|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Stopping open proxies and open relays
On Sat, 07 Feb 2004 12:03:22 GMT, =?iso-8859-1?Q?Gu=F0bj=F6rn_Hreinsson?= <[email protected]> said: > Maybe we should first have laws that prohibit making and selling computers > without firewalls? In this context I should be fine making cars without This is going in the Very Wrong Direction. Consider that no firewall would have stopped MyDoom from spreading, unless it was sufficiently anal-retentive as to stomp on *outbound* SYN packets to anyplace except the user's preferred SMTP server (and even then, it would only slow things down, and is prone to "adjustment" by the worm similar to the way some malware turns off A/V software). When did Microsoft start *shipping* a firewall? Why are there still problems? Because it was shipped disabled. And they're doing the right thing and shipping with it enabled - but now there will be support calls on how to get a port open so XYZ will work... I wouldn't recommend trying to expand it to "prohibit making and selling computers that are insecure", since no computer is 100% secure, and there's no objective "secure enough" standard - closest you will get there is probably Dell's offer to ship machines pre-hardened to Center for Internet Security guidelines. Attachment:
pgp00016.pgp
|