Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Ahh.. here's the quote I was looking for. ICF wasn't disabled until logon,
there was a time lapse at boot between when the system started accepting
network request, and when the ICF kicked in:
<quote>
# Boot time security. (On PC's running Windows XP Service pack 1, there is a
window of time between when your PC can "see" the network and when Windows
Firewall provides protection. This results in the ability for a "packet(s)"
of data to be received and delivered to a service without Windows Firewall
performing ANY filtering. This potentially exposes YOUR computer to
vulnerabilities. In Windows XP Service Pack 2, this vulnerability has been
stopped using a new "policy" that works during boot up. However, there is no
boot-time security if Windows Firewall is disabled.)
</quote>
I just found this funny in the fact that it came out just today:
http://seattlepi.nwsource.com/business/212437_rsaclarke17.html
I just happened to run across it.
Personaly, I think MS should implement a new feature to where if an end user
doesn't stay up to date with windowsupdate.com, that a big burly guy with
come to their house and smack them around a bit, heh.
"Ken Gardner" wrote:
> "CB" wrote:
>
> > Exactly, for simple end users that don't know (or care) any better, the the
> > MS solution would probably work for them. With you being a single user with
> > a single computer (hopefully behind a hardware firewall/router), you can
> > think that MS offers sufficient security and you may be right. With me in an
> > NetAdmin of a large firm, I know that isn't the case. It's all about scope.
>
> Of course, as a NetAdmin, you need to worry about lots of people who are
> complete novices (or dumbasses, like my younger brother) when it comes to
> security. Thus, I fully understand where you are coming from.
>
> > MS has made great strides in trying to make their products more secure.
> > However, they do still have a ways to go, it simply takes time. That is why
> > I said that I would wait at least a year or two. For example, (correct me if
> > I'm wrong MS), but MS's first shot at creating a firewall solution was a
> > joke. It's configurabilty was a joke and I believe (again, correct me if I'm
> > wrong) it didn't even start protecting your machine until after the user
> > logged in. So, if you are sitting there at a logon prompt (IE, you machine
> > rebooted during the night), it's unprotected until the user logs back in. in
> > XP SP2, MS re-did the firewall. It certainly much better. However, it's
> > still only protects you one way. It can protect people from 'hacking' into
> > your machine from the outside world, however.. it does not alert you if a
> > program is already on your machine and is going out to the internet with your
> > knowledge. (IE: a piece of malware that is reporting back to server about
> > your personal data on your PC). Other professional products will alert you
> > about this.
>
> I don't know whether the old ICF started up prior to the login point (in
> fairness, I think it did, but I can't remember), but I do remember that it
> was not turned on by default. And neither the old ICF nor the new and
> improved Windows Firewall block outbound communications. If you want the
> additional feature of blocking outbound communications with your firewall,
> you will need a third party firewall -- and I have no problem recommending
> one for anyone who is a security novice. That's not me. My strategy, which
> has worked 100% for years, is to be proactive, i.e. to use other software
> (antivirus and antispyware) to block the crudware from getting on my machine
> in the first place, and to stay fully informed and up to date on what I user
> need to do to prevent security breaches, e.g. configuring IE and Outlook to
> stop malware from installing on my machine without my knowledge or consent.
>
>
> > You're arguement about bells and whistles is actually ironic. I've always
> > thought of MS as a company that cared more about making something 'pretty' as
> > opposed to making it work. Looks at Windows XP... They spend a lot of money
> > making it dumbed down and pretty. (fading menus, mouse
> > shadows, beeps and sounds everywhere, 'clippy' the paperclip', etc).
>
> True enough.
I always turn that stuff off whenever I can.
>
> > Security has actually been after thought of sorts (because it wasn't a huge deal in the
> > past. It's was more of a culture thing than a MS thing in my opinion). That's one of
> > the reasons why you see so many security updates time and again for Windows
> > itself. There's a ton of unsecure code in windows (which MS is doing their
> > best to patch), but since MS products of so heavily intergrated, you can
> > actually find a bug in 'Microsoft Instand Messanger' and use it to cause
> > havok on the OS itself (http://www.microsoft.com/technet/security/bulletin/ms05-
> > 009.mspx). It's just the nature of the best. One benefit of 'professional products' is
> > they don't always rely on MS's potentionally buggy code base.
>
> All this is true, but it is fair to say that at least since SP1, security is
> now on everyone's radar screen, especially Microsoft's. And it is more so
> with each passing week and month, it seems.
>
> > MS knows a lot. I would never take that away from them. However, I would
> > never be as careless as to say "I don't think anyone on the planet knows more
> > about security issues with Windows XP than Microsoft". I would think those
> > companies directly involved with viruses know more abotu viruses than MS,
> > same is true about companies that are involves with firewalls day in and day
> > out.
>
> I'm still not sure that my statement is incorrect, although obviously it is
> merely an opinion rather than a statement of known fact. Of course companies
> that specialize in particular areas, such as viruses, are going to know more
> about their specialized field than Microsoft. But Microsoft is going to know
> much more about how these virus products (to continue with your example)
> interact with the OS, for better or worse. More generally, Microsoft is
> going to know more about how to strike the most reasonable balance between
> performance requirements, stability requirements, and security requirements.
> There is much more to computing than security, which is why I say again that
> the goal of security should be to be secure enough. Every computer need not
> be the equivalent of Fort Knox, just good enough to stop malware peddlers
> from ruining computing for the rest of us. Security is like food: you need a
> certain amount, but if you eat too much you get fat, start slowing down, and
> start experiencing health problems.
>
> > Again, back to my original point.. MS's Antivirus and Firewall products
> > will probably be just fine for the common end user.
>
> And in all fairness, that's me, although I consider myself more
> knowledgeable than most such users.
>
> >But from a corp prospective, there's no way we'd risk our network until after at least a
> >year or two.... until the reports came back on how good it is. In the mean time,
> > I strongly recommand a good firewall for it can help you gaurd against MS's
> > bugs. I also recommand a good virus scanner because it can help you guard
> > against yourself (running viruses without thinking).
>
> I can't really disagree here, except that for a person like me Windows
> Firewall is plenty good enough and I have used it without a hitch since SP2
> came out in public beta.
>
> Ken