[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Windows firewall [citation]



TheMindwareGroup:
> Programs can automatically add themselves to the windows firewall
> found some code that does it here:-
> 
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa366421%28v=vs.85%29.aspx
> 
> Making useless against attacks from the inside.

It has already been said, that firewalls by concept won't work against
attacks from the inside since there are too many ways to circumvent
firewalls.

In my opinion, Windows personal firewalls attempting to filter outgoing
traffic are only cash cows. Good marketing. No sensible security concept.

Let's imagine for a moment someone wrote an Open Source Personal
Firewall (application level firewall) for Windows. Now someone writes
proof of concept code on how to circumvent that firewall. A new bug
against that firewall gets opened. But... The bug can not be fixed due
to limitations in Windows API and architecture. And since Windows isn't
Open Source and Microsoft doesn't care about strong security, the
underlying problem can not be solved. The bug persists, no chance of
ever getting fixed.

See also:
https://en.wikipedia.org/wiki/Application_firewall

Thinking about it some more... An application level firewall is similar
to an attempt to create a generic AppArmor. An application similar to
AppArmor, that doesn't need profiles, because it somehow understands all
applications it's designed to confine. We don't even have this in the
Linux world were source codes are available. Forget about even thinking
about implementing this for Windows.

If you are interested in innovative security technologies, look into
Linux, AppArmor, grsecurty, Qubes OS, etc. You could have a lot fun
writing profiles, which restrict everything but white listed things.
Windows is in this regard too limited. That's also why what you are
asking for doesn't exist and why no one is working on it.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk