05 April 2007

Firewalls Suck

Impromptu

Firewalls suck. I hate them. Sure, a firewall can do you a lot of good in the hands of someone who knows what they are doing, but commonly, firewalls are the little Dutch boy's finger of the network security world. The problem is, no one else comes by to help.

Security charlatans sell firewalls like snake oil. They claim firewalls are mythical pieces of equipment or software that can protect the user from every computer security issue out there. So what happens? Your novice or otherwise uneducated user (or even worse, users who think they are well versed, but really aren't) runs a firewall and thinks they are safe. They don't patch their systems promptly because they believe the firewall will protect them. They don't password protect sensitive services, or encrypt sensitive information because they think the firewall will protect them. They generally do stupid things because there is no need to be concerned; the firewall will protect them.

Just think about immortality for a moment. If you could never be hurt or killed, would you wear your seatbelt?

All that said, firewalls are actually quite useful as temporary solutions to problems, or insurance against possible issues that may come up in the future. If a vulnerability is discovered in a service your computer runs, you can quickly disable access to this service at the network level if, for some reason, you cannot disable the service outright.

In the end, a properly configured, patched system does not need a firewall. If a firewall is your main defense, you've got other problems.

1 comment:

steve said...

Firewalls. Hate em. I ask myself, who really wants the info on my computer anyway? Screws up my home network, can't see the other computers. Internet content blocked, etc. Okay, so I can fix it but it's a pain and a waste of time. Like I told a conspiracy nut friend of mine who thinks "the government" is spying on him, hey, who are you? You are nobody, who cares about you? There is nothing of value on your computer of any use to anyone else, least wise "the government". I want to control my computer, not Microsoft. Hey, it's my computer, leave the security to me. I don't open any emails to don't know, and my browser does a good job of blocking spam, pop-ups, etc. I want a setting that says "disable all firewalls"!