On Mon, Dec 20, 2004 at 12:26:31AM +0100, Florian Weimer wrote:
* Barney Wolff:
Perhaps, then, one should not be so quick to disparage software-based firewalls, resident on the computer itself.
Yes, but it's only a real obstacle if the malware doesn't run with SYSTEM privileges. If it's impossible for home users to work with reduced privileges, a host-based filter is no good (unless it's a very obscure brand which is not targeted by the malware 8-).
In general, home firewalls are better at preventing infection than containing it. That's true no matter where the firewall resides.
By the way, do you know if these "hardware firewalls" have a management interface on a factory-default IP address?
192.168.0.1 admin/admin is a good bet. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.