Local firewalls was: [thelist] what is this scam?

Kelly Hallman khallman at wrack.org
Tue Nov 26 17:44:01 CST 2002


On Tue, 26 Nov 2002, .jeff wrote:
> > Stuff like this makes me want to kick Bill Gates in the head.
>
> seriously, this isn't bill gate's fault.
> it's a feature that's harmless and being used in a manner it was never
> intended for simply because you haven't secured your computer a) by
> disabling that service and b) sitting behind a firewall.

It's doubtful Microsoft is intentionally making security holes in their
software but I do believe they are very lax in this department.  It is
irresponsible, saying the least, to release a product that defaults to a
vulnerable state -- especially when you market "security" as a main
feature and you are marketing the product specifically to end-users!

That "most" UNIXes have vulnerable defaults I find to be a specious claim,
but in those cases yes: the vendor of the distribution falls under the
same scrutiny as does Microsoft in this case.  Redhat is probably one of
the worst distros in this regard and it's still nothing compared to the
security concerns of setting up a Windows box.

The only defense of the Windows Messenger client is if (as reported) it
only accepts messages from the local subnet.  That seems like a reasonable
precaution since I don't think anyone should be hooking their box directly
up to the net without some kind of protection, Windows or not... However,
the mere fact that people are spamming this service is a good indication
that this is a security problem with Windows: poor planning + bad design.

I highly recommend some type of firewall for anyone with an always-on
connection.  Personally I've got a linux box as my firewall/gateway
machine and I also run ZoneAlarm on all the local boxes (good to be able
to control traffic out of your machine as well as into your network).

Anyone wants any info about setting up such a box, shoot me a message.
Even an old 200mhz PC will probably do the job quite nicely.
Plus, you get a server out of it too :)

--
Kelly Hallman
http://wrack.org/




More information about the thelist mailing list