[60574] in North American Network Operators' Group
Re: Microsoft to ship new versions with firewall enabled
daemon@ATHENA.MIT.EDU (Edward Lewis)
Thu Aug 14 11:29:54 2003
In-Reply-To: <sf3b4b51.097@efirstbank.com>
Date: Thu, 14 Aug 2003 11:25:35 -0400
To: "John Neiberger" <john.neiberger@efirstbank.com>
From: Edward Lewis <edlewis@arin.net>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
>[Veering further off-topic]
>
>Hmm...I didn't even know XP had a built-in firewall. Any bets on how
>long it is before other companies with software firewall products bring
>suit against Microsoft for bundling a firewall in the OS?
Along the vein of "I dislike Microsoft, but let's get over it" - when
some Linux started out with, what, ipchains/ip-something to protect
it from network vulnerabilities, it took our little lab's folks some
time to remember to punch holes in it for DNS, SSH, etc. each time we
set a new one up. Ah, live and learn.
The legacy of shipping machines open to attack predates Microsoft, it
isn't "their fault(tm)". This issue was raised in at least as far
back as "The Cuckoo's Egg" (since I've met folks that don't remember
it, by Clifford Stoll - very entertaining tale of an
astronomer-turned-SA tracking a hacker). In the epilogue, he
mentions the Morris worm, so we're talking about incidents in '87 or
so. (The Morris thing was what, Nov 2, 1988? Give or take a week.)
I highly recommend that book as part suspense novel and part security
tutorial.
Every time a vendor/open-sourcer decides to stop shipping with
security down, there's a learning curve forced on the buyers. But
that's why we get paid to work in air conditioned offices in the
summer. ;)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
Sponge Bob Square Pants? I'm still trying to figure out the Macarena.
