>At the very least they should be checking execution path! c:\Program
>Files\Internet Exploder\iexplore.exe should be allowed, while
>c:\temp\iexplore.exe should be recognized as a seperate application. If
>windows will not report the execution path somehow (Which I would have
>trouble believing, even from microsoft) then yes, they should checksum.
>It's a reasonable approach.
I don't believe that this is what a firewall is suppose to do. A firewall
checks packets based on rules and has nothing to do with checking programs
that are generating those packets. It seems that author of this ZDnet
article had not a clue about what a firewall is or how it works and that is
how the public gets mislead, poor journalism. Basically this article had
nothing to do with firewalls.
He is a example of using the Author's logic:
I have a lock(firewall) on my door that requires a key(firewall rules) to go
in both directions. I leave my keys laying around the house when I am home
because I feel secure. Someone gets in a window(trojan) of the house and
uses that key to exit the front door. According to Scott Berinato this
lock(firewall) is broke because it allowed someone other then me to exit. Is
it the locks job to check who is using the key? That is exactly what Scott
Berinato is saying in this article.
Jeff Deitz
Senior Systems Architect
Vision Service Plan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
