North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worms versus Bots
On Thu, 06 May 2004 11:45:23 +0200, Iljitsch van Beijnum said: > I object to the idea that requiring a software firewall inside a host > is a reasonable thing to do. Why on earth would I want to run an > insecure service and then have a filter to keep it from being used? You object to it, I object to it... but the fact remains that 95% of the user-accessible CPUs (not counting the embedded market) are running software that you have to do unreasonable things in order to make it anywhere near safe to use.... > Either I really want to run the service, and then the firewall gets in > the way, or I don't need the service to be reachable, so I shouldn't > run it. System services should only be available over the loopback > address. Now obviously this is way too simple for some OS builders, but > we shouldn't accept their ugly hacks as best current practice. "Best Current Practice" is *so* divergent from "Currently Deployed Practice" that there's little or no common ground. Attachment:
pgp00006.pgp
|