Sean Donelan <sean@donelan.com> 8/14/03 8:29:07 AM >>>
John Markoff reports in the New York Times that Microsoft plans to
change
how it ships Windows XP due to the worm. In the future Microsoft
will
ship both business and consumer verisons of Windows XP with the
included
firewall enabled by default.
[Veering further off-topic]
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS?
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS? --
No clue, but I can tell you how long it will last before ISP helpdesks disable the firewall.
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS?
Along the vein of "I dislike Microsoft, but let's get over it" - when some Linux started out with, what, ipchains/ip-something to protect it from network vulnerabilities, it took our little lab's folks some time to remember to punch holes in it for DNS, SSH, etc. each time we set a new one up. Ah, live and learn.
The legacy of shipping machines open to attack predates Microsoft, it isn't "their fault(tm)". This issue was raised in at least as far back as "The Cuckoo's Egg" (since I've met folks that don't remember it, by Clifford Stoll - very entertaining tale of an astronomer-turned-SA tracking a hacker). In the epilogue, he mentions the Morris worm, so we're talking about incidents in '87 or so. (The Morris thing was what, Nov 2, 1988? Give or take a week.) I highly recommend that book as part suspense novel and part security tutorial.
Every time a vendor/open-sourcer decides to stop shipping with security down, there's a learning curve forced on the buyers. But that's why we get paid to work in air conditioned offices in the summer.
It comes standard with a firewall built in, which is not user friendly and you
have to still purchase a firewall that allows user access to control what
gets blocked and what does not, most intelligent people turn it off.
No answer on that one, However Mac OS X also includes a built in firewall.
yes, with fairly a simple method to add listening services to it... though
it seems the 'listening service' might have to register with the OS in
order to be seen in the preferences panel? Oh, and lest I forget (which I
did) press the 'START' button to make it active
On the configuration angle, the Microsoft ICF (Internet Connection
Firewall) blocks everything by default.
> On the configuration angle, the Microsoft ICF (Internet Connection
> Firewall) blocks everything by default.
>
as does OSX.
Just to clarify, the OSX firewall has a little bit of sense. If you check
that you want to enable one of the services it will automatically add the
exception to the firewall rules.
That is all through the GUI though. From terminal you can modify firewall
rules (ipfw) and add/remove services without notifying the GUI.
Microsoft's built in firewalling (at least for Win2k) would let you turn
on IIS and the firewall and the firewall would not allow connections to
port 80 unless you went in and allowed it.
About 30 seconds, for my customers. In fact, when you configure a dialup
connection, the firewall *is* enabled by default, until walk them through
turning it off? Why? Because after anywhere from 2 days to 2 months,
suddenly things just stop working...usually POP3, but often SMTP, HTTP or
HTTPS. Like many things MS, it's broken.
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
>> No answer on that one, However Mac OS X also includes a built in
>> firewall.
> yes, with fairly a simple method to add listening services to it...
> though
> it seems the 'listening service' might have to register with the OS in
> order to be seen in the preferences panel? Oh, and lest I forget
> (which I
> did) press the 'START' button to make it active
...which is completely redundant because MacOS X doesn't expose any
services except the ones that the user enabled in the first place.
or things like livewire/kazaa/aim (filedownloads)
So enabling the firewall is only useful if you don't trust the
applications you're running.
yup. but its nice that it has the damned firewall anyway
