Comments on: Microsoft Firewall Bashing… Didn’t Agnitum Already Try This? http://www.computerdefense.org/2007/02/microsoft-firewall-bashing-didnt-agnitum-already-try-this/ Sharing my thoughts with the world. Wed, 16 Nov 2011 02:58:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Tyler Reguly http://www.computerdefense.org/2007/02/microsoft-firewall-bashing-didnt-agnitum-already-try-this/comment-page-1/#comment-7708 Tyler Reguly Thu, 26 Apr 2007 01:09:00 +0000 http://www.computerdefense.org/?p=262#comment-7708 Tony, Gralla isn't talking about a Wizard... he's talking about run-time interaction... He wants the user to be prompted... that leads to complacency (btw to imply that Windows is all about complacency is just insulting)... There's no need to hunt and peck for software... Myself and others have made rulesets available that you can easily apply. I have, on numerous occasions, requested additional software that people would like to see rules added for. I've added every request I've seen. I wouldn't call it time consuming... the list I created, which has every program I could think of that your average user would use and a few extras and it took me 15-20 minutes... If you can't take 15-20 minutes of your time to ensure that extra bit of protection... then you probably shouldn't have the extra protection... I'd compare it to self defense classes for women... They put in the time and when they are attacked on the street they are prepared to defend themselves and get away from their attacker.... Women who don't take these classes aren't... They weren't wiling to put in the time, most likely because they felt safe and that they didn't need to invest the time... That was a choice they made... Hopefully this doesn't come across as a "you get what you deserve" statement because that's not how I'm intending it... I'm just saying.. how safe you are, is how much time you are willing to invest... This applies to everything.. computers included... and it's about damn time people realize it. Tony,

Gralla isn’t talking about a Wizard… he’s talking about run-time interaction… He wants the user to be prompted… that leads to complacency (btw to imply that Windows is all about complacency is just insulting)…

There’s no need to hunt and peck for software… Myself and others have made rulesets available that you can easily apply. I have, on numerous occasions, requested additional software that people would like to see rules added for. I’ve added every request I’ve seen.

I wouldn’t call it time consuming… the list I created, which has every program I could think of that your average user would use and a few extras and it took me 15-20 minutes… If you can’t take 15-20 minutes of your time to ensure that extra bit of protection… then you probably shouldn’t have the extra protection…

I’d compare it to self defense classes for women… They put in the time and when they are attacked on the street they are prepared to defend themselves and get away from their attacker…. Women who don’t take these classes aren’t… They weren’t wiling to put in the time, most likely because they felt safe and that they didn’t need to invest the time… That was a choice they made… Hopefully this doesn’t come across as a “you get what you deserve” statement because that’s not how I’m intending it… I’m just saying.. how safe you are, is how much time you are willing to invest… This applies to everything.. computers included… and it’s about damn time people realize it.

]]> By: Tony Lucio http://www.computerdefense.org/2007/02/microsoft-firewall-bashing-didnt-agnitum-already-try-this/comment-page-1/#comment-7706 Tony Lucio Thu, 26 Apr 2007 00:21:00 +0000 http://www.computerdefense.org/?p=262#comment-7706 I think you miss Gralla's point, which he made in his article, where he states the nominal home user should not be required to possess the knowledge of a systems administrator to have a decent firewall with minimal outbound protection. Gralla is correct in saying the Vista firewall allows ALL outbound connections by default, so a rule must be created to block any (or every) specific program or service. I agree that wizards for any program foster user complacency (and isn't that what Windows is all about?). But shouldn't minimal protection be afforded to the masses, who will never learn the difference between a NAT and a NAS? VistaFW can be configured to deny outbound connections by default, and then you must determine which Windows Services have to be allowed in order to minimize the number of ports open on your PC. I am doing this now, and it is a time-consuming, hunt-and-peck process. I really don't mind, I will understand this firewall better, but it is very annoying, especially when all Microsoft had to do was provide a decent rules-based firewall in the first place, a not so very difficult task to begin with. I think you miss Gralla’s point, which he made in his article, where he states the nominal home user should not be required to possess the knowledge of a systems administrator to have a decent firewall with minimal outbound protection. Gralla is correct in saying the Vista firewall allows ALL outbound connections by default, so a rule must be created to block any (or every) specific program or service. I agree that wizards for any program foster user complacency (and isn’t that what Windows is all about?). But shouldn’t minimal protection be afforded to the masses, who will never learn the difference between a NAT and a NAS? VistaFW can be configured to deny outbound connections by default, and then you must determine which Windows Services have to be allowed in order to minimize the number of ports open on your PC. I am doing this now, and it is a time-consuming, hunt-and-peck process. I really don’t mind, I will understand this firewall better, but it is very annoying, especially when all Microsoft had to do was provide a decent rules-based firewall in the first place, a not so very difficult task to begin with.

]]> By: Xierox http://www.computerdefense.org/2007/02/microsoft-firewall-bashing-didnt-agnitum-already-try-this/comment-page-1/#comment-7556 Xierox Tue, 24 Apr 2007 07:03:12 +0000 http://www.computerdefense.org/?p=262#comment-7556 Good post. Good post.

]]>