Re: Personal Firewalls Spring Security Leaks - Update

[InfoSec News <isn () c4i org>]

Forwarded from: Felix von Leitner <leitner () vim org>

Thus spake InfoSec News (isn () c4i org):

> http://www.newsbytes.com/news/01/171949.html

> By Brian McWilliams, Newsbytes
> ALISO VIEJO, CALIFORNIA, U.S.A.,
> 07 Nov 2001, 12:08 PM CST
>  
> Software firewalls deployed by millions of PC users offer only
> "illusory" protection against Trojan horses and other malicious
> programs, security experts warned today.

This is actually correct.

A packet filters is only useful if one can be sure that what little
protection it offers can't be circumvented.  That means that it can
not share the same machine with other applications that use untrusted
data. This is so basic, it's embarassing that it needs to be mention
at all :(

Personal Firewalls aren't.

> Techniques for defeating the outbound data filters in popular personal
> firewalls such as Zone Alarm and Norton Personal Firewall have been
> independently posted on the Web by several researchers.

This, however, is complete and utter bullshit.

You can _never_ restrict outgoing traffic in a meaningful way, i.e.
you can never lock a box down in a way so that an evil attacker could
not leak supposedly secret information out, except if you don't allow
any data to flow out at all.

Instead of explaining to the illiterate users of this snake oil
software the risks they are exposing themselves to, this article dumbs
them down even more.  It is very sad that this drivel is published at
all, and then forwarded to a respected mailing list as this, but it is
even sadder that apparently noone except me considers this
nauseatingly stupid, bordering on criminal.

Felix



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.