Re: Microsoft to ship new versions with firewall enabled
Sean Donelan <sean@donelan.com> 8/14/03 8:29:07 AM >>> John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
[Veering further off-topic] Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? --
John Neiberger wrote:
Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? --
No clue, but I can tell you how long it will last before ISP helpdesks disable the firewall. -Jack
On Thu, 14 Aug 2003, Jack Bates wrote:
John Neiberger wrote:
Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? --
No clue, but I can tell you how long it will last before ISP helpdesks disable the firewall.
About 30 seconds, for my customers. In fact, when you configure a dialup connection, the firewall *is* enabled by default, until walk them through turning it off? Why? Because after anywhere from 2 days to 2 months, suddenly things just stop working...usually POP3, but often SMTP, HTTP or HTTPS. Like many things MS, it's broken. James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
No answer on that one, However Mac OS X also includes a built in firewall. On the configuration angle, the Microsoft ICF (Internet Connection Firewall) blocks everything by default. Scott C. McGrath On Thu, 14 Aug 2003, John Neiberger wrote:
Sean Donelan <sean@donelan.com> 8/14/03 8:29:07 AM >>> John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
[Veering further off-topic]
Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? --
On Thu, 14 Aug 2003, Scott McGrath wrote:
No answer on that one, However Mac OS X also includes a built in firewall.
yes, with fairly a simple method to add listening services to it... though it seems the 'listening service' might have to register with the OS in order to be seen in the preferences panel? Oh, and lest I forget (which I did) press the 'START' button to make it active :)
On the configuration angle, the Microsoft ICF (Internet Connection Firewall) blocks everything by default.
as does OSX.
On donderdag, aug 14, 2003, at 17:45 Europe/Amsterdam, Christopher L. Morrow wrote:
No answer on that one, However Mac OS X also includes a built in firewall.
yes, with fairly a simple method to add listening services to it... though it seems the 'listening service' might have to register with the OS in order to be seen in the preferences panel? Oh, and lest I forget (which I did) press the 'START' button to make it active :)
...which is completely redundant because MacOS X doesn't expose any services except the ones that the user enabled in the first place. So enabling the firewall is only useful if you don't trust the applications you're running.
On Thu, 14 Aug 2003, Iljitsch van Beijnum wrote:
On donderdag, aug 14, 2003, at 17:45 Europe/Amsterdam, Christopher L. Morrow wrote:
No answer on that one, However Mac OS X also includes a built in firewall.
yes, with fairly a simple method to add listening services to it... though it seems the 'listening service' might have to register with the OS in order to be seen in the preferences panel? Oh, and lest I forget (which I did) press the 'START' button to make it active :)
...which is completely redundant because MacOS X doesn't expose any services except the ones that the user enabled in the first place.
or things like livewire/kazaa/aim (filedownloads)
So enabling the firewall is only useful if you don't trust the applications you're running.
yup. but its nice that it has the damned firewall anyway :)
On Thu, 14 Aug 2003, Christopher L. Morrow wrote:
On the configuration angle, the Microsoft ICF (Internet Connection Firewall) blocks everything by default.
as does OSX.
Just to clarify, the OSX firewall has a little bit of sense. If you check that you want to enable one of the services it will automatically add the exception to the firewall rules. That is all through the GUI though. From terminal you can modify firewall rules (ipfw) and add/remove services without notifying the GUI. Microsoft's built in firewalling (at least for Win2k) would let you turn on IIS and the firewall and the firewall would not allow connections to port 80 unless you went in and allowed it. G
From my Ti Pb.
[Veering further off-topic]
Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS?
Along the vein of "I dislike Microsoft, but let's get over it" - when some Linux started out with, what, ipchains/ip-something to protect it from network vulnerabilities, it took our little lab's folks some time to remember to punch holes in it for DNS, SSH, etc. each time we set a new one up. Ah, live and learn. The legacy of shipping machines open to attack predates Microsoft, it isn't "their fault(tm)". This issue was raised in at least as far back as "The Cuckoo's Egg" (since I've met folks that don't remember it, by Clifford Stoll - very entertaining tale of an astronomer-turned-SA tracking a hacker). In the epilogue, he mentions the Morris worm, so we're talking about incidents in '87 or so. (The Morris thing was what, Nov 2, 1988? Give or take a week.) I highly recommend that book as part suspense novel and part security tutorial. Every time a vendor/open-sourcer decides to stop shipping with security down, there's a learning curve forced on the buyers. But that's why we get paid to work in air conditioned offices in the summer. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer Sponge Bob Square Pants? I'm still trying to figure out the Macarena.
It comes standard with a firewall built in, which is not user friendly and you have to still purchase a firewall that allows user access to control what gets blocked and what does not, most intelligent people turn it off. -Henry Edward Lewis <edlewis@arin.net> wrote:
[Veering further off-topic]
Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS?
Along the vein of "I dislike Microsoft, but let's get over it" - when some Linux started out with, what, ipchains/ip-something to protect it from network vulnerabilities, it took our little lab's folks some time to remember to punch holes in it for DNS, SSH, etc. each time we set a new one up. Ah, live and learn. The legacy of shipping machines open to attack predates Microsoft, it isn't "their fault(tm)". This issue was raised in at least as far back as "The Cuckoo's Egg" (since I've met folks that don't remember it, by Clifford Stoll - very entertaining tale of an astronomer-turned-SA tracking a hacker). In the epilogue, he mentions the Morris worm, so we're talking about incidents in '87 or so. (The Morris thing was what, Nov 2, 1988? Give or take a week.) I highly recommend that book as part suspense novel and part security tutorial. Every time a vendor/open-sourcer decides to stop shipping with security down, there's a learning curve forced on the buyers. But that's why we get paid to work in air conditioned offices in the summer. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer Sponge Bob Square Pants? I'm still trying to figure out the Macarena.
participants (9)
-
Christopher L. Morrow
-
Edward Lewis
-
Gerald
-
Henry Linneweh
-
Iljitsch van Beijnum
-
Jack Bates
-
John Neiberger
-
Scott McGrath
-
up@3.am