Re: Windows 98 box is 'owned'; Re:

[Glenn Sieb <ges () wingfoot org>]

[more offlist commentary... --Best, G.]

GuidoZ said the following on 10/5/2004 1:56 AM:

>  Hello again. =)

:)

>  Completely agree, 100%. I'd never expect a home user to have a need
>  for a true hardware firewall. (I also noted in my original reply to
>  the list that a router like those mentioned would be plenty for his
>  mother.) The NetGear is a good choice. I'm usually one to recommend a
>  LinkSys, however NetGear is my 2nd choice. =)

*nodnod* I'm new on the list, I may have missed some of the original
commentary.... Since I'm no longer at Lumeta, I wanted to keep my
'fingers in' what the communities are looking at for security products &
discussion--I mean I can still bounce things off of Ches and Tal, but
still--it's good to read other perspectives too! :)

>  My argument wasn't that home users needed a true hardware firewall.
>  It was that LinkSys, NetGear and D-link don't make true hardware
>  firewalls. Terminology, nothing more. ;) I've been in this industry
>  far to long to let something like that get by. Too many people
>  already have it confused.

*nodnodnod* I fully agree. At least some of them put out things
resembling them :) I'm much happier with the Netgear than I was with the
DLink, personally.

>  I would also like to emphasize a point you made - if it's not
>  possible for them to use correctly (even if it is just a router),
>  then having it is a waste. You could have the best tools in the world
>  at your disposal, but if you have no clue how to use them, it's
>  meaningless. Very good point.

Yeah--I've been doing over-ICQ troubleshooting with a friend who has DSL
and one of the Netgears. Finally I told him he needed to just call
Netgear--they'd get the router to log into the DSL accounts, and then
everything would be hunky-dory--he had "a friend" come over--and though
everything's plugged into the right ports (thank the gods), the guy
never did anything about having the *router* do the log-in to the
service. *sigh*

>  Don't get me started on BlackICE! =) It's an IDS, not a true software
>  firewall. (Google it for more info - Steve Gibson has a good write
>  up on it.) ZoneAlarm is a good choice. So is Kerio. Both are free,
>  easy to use, and work. Aside from the freebie class, I'm a big fan of
>  Sygate. I do NOT like Norton Internet Security and McAfee anything.
>  Both are resource hogs and frankly are unnecessary. Why pay so much
>  for something you can get for free?

*nod* I just know that one of the guys at Lumeta (Karl Siil) swore by
it. *shrug*--I've always had ZoneAlarm, personally. I haven't heard
of/played with Kerio yet--or Sygate. I fully agree with Norton &
McAfee--however, a lot of people buy them because of the name.

>  Amen. I swear by FireFox/Mozilla products and have since the old
>  Netscape days. Luckily, I started converting those whom I had
>  influence over years before IE started having all the recent
>  problems. (Just back when it was having the other problems. =P )

LOL! :)

>  When the time came that it simply wasn't safe to use IE anymore, they
>  switched without much fuss. The only thing missing when it comes to
>  functionality is something no one should of started relying on in the
>  first place - ActiveX.

Hear Hear!!!! Unfortunately, people don't "get" that it's so damn evil :-/

>  One of the organizations I support based an
>  application on the .NET framework and was using an ActiveX applet to
>  do some client side scripting. Unfortunately nothing but IE will work
>  for them. If you have any suggestions, I'm quite willing to listen.
>  ;)

Hmm. So they're looking to run an applet on the client side via a
webpage? Java/script would be less evil than ActiveX....(not by much but...)

Whenever I wanted to run stuff client-side, I just used a WSH script--if
it's all internal-stuff, then the WSH script can be run off of a domain
controller, and the output (if any) could be saved on whatever internal
server it would have access to.... At least it's *not* ActiveX...
(granted, it can still be evil, however..  My point is, I'd rather trust
*my* evil to do the right thing, than trust an ActiveX applet to do the
right thing...)

>  Again, see my first paragraph. I wasn't trying to convince Tom, Dick,
>  and Harry to go out and get a SonicWall. I was only stating that
>  there is a big difference between NAT and a hardware firewall. Not
>  only would it be way overkill, but it would also be a waste as they
>  coudl never figure out how to use it properly. A poorly configured
>  firewall is worse then none at all - it gives a false sense of
>  security. A problem often overlooked by too many that should know
>  better!

*nodnodnod* We eventually gave up on the Nokia (couldn't get some things
to work like DHCP forwarding--long story), and ended up building a
FreeBSD/ipf solution which (to my knowledge) is still serving them to
this day.

>  One firewall that could be considered both a hardware and software
>  firewall (and even an enterprise class one at that) is the Linux
>  based Smoothwall. It's free to download and only needs two NICs
<snip>
>  Defanitely check it out if you haven't already:
>  http://www.smoothwall.org (Google it for myraids of configuration
>  tips, scripts and tweaks.)

Nice! I'll have to look into it :)

>  Likewise. =) I always appreciate intelligent conversation.

Ditto :))

Best,
G.
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
         ~Benjamin Franklin, Historical Review of Pennsylvania, 1759