On Mon, 2009-12-14 at 00:58 -0800, Owen DeLong wrote:
However, UPnP is, at it's heart a way to allow arbitrary unauthenticated applications the power to amend your security policy to their will. Can you possibly explain any way in which such a thing is at all superior to no firewall at all?
I would argue that a firewall that can be reconfigured by any applet a user clicks on (whether they know it or not) is actually less useful than no firewall because it creates the illusion in the users mind that there is a firewall protecting them.
Well, for many years I've argued (since I read an early draft of the proposal for uPnP ) that it really stood for "Unstoppable-Peek-and-Poke". It scares the hell outta me, full stop, way more than the users themselves - and they scare me a lot anyways. Seems a good time to ask while everyone's thinking about it: I wonder if anyone actually has first-hand experience of any el-cheapo plastic "home user" routers (say sub-50$US) that are worth a look at for low-end system trials? Zyxel maybe? I see Andrews & Arnold (in the UK) sell them and seem to rate them quite highly, yet the price is, frankly, a giveaway. Any thoughts? Ignoring, of course, the sad and embarassing fact that much of the UK's national telco backbone isn't v6 capable - a long (and buggy) story in itself, once you start trying to implement practical v6 end-to-end ) Gord