Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to LiberalKing
Re: FIRST POST
said by LiberalKing  : First moron, more like it.said by the article :
it was not really designed to stop programs from getting out (phoning home) Is "was in no way designed for" different from "was not really designed for" ? I think the latter suggests a minor effort which expects to fail, while the former suggests that the issue was not addressed in any way.
The XP/SP2 firewall is strictly inbound - by design - and though one can make a fair case for a firewall in both directions, hinting that XP/SP2 doesn't do such a good job on the outbound side is really disingenuous.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
| said by Steve :The XP/SP2 firewall is strictly inbound - by design - and though one can make a fair case for a firewall in both directions, hinting that XP/SP2 doesn't do such a good job on the outbound side is really disingenuous. I've read that the firewall that comes with Windows Vista will be a true 2 way firewall. The existing firewall vendors are already probably having their lawyers draw up anti-trust charges against Microsoft.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
My Web Page |
|
BillRoland
Premium
join:2001-01-21
Ocala, FL
clubs:
·Cox HSI
| reply to Steve
said by Steve :said by LiberalKing : First moron, more like it. said by the article :
it was not really designed to stop programs from getting out (phoning home) Is "was in no way designed for" different from "was not really designed for" ? I think the latter suggests a minor effort which expects to fail, while the former suggests that the issue was not addressed in any way. The XP/SP2 firewall is strictly inbound - by design - and though one can make a fair case for a firewall in both directions, hinting that XP/SP2 doesn't do such a good job on the outbound side is really disingenuous. Steve Amen Steve . I'd really like to know why an inbound only firewall failing an outboung firewall test, is news?
--
"Don't steal. The government hates competition." |
|
Done_Posting
Shoot to kill
Premium
join:2003-08-22
Toledo, OH | reply to GOLFnSUN
I've also read that the two-way firewall is supposed to make an appearance in XP/SP3 when it's realeased later this year.
- Tate
--
"I may work for a cable ISP, but I'm still an okay guy." |
|
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| reply to GOLFnSUN
Correct, MS actually posted the details months ago: »www.microsoft.com/technet/commun···106.mspx
Moreover it's been already in Vista betas for a while now (since CTP Dec) but it wasn't that easy to activate: »www.networkworld.com/news/2006/0···all.html
I've received the latest beta (CTP Feb) from MSDN weeks ago but I haven't had a chance yet to look whether it's got better or not... |
|
micl
Visit Lovely Downtown Port Starboard
Premium
join:2001-10-25
Silver Spring, MD
| reply to Steve
I remember when a firewall meant it blocked in-bound *and* outbound. If it just blocks in-bound, is it really a firewall just because someone calls it a firewall? Or is it just NAT?
--
If I don't see you in the future, I'll see you in the pasture |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by micl :I remember when a firewall meant it blocked in-bound *and* outbound. That's never been the definition: a firewall is a device which applies access policy to network traffic, and the administrator can define it in any direction as he wishes.
In 1994 I was setting up Livingston Portmaster routers with fairly extensive filtering rules, and just because I chose to employ no outbound protection doesn't mean that it wasn't a firewall.
And the XP firewall isn't do NAT anyway.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
AnonName
@kaballero.com
| Ah, the Portmaster... I remember them well. I managed a few of them.
Great device, I liked it better than the Cisco 52xx and 53xx RAS servers but a hundred and twenty modems is just a mess of wires and cables.
Ever work with a DiGi board? I still have a couple of those around 
-m-
The complements were intended not snide. I'm looking to bury the hatchet, not sharpen it.
|
|
