Re: OT: Which firewall is best?

"Leythos" <spam999free@xxxxxxxxxx> wrote in message
news:MPG.2410886b1b8580189899ad@xxxxxxxxxxxxxxxxxxxxxxx
In article <go62tc$3vv$1@xxxxxxxxxxxxxxxxxxxxx>,
erratic@xxxxxxxxxxxxxxxxx says...

"Leythos" <spam999free@xxxxxxxxxx> wrote in message
news:MPG.240db73f21606a06989990@xxxxxxxxxxxxxxxxxxxxxxx
In article <gnvkko$vji$1@xxxxxxxxxxxxxxxxxxxxx>,
erratic@xxxxxxxxxxxxxxxxx says...
I have to agree here. It isn't the job of an application to
protect
itself from the consequences of carrying out the users wishes. A
program
running with requisite permissions to disable the firewall should
be
able to do so - it is not a hole.


If the user doesn't understand or approve of the HOLE then it's not
desirable.

Then please explain the reasoning behind providing an API to modify
the
exclusions list. If the personal firewall's job is to stop programs
from
accessing the internet, why write an API to facilitate a program's
ability to create a "hole" as you call it?

You're mistaken again, the hole is almost always INBOUND, meaning that
something/one on the internet can access the workstation.

As far as I'm concerned, exposing the interface of the firewall to
anything except the firewall program is a flaw, bad idea, serious risk
considering the level of understanding of the people using the
computers.

Sure, an untrusted program should not be allowed to disable or
otherwise
get around or through the firewall, but a program running with the
permission of a user *with* the authority - should be able to.
Imagine a
PFW that wouldn't allow *you* to control *it*! Now *that* would be
undesirable.

And that's why people have compromised systems, thinking like yours.

No need to get personal here, besides - I'm mostly agreeing with you. I
only take exception to your use of the word "hole" in that it implies a
failure.

<<<WARNING - ANALOGY FOLLOWS>>><<<

Say you went off to work and locked your door. Your intent is to keep
possible burglars out as well as keeping your scarlet macaw in. The
problem is that you left your kitchen window open.

A burglar may consider that a hole to get in through. Your bird may
consider that a hole to get out through. You may consider it to be a
hole in your security. I would only object to your considering it to be
a hole in the window because it is a feature of that window that it be
openable from the inside by you (but not by your parrot). The window is
operating within its designed parameters and so has not failed.

The PFW should require a user/password to make changes, should make
sure
that the user knows changes are being made to it, and should not let
third party apps make changes.

I agree. But if it wasn't designed to do so, it can hardly be considered
a failure when it doesn't.

You seem to want to take this discussion down a ridiculous direction -

Appearances can be deceiving.

I've not once said that people should not be able to modify a
firewall.
I've been very clear in my statements, don't read MORE into them than
what I've said.

I don't think I am. I'm just saying that if a firewall has a feature
that allows programs to configure both inbound and outbound rules
without any further authentication than the credentials provided by the
user that installed and/or is running the program - the use of such a
feature is not a 'hole'. If a kitchen window is designed to be openable
by a parrot, it is not a hole but rather a misunderstanding of the
function of that window that allowed the parrot to escape.



.

Relevant Pages

  • Re: OT: Which firewall is best?
    ... running with requisite permissions to disable the firewall should be ... If the user doesn't understand or approve of the HOLE then it's not ... Then please explain the reasoning behind providing an API to modify the ...
    (alt.comp.anti-virus)
  • Re: OT: Which firewall is best?
    ... running with requisite permissions to disable the firewall should be ... If the user doesn't understand or approve of the HOLE then it's not ... Calling an illegal alien an "undocumented worker" is like calling a ...
    (alt.comp.anti-virus)
  • Re: Looking for opening in Firewall on 1998 Corolla
    ... Is there a grommeted opening in the firewall somewhere ... There are often a few unused holes through the firewall with blank ... Some of the in-use holes have a 1" bundle of wires ... into the firewall hole. ...
    (alt.autos.toyota)
  • Re: OT: Which firewall is best?
    ... running with requisite permissions to disable the firewall should be ... If the user doesn't understand or approve of the HOLE then it's not ... exposing the interface of the firewall to ... Calling an illegal alien an "undocumented worker" is like calling a ...
    (alt.comp.anti-virus)
  • Re: 2002 Chevy Blazer Amp Install Through Firewall
    ... firewall of a 2002 Chevy Blazer that the power wire can be routed through. ... But in case there is no easy way, you may have to drill your own hole (which ...
    (rec.audio.car)