Re: System Restore Keeping Only One Restore Point

Kayman wrote:

http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

Tripe written by an ex-Microsoft puppet who was in charge of security when the Microsoft firewall was designed. Of course he wouldn't admit that his brain child lacked useful features so in true Microsoft fashion he insisted that he was right and that he knew what was best for the customers, but that isn't new at Microsoft where it's corporate culture to tell the customers to shut up because Microsoft knows what is best for everybody. Of course, the chief of security in charge of designing the firewall that lacked features wanted by the customers had to educate the customers by telling them that they were dumb to ask for outbound filtering and the way to prove his point was to embark on a mission to discredit all firewalls except his beloved creation. To paraphrase one MVP: "In its firewall Microsoft designed a shirt with no sleeves and when the customers told Microsoft they wanted sleeves Microsoft embarked on a mission to convince customers they didn't want or need sleeves."

Meanwhile, customers who knew that egress filtering was not necessarily meant to strictly or only be a security measure against malware were left a bit bemused by this new mantra at Microsoft. Customers who understood the importance of data protection and who understood the benefits of controlling which applications should be permitted to send traffic outside the network were told not to concern themselves with the security of their data, Microsoft had it all under control, there was no need at all to know which applications were sending data outside the network and there was even less need to stop any applications from sending data outside the network. Of course this suited Microsoft the most, without anyone knowing what was going on Microsoft could ensure that they could have more of their brain children like WGA, Media Player, DRM and what not spy on the customers and send data to outside entities without anyone knowing what was going on, or at least without anyone without egress detection knowing what was going on.

Although egress filtering should be applied at the perimeter of the network by way of routers and firewall appliances, detection and filtering applications at a software (personal) firewall can nonetheless be a very useful tool and a very useful part of your network or computer security. Those who know better and who know the place and importance of egress detection and egress filtering take appropriate measures to protect their data and their networks, the others, knowingly or not, listen to and propagate tripe from Microsoft and its puppets. No network administrator worth his salt would neglect the security risks posed by egress traffic, SOHO and home computer users would be well advised to do the same.

Egress Filtering FAQ
http://www.sans.org/reading_room/whitepapers/firewalls/1059.php

Firewall Best Practices - Egress Traffic Filtering
http://hhi.corecom.com/egresstrafficfiltering.htm

Vincent
.

Relevant Pages

  • Re: [Full-Disclosure] New MyDoom exploiting IFRAME
    ... I never had strong feelings about Microsoft; I took their side on several ... customers - and yet, they fail to act. ... security response capabilities are *very* inadequate at best - they should ...
    (Full-Disclosure)
  • Re: System Restore Keeping Only One Restore Point
    ... but I am not a security expert and never claimed to be ... firewall isn't a good firewall you also misunderstood my view of the ... customers have asked Microsoft for a method, ... Not all customers want all of their applications to be ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Active Directory design
    ... The only group policy settings I am ... Security and Distribution groups for each dept within their ... my customers. ... Microsoft MVP - Directory Services ...
    (microsoft.public.win2000.active_directory)
  • Re: Update: Microsoft Security Bulletin MS02-050
    ... When we get the email from Microsoft Security Reponse Communications, ... We digitally sign all security bulletins. ... To help customers, for each issue, we will now create a less ...
    (microsoft.public.security)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)