Monday, February 14, 2005
When the Windows firewall won't protect you
Windows has a reasonable basic firewall in XP Service Pack 2. It has the same limitations as other firewalls, of course. Today I'll be talking about how it balances usefulness against paranoia.
The firewall controls who can see your shared files. After all you don't want random strangers on the Internet writing over your shared files. More subtly, every time someone finds a security bug in Microsoft's file and print sharing programs they can write a new virus or worm that spreads to every machine which makes those services visible.
But you do want to share the printer with the machine in the basement and to be able to swap files back and forth. That's why you have a network in the first place.
So the built-in Windows firewall hides file and print sharing from the Internet at large but makes them completely available to your local area network. That way you can share a printer with your wife but keep your files safe(r) from strangers on the Internet.
Q: You're about to point out a catch, aren't you?
Yes.
What happens when you're at a coffee shop?
The whole coffee shop is one local area network. The firewall is going to assume that since all the other customers are on the same local network that it can trust them.
Try a quick experiment. Browse the "Network Neighborhood" at Starbucks or at the library. Don't actually open anything you see, that would be unethical, but take home the insight that if you can see them then they can see you.
Other firewall programs like Zone Alarm will stop you and ask whether you want to trust each network you connect to. If you're at a wireless hotspot, just say no.
|
The firewall controls who can see your shared files. After all you don't want random strangers on the Internet writing over your shared files. More subtly, every time someone finds a security bug in Microsoft's file and print sharing programs they can write a new virus or worm that spreads to every machine which makes those services visible.
But you do want to share the printer with the machine in the basement and to be able to swap files back and forth. That's why you have a network in the first place.
So the built-in Windows firewall hides file and print sharing from the Internet at large but makes them completely available to your local area network. That way you can share a printer with your wife but keep your files safe(r) from strangers on the Internet.
Q: You're about to point out a catch, aren't you?
Yes.
What happens when you're at a coffee shop?
The whole coffee shop is one local area network. The firewall is going to assume that since all the other customers are on the same local network that it can trust them.
Try a quick experiment. Browse the "Network Neighborhood" at Starbucks or at the library. Don't actually open anything you see, that would be unethical, but take home the insight that if you can see them then they can see you.
Other firewall programs like Zone Alarm will stop you and ask whether you want to trust each network you connect to. If you're at a wireless hotspot, just say no.
# posted by Frederick @ 6:52 AM Email to a friend:
Haloscan: they provide trackback