of trust in a networking environment" You

*can* get away with calling ZA or the windows firewall a firewall because it tries to establish a virtual border line between the internet and Your PC. And take note of the fact that I am *only* talking defintion here. I haven't said anything about the quality of solutions.

Yup. The clever ones will. The not so clever ones will be spotted by a PFW and granted access by the user ;-)

Then I think You did'nt understand my posting the way it was intended :-)

/B. Nice

Okay, thanks :-)

Since news server from my ISP have troubles, and I don't see Volker's reply I will post answer to myself.

In a case of a desktop PC connecting through modem that is true. But I gave example of a situation where Windows firewall without additional changes fails. Try it yourself. I put myself in a role of an unexperienced user who has laptop connected to a home wi-fi with sharing enabled, now he has traveled and connect to public hotel wi-fi, without changing anything.

I agree.

Yes, there is no good personal firewall. Knowing that, choice what solution to use Windows firewall or some third party is not simple, every solution have security holes. The question is can that holes affect user, answer depend on:

1. User involved (rookie, advanced, expert)
2. Software/Network configuration (servers running, shared resources...)
3. Use (Wireless, LAN, direct connection).
4. Neighbourhood, hostile or friendly, attack probability.

The solution varies from one case to another. That is my point. You cannot just advice people to use what you think is good, that might be bad solution in their specific case. You are not familiar with their situation. This is not about Windows firewall for which I think that in most cases is good solution. This is about your answer (Use this personal firewall only because me and many other experts think it is the best crap available) without informing yourself about poster's situation. Many people reading this group think you are an expert, that means that they are going to do exactly what you said, think about that. Currently there is no personal firewall that can be recommended. Choice of personal firewall and consequences of that choice in many cases depend on luck only.

In short words, don't recommend any personal firewall. Help if you can, but leave choice to the poster, he might be more lucky than you are.

Of course, the user has to use the GUI to choose, wether he is in his internal network or not. This is the case for every packet filter in this situation.

I'm not talking about misconfiguration or about PEBKAC. I'm talking about security design flawsin the common "Personal Firewalls". And I cannot see something like that in Windows-Firewall.

I cannot see one single case, where a "Personal Firewall" of your choice is better than Windows-Firewall or just stopping services.

Please show me one if you have one.

Yours, VB.

Again, reply to myself.

ZA has options to put automatically every new detected network to internet zone and all unprotected wi-fi networks as well.

You cannot see becouse there is none, I don't recommend personal firewalls, they are all equaly insecure incuding Windows firewall. Take for example eMule it opens ports in Windows firewall without user intervention, malware can do the same. So just pick up randomly and hope you'll be lucky.

Well, maybe I can only say that I don't recommend NIS becouse of high system requirements. And ZA in LAN it creates troubles.

Isn't it supposed to create trouble? The implementation looks exactly like that.

Duane, I'm not at anyone's throat, I'm just stating that his statements don't reflect how things happen in the real world. VB has some good ideas, and his "intentions" seem good too, but he's missed the boat when it comes to real world specifics.

I don't get upset in Usenet, not at all, I just feel sorry for him, that he's gone so far as to be blinded by something that has given him a reason to ignore facts when presented by others.

What you state is 100% fact, and it will be lost on the anti-PFW group. It's a shame they never offer to help people that ask for it, their only reply is to tell them to uninstall their PFW and use Windows Firewall, which is not the solution or answer to their question.

Could it be that many people when asking for help, are already determined to use a PFW because they have been told by the masses that it is the right thing to do?

So they will ask specifically for help on how to use the PFW, or for opinions on which one is the best out there. They are not prepared to be confronted with the fact that installing one maybe was'nt the right choice in the first place.

I have'nt been in this group long enough to be able to claim that this is a fact here, but it is definately my experience from other similar groups.

When You already are determined that You need a PFW, You will take advice from those who back You up. People who claim You don't need one will seem ridicoulous and are probably just hackers in disguise.

/B. Nice