Our feature in the Nov. 18 issue of the Windows Secrets Newsletter inspired reader Hilton Travis to write in about ways in which software firewalls can bite back:
- “I’ve always been a proponent of proper network security. I’ve always been a proponent of running decent antivirus and firewalls. I’ve always been a proponent of having a primary firewall that is a hardware firewall — be it a router, m0n0wall box, or whatever product you choose. A hardware firewall that’s not based on an inherently insecure, over-featured operating system, that is.
“I can understand the use of a software firewall in addition to this primary firewall for home users. A properly designed software firewall (this obviously means not the Windows Firewall) will enable a home user to block all outbound traffic they don’t want to allow out to the Internet. It is an additional line of defense, and generally a good idea.
“I cannot, however, advocate a similar practice in a business network. Software firewalls only increase the complexity of any network, often to the point where the frustration caused by the ‘over-enthusiasm’ of the firewall is costing the company money. This ultimately results in the firewall being disabled anyway — or defaulting to allow all traffic in and out, effectively disabling it.
“We’re now at a point where there are at least three worms that can disable the Windows Firewall. This is purely due to a stupidity-encouraged design flaw by the Microsoft Security team. Microsoft decided to implement a mechanism whereby another vendor could disable the Windows Firewall during the installation of its third-party firewall. All these Bagle variants have to do is to trigger this mechanism, and the Windows Firewall is disabled, replaced with nothing — well, nothing enhancing your security.
“How long will it be before a worm is written that can decode the UPnP [Universal Plug and Play] username and password stored in the Registry, and combine this with the ‘Disable Windows XP SP2 Firewall’ vulnerability to disable not only your personal firewall, but also the firewall of anyone insane enough to enable UPnP? This means that it could disable the hardware firewall on a business or corporate network, if the administrator was ‘green’ enough to believe Microsoft’s hype about UPnP that they preach in their MCP and MCSE courses.
Related posts:
