PCMech Forums - View Single Post

Felix · 01-29-2002, 08:35 AM

Hi gang,

well if someone is installing a firewall, let me add a thought I found in the Firewall book from William Cheswick and Steven Bellovin, (firewall designers at AT&T), edited by Addison Wesley:

1) Like Murphy would have said: all programs contain errors.

2) big programs have even more errors as one would expect regarding the code size.

3) security programs have security errors.

4) it doesnt matter if a program has security errors if you don't use it.

point 2 implies that Windozze XP is the buggiest piece of software ever seen on earth... keep your handsa off if security is an issue...

it also implies that a firewall ist most effective if it is possibly the only program running on a system as small as possible. This leads me to the conclusion that a Windows firewall is only few better than having no security system at all. Way better seems to me to have a small, dedicated firewall box such as the zyxel series or similar. They are not filled up with buggy bloatware, and are much more secure by design (see point 2).

Well if you have a single computer on the net, go with a personal firewall windows program, it's even better than having no security.

If you have a small LAN with internet connection sharing, I highly recommend a router box such as the zyxel series or similar. While NAT (Network Address Translation, used to give single account internet acces to a LAN) is no firewall it actually makes the LAN computers invisible for the internet. Only the router is visible, and there's nothing of interest on it. This solves a reasonable part of the security issue. If not satisfied, add an additional firewall box (not a windows program).

Any comments appreciated.
Felix

01-29-2002, 08:35 AM	#19
Felix Member (10 bit) Join Date: Mar 1999 Location: Zurich, Switzerland Posts: 797	A Windozze Firewall can't do any good... Hi gang, well if someone is installing a firewall, let me add a thought I found in the Firewall book from William Cheswick and Steven Bellovin, (firewall designers at AT&T), edited by Addison Wesley: 1) Like Murphy would have said: all programs contain errors. 2) big programs have even more errors as one would expect regarding the code size. 3) security programs have security errors. 4) it doesnt matter if a program has security errors if you don't use it. point 2 implies that Windozze XP is the buggiest piece of software ever seen on earth... keep your handsa off if security is an issue... it also implies that a firewall ist most effective if it is possibly the only program running on a system as small as possible. This leads me to the conclusion that a Windows firewall is only few better than having no security system at all. Way better seems to me to have a small, dedicated firewall box such as the zyxel series or similar. They are not filled up with buggy bloatware, and are much more secure by design (see point 2). Well if you have a single computer on the net, go with a personal firewall windows program, it's even better than having no security. If you have a small LAN with internet connection sharing, I highly recommend a router box such as the zyxel series or similar. While NAT (Network Address Translation, used to give single account internet acces to a LAN) is no firewall it actually makes the LAN computers invisible for the internet. Only the router is visible, and there's nothing of interest on it. This solves a reasonable part of the security issue. If not satisfied, add an additional firewall box (not a windows program). Any comments appreciated. Felix