Crippled Firewalls
© April 2006 Anthony Lawrence
Microsoft announced that Vista (whenever it becomes a real product) will ship with outbound firewalling turned off. The reason: it's too "tricky" for Windows users to understand ("But I just can't imagine individuals dealing with outbound protocols and ports on their own. The idea of an outbound firewall is pretty darn technically tricky for the average user.").
Well, what isn't?
Seriously. We all know that most users don't even begin to understand what is happening and why. Heck, there's plenty of Windows stuff that most tech folk don't grok: open up a random tree in the registry and tell me what each entry really does. Most of us wouldn't have a great advantage over Joe User.
But does that mean Joe is a hopeless air-head who can't understand anything? Sometimes, sure. But really stupid people are just as rare as really bright folks. Maybe the problem isn't Joe User but Joe Programmer?
Let's say Vista left its outbound firewall on and Joe is presented with this message:
Foobar.exe attempting TCP port 25 to 169.54.32.11. Allow?
I certainly agree that Joe probably isn't going to understand that. You and I would, but Joe wouldn't. So no firewall software is likey to present it like that. No, instead it will probably say something like:
Foobar is trying to access the internet. Allow?
The problem with that is that it's not enough information. How the heck would Joe or I know whether that's OK or not? I've seen that message when telneting inside a lan - it's pretty stupid because telnet was NOT trying to access the internet. A paranoid user who knew that might say "No" to the access and then wouldn't be able to do their job.
How about instead the messages went something like this:
A program named foobar.exe is attempting network activity.
Foobar.exe does not appear to be part of any application you
installed on this computer. It is attempting to reach the Internet
mail interface (port 25) of a machine outside of your network (hobo.xyz.com, 169.54.32.11).
Suggested action: Do not allow. This may be a virus or trojan program.
And for our telnet?
The telnet.exe program is attempting network activity.
Telnet is part of Windows and appears not to have been modified or corrupted.
It is attempting to reach its normal interface (port 23) on a machine
within your network (unixbox, 192.168.2.3).
Suggested action: Allow always.
Would Joe understand those? I think most Joes would. Informative and intelligent messages aren't all that hard to create, and would allow ordinary users to make intelligent decisions about their firewall rules.
Got something to add? Send me email.
Inexpensive and informative Apple related e-books:
Photos for Mac: A Take Control Crash Course
Take Control of Upgrading to El Capitan
Take Control of iCloud
iOS 10: A Take Control Crash Course
Take Control of Parallels Desktop 12
More Articles by Anthony Lawrence © 2009-11-07 Anthony Lawrence
I am fascinated by religion. (That's a completely different thing from believing in it!) (Douglas Adams)
This post tagged:
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Printer Friendly Version
Crippled Firewalls Copyright © April 2006 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version