Linked by Thom Holwerda on Wed 18th Feb 2009 23:28 UTC

Thread beginning with comment 349727
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Firewalls work both ways!
by PlatformAgnostic on Thu 19th Feb 2009 09:33
in reply to "Firewalls work both ways!"
RE: Firewalls work both ways!
by UglyKidBill on Thu 19th Feb 2009 11:28
in reply to "Firewalls work both ways!"
Wait... you mean the OS is designed to allow an external application -alledgedly launched by an admin- to tinker with the firewall settings without giving explicit notice that such thing is happening??
I am not being sarcastic, I am truly shocked by the logic behind that! o_O
I hope at least third party firewalls won´t be as fragile as that :S
RE[2]: Firewalls work both ways!
by dagw on Thu 19th Feb 2009 11:37
in reply to "RE: Firewalls work both ways!"
you mean the OS is designed to allow an external application -alledgedly launched by an admin- to tinker with the firewall settings without giving explicit notice that such thing is happening??
If I write an app that changes the firewall settings in Linux or BSD and you run that app with root privileges, then your firewall settings will be changed without you getting any explicit warning from your firewall software (assuming you don't have SELinux or something similar installed). This is no different.
RE: Firewalls work both ways!
by grat on Thu 19th Feb 2009 12:50
in reply to "Firewalls work both ways!"
RE[2]: Firewalls work both ways!
by UglyKidBill on Thu 19th Feb 2009 13:16
in reply to "RE: Firewalls work both ways!"
RE: Firewalls work both ways!
by MadRat on Fri 20th Feb 2009 03:31
in reply to "Firewalls work both ways!"
Member since:
2009-02-19
The statement by the slashdot user (reproduced in the article) that a firewall only protects you from outside threats is nonsense - it assumes that a firewall cannot protect against an installed application because the application can simply make an exception for itself in the firewall settings. This is not true - on most operating systems, an admin or super-user password is required to allow this, and even when the user is logged in as a administrator (and you wouldn't do that for your day-to-day work, would you?) a prompt would still be displayed by any modern OS.
An application whose installer requires you to give your admin password can, of course, make a hole in the firewall for itself, but it is very different from a covert malicious application.