All Things Microsoft > Microsoft Software
Muzzy, why does Windows rule?
			toadlife:
			
			I think, in certain scenarios, the benefits of firewalls can be overrated. For example, putting a firewall in front of a server that has no daemons listening. It's like giving a deaf person ear plugs.
There is the possibilty of a strict firewall setup limiting a worm's ability to communicate - but if a worm infects your system, you have more problems to deal with than how your firewall is set up.
		
			muzzy:
			
			Typically people still run SSH, which at one point in time gained a name of "Super Security Hole". By merely having ssh daemon running, the system could've been taken over, and lots and lots of systems indeed were. It could happen again.
I never ran firewall on Windows NT based systems. I only used to run it on 9x, where the network stack was so royally fucked that you needed a firewall to filter out packets that the system couldn't handle without crashing. Linux had a few of such issues in the past, too. That, too, could happen again. And we're definitely going to see it happen again once we get into ipv6. Then, it might not be quite so silly to have a hardware firewall sitting in front of a network that has no daemons running.
My primary annoyance on WinNT without firewall was the RPC service which simply could not be closed from the network. It would always listen, unless you hacked it. That royally sucked, however I left it open just to dare all the hackers out there. I took some precautions, though, such a disabling DCOM and other fun stuff... years before the DCOM vulnerabilities became known :)
Overall, firewalls are good stuff, however I couldn't sleep at night if I knew my system could be taken over if the firewall were somehow to disappear. You never know what kind of implementation issues even the hardware firewalls might have...
		
			noob:
			
			i won't run windows without a firewall. too risky, considering i have college work on it hosted to the world.
		
Navigation
[0] Message Index
[*] Previous page
Go to full version