|
>http://habaneronetworks.com/viewArticle.php?ID=144 > >Quotes from the article: > >"As long as the person currently logged into the computer >has Administrative privileges, an application can easily add >an entry into the >HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ >key that will allow any application full rights to and from >the computer without the user's interaction or >knowledge. > >I have added another article that explains that >Microsoft's AntiSpyware Beta also ignores any changes to the >registry for this key. >You can read the article here >http://habaneronetworks.com/viewArticle.php?ID=146 > >While we're all quite thrilled that you (and others) have >taken the time and made the effort to learn how to totally >secure your computer without the actual need for a >firewall, the simple fact of the matter is that - for whatever >reason - the vast majority of Internet users will not >take that time or make that effort. > >For them, a software firewall with both inbound and outbound >protection makes a lot of sense (granted, only if they learn >how to properly install, set up and maintain that firewall and >give proper permissions). > >The ICF is a whole lot better than nothing, but as can >be seen from the article quoted above, it's certainly >not the "be-all", "end-all" that you're apparently >claiming it is. > >I know of no one besides myself who goes into their >Security Center every day to make sure nothing "new" has >appeared by itself - nor do I forsee masses of people suddenly >starting to do so. > >Your arguement also totally (and conveniently) ignores the >certain fact of whatever "zero-day exploit" comes down the >pike next. > >I've found it best not to make judgements on people >based on my level of knowledge, because theirs is what >we're all dealing with. Waving the "I'm smarter than you are" >flag is generally counter-productive to actually >helping people stay safe - whatever the tools >employed. Pete > >
Windows ICF will ask if the user wishes to allow an app access to the net with a popup dialog box. So, the user is not in the dark about an app making a connection. He/she is forewarned, and must make a conscious decision by clicking, Yes/No.
Who's 'WE'? You mean to say, 'I'm quite thrilled that you....'
Your assertion that I'm not using a firewall is inaccurate. As I've indicated, I use Windows SP2's firewall. I'm very pleased with its' capacity to protect my computer from incoming threats/hacks, just as the MS designers intended it to. It is what I - not 'WE' - recommend to all home computer users.
As you've stated, the vast majority of users do not know how to secure their network connections. That's a fact. However, my approach is to tell them what I've found to work best for myself, on my computer. Everyone's computer profile, and how they use it, is going to be different from my own, or your computer. So, by default, securing a computer has a trial-and-error process that each user will need to address on his/her own.
But, as far as net security goes, a correctly configured Windows SP2 firewall, and IE Internet Options Security Zone, Privacy, Advanced settings is adequate for home operators - provided they avoid risky behavior. I know, because I'm a home user, and it works for me. I don't know what 'WE' would advise, or who 'WE' is. I only know what I would advise.
Two-way firewalls and anti-virus software doesn't make a computer any more secure. For validation of this fact, visit any computer help forum and notice all of the requests for assistance by users who have two-way firewalls, and anti-virus software, but have, nevertheless, been compromised by all manner of trojans, viruses, spyware, etc.
I - not 'WE' - believe the only/best approach to securing a networked computer is to go without all of those third-party resource hogs (adding yet another layer of confusion to the securing process), and learn how to operate a computer responsibly.
|