Re: [Microsoft to ship new versions with firewall enabled]
Sean Donelan <sean@donelan.com> wrote:
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
while i think many of us will welcome this, i am skeptical of what the firewall will be 'enabled' to block, and how easy it will be for the user to set-up rules (and hopefully there will be a sanity check included so that 'permit in any' is not a valid option, but then 'permit out any' should not be one either) but still, it is a step... my $0.02 "Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence." - Stephen Hawking -
On Thu, Aug 14, 2003 at 10:46:56AM -0400, Joshua Sahala wrote:
while i think many of us will welcome this, i am skeptical of what the firewall will be 'enabled' to block, and how easy it will be for the user to set-up rules (and hopefully there will be a sanity check included so that 'permit in any' is not a valid option, but then 'permit out any' should not be one either) but still, it is a step...
It's a pretty rudimentary "firewall," I suspect enabling that by default is gonna piss off a hell of a lot of people (I'd venture to say it'll piss off more than a virus, since most are too clueless to get mad at that). John
At 10:46 AM 8/14/2003, Joshua Sahala wrote:
Sean Donelan <sean@donelan.com> wrote:
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
while i think many of us will welcome this, i am skeptical of what the firewall will be 'enabled' to block, and how easy it will be for the user to set-up rules (and hopefully there will be a sanity check included so that 'permit in any' is not a valid option, but then 'permit out any' should not be one either) but still, it is a step...
The firewall in XP appears to perform stateful inspection. I have run scans against my own XP machines using NMAP and other tools. The machine appears completely non-responsive to such scans (i.e. no response on any ports). I use this feature most especially when using public wifi hot spots, and encourage my clients to do the same (or use some other firewall software) when at such locales. What Microsoft implemented does seem quite sufficient for many users. The down-side to this and all other firewalls running in software on end hosts is the possibility of an application finding another path in (e.g. email attached virus) and disabling the firewall. I am no Microsoft apologist and am a proponent of open source, but have to admit they did a good job on this feature. It's good that Microsoft has finally realized the value in defaulting this capability to ON.
participants (3)
-
Daniel Senie
-
John Kinsella
-
Joshua Sahala