APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Crippled Firewalls

Microsoft announced that Vista (whenever it becomes a real product) will ship with outbound firewalling turned off. The reason: it's too "tricky" for Windows users to understand ("But I just can't imagine individuals dealing with outbound protocols and ports on their own. The idea of an outbound firewall is pretty darn technically tricky for the average user.").

Well, what isn't?

Seriously. We all know that most users don't even begin to understand what is happening and why. Heck, there's plenty of Windows stuff that most tech folk don't grok: open up a random tree in the registry and tell me what each entry really does. Most of us wouldn't have a great advantage over Joe User.

But does that mean Joe is a hopeless air-head who can't understand anything? Sometimes, sure. But really stupid people are just as rare as really bright folks. Maybe the problem isn't Joe User but Joe Programmer?

Let's say Vista left its outbound firewall on and Joe is presented with this message:

Foobar.exe attempting TCP port 25 to 169.54.32.11. Allow?

I certainly agree that Joe probably isn't going to understand that. You and I would, but Joe wouldn't. So no firewall software is likey to present it like that. No, instead it will probably say something like:

Foobar is trying to access the internet. Allow?

The problem with that is that it's not enough information. How the heck would Joe or I know whether that's OK or not? I've seen that message when telneting inside a lan - it's pretty stupid because telnet was NOT trying to access the internet. A paranoid user who knew that might say "No" to the access and then wouldn't be able to do their job.

How about instead the messages went something like this:

A program named foobar.exe is attempting network activity.

Foobar.exe does not appear to be part of any application you installed on this computer. It is attempting to reach the Internet mail interface (port 25) of a machine outside of your network (hobo.xyz.com, 169.54.32.11).

Suggested action: Do not allow. This may be a virus or trojan program.

And for our telnet?

The telnet.exe program is attempting network activity.

Telnet is part of Windows and appears not to have been modified or corrupted. It is attempting to reach its normal interface (port 23) on a machine within your network (unixbox, 192.168.2.3).

Suggested action: Allow always.

Would Joe understand those? I think most Joes would. Informative and intelligent messages aren't all that hard to create, and would allow ordinary users to make intelligent decisions about their firewall rules.


Got something to add? Send me email.





Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





A C program is like a fast dance on a newly waxed dance floor by people carrying razors. (Waldi Ravens)

The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming. (Donald Knuth)







This post tagged: