Skip to content

Computer Security at Its Best

Reading Time: 1

I’m surprised I don’t blog more about technical items since that’s what my day job is. Perhaps my blog is to escape from all things technical.

Anyway, I came across this dialog box the other day on one of my machines and had to laugh. windows xp firewall It’s a great example of poor computer security and bad usability. It kind of defeats the purpose of a firewall if every time an application tries to start listening on a port, the OS asks you if it’s okay. Firewalls are not designed to be user-friendly. Firewalls are designed to work by policy. And policy doesn’t change when a new application starts up.

Post a comment Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Tuesday, May 3, 2005, at 8:01 pm by . Filed in Software Engineering.

4 Trackbacks/Pingbacks

  1. tyler on 04-May-05 at 7:21 am

    Very good point. You’re correct, firewalls shoudln’t be userfriendly. I haven’t made any changes to my firewall setup @ home for a year or so probably. I’ve got a homebrew script that makes use of iptables to firewall and forward requests. I always just disable the windows firewall because I see it as basically being worthless.

  2. Dave Forsythe on 04-May-05 at 10:22 am

    I think I’ve even seen a pretty simple VBA script that can turn it off. And it basicly just a version of what Zone Alarm was doing 3 years ago with some fancy vector graphics added to it.

    I will say that it has made my life of maintaining my Mom’s computer a bit easier because it doesn’t leave all of her ports open by default anymore. Mom’s and firewalls have been a notorious pain in the butt in previous years.

  3. mike on 04-May-05 at 10:37 am

    Thanks Dave, I deleted your duplicate anonymous comment. The real question is why are all those ports listening in the first place so you need a firewall? This is a home machine – it should default to not listen on any port except via 127.0.0.1. But a netstat on my XP box shows it listening on at least 3 ports using the default IP address – not 127.0.0.1.

  4. Dave Forsythe on 04-May-05 at 10:58 am

    And is that with the Windows FW turned on already?

    Leaky computers weren’t really a problem back in my dialup days, but now that I have an always on connection and a seldom off PC, I need something much more robust than windows FW. I remember how difficult it was for me to figure out how to close ports on my windows 98SE machine way back when so this is a tool that can be useful, but it still needs more functionality.

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*