Re: OT: Re: The Morris worm to Nimda, how little we've learned or gained

["H. Morrow Long" <morrow.long () yale edu>]

Roelof JT Jonkman wrote:
> ... I believe that one of not so recent
> developments of personal firewalls has helped considerably in making security
> more accessible for an average Internet User. (I'm not quite sure, but is
> Microsoft shipping a personal firewall integrated with the latest windows
> incarnations?)

Windows XP (Pro and Home) come with a "dumbed-down" version of a personal
PC firewall built-in, however it is much reduced from what was envisioned
originally and is lacking quite a bit of the full firewall features and
functionality which most would want out of a personal PC firewall product
(IDS, stateful multi-level inspection, enterprise management, extensive
logging, etc.) for which you would really want to purchase a best-of-breed
product from a 3rd party vendor for XP.

I actually recommend the use of separate external dedicated small (SOHO) NAT
routers (ala LinkSys, D-Link, NetGear, etc.) with firewall functionality to home
high-speed "always on " cable/dsl Internet users in addition to or instead of
software-based host-based firewalls as they are more idiot-proof (harder to
misconfigure) and are more fail-safe.

The advantage that software/host-based personal PC firewalls have (which is why
they are a useful addition) is the ability to verify that the program starting
up and attempting to access the Internet is known and authorized to do so. This
is a great benefit of ZoneAlarm which can block viruses, worms, spyware and
other malicious software from making unauthorized connections to the Internet.

In combination with a good commercial and up to date anti-virus package the PC 
user has a good base for some desktop protection (provided they don't run IE,
Outlook, AOL IM, LimeWire, etc.........).

- H. Morrow Long

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature