Well I understand what your saying, if nothing is listening why is the fact that the data is present bad? Well it's not. But you can't always say that about every type of traffic. So as a practice, it's a bad way to approach the problem.Originally posted by jpmkm
Since when is receiving data a problem? Do you also consider pings to be a problem? What about a traceroute? Those seem harmless enough. If the daemon isn't running and the port isn't open then what is that data going to do? Just hit your computer. Will it erode its way into your system? Maybe it knows the secret handshake to get the port to open itself to let the data in. What is so different between the data hitting a firewall and going nowhere and the data hitting your computer and going nowhere?
I'm not arguing against hardware firewalls. They are great and they make life easier on everyone. However, I have noticed that a lot of people are suffering from paranoia that results largely from firewalls like zonealarm. Just the other day my roommate was locking down his computer with zonealarm and managed to fuck it up so much that he could no longer even get an ip address from the dhcp server.
Well, yes. But why bother to let me machines see any of the traffic? I have already identified it as bad and unwanted so why let it clog up my network (relative term here, I'm not suggesting that my network is congested with messenger traffic, but it's out there none the less). Why mess with the services on 1, 5, 500 machines when you can fix it in one place?Is the problem simply the fact that someone is sending packets to your address?
That isn't true. Broadcast storms and DDOS are both types of traffic that isn't directly 'doing' anything, but both affect performance of the network.There is nothing inherently "bad" about packets travelling over a network. They are only bad when they hit your system and do something you don't want them to do.
Granted, but there is no exploit that messenger is using, it's "normal" traffic. So yes, keep the machine up to date, but what patch is out there to fix this issue? None. And you didn't asnwer my question about what if you want to use the service? How do you prevent messenger spam with the service enabled?The device should not function as a catchall so that you do not have to maintain proper security on the computers themselves.
While that is completely different from what we are talking about, that is a pretty good thing to do. Get that annoying piece of shit off there. If I fucking wanted to run msn messenger I would run it. I don't need a fucking email program to open it for me. When I used to use windows, removing msn messenger was one of the first things I did when I installed windows.
Read my second post, it's not all I'm recommending it for. I said it allows you to split the line for multiple machines, something many people would do, even if it's just to have a couple of friends over. I also said it's for port blocking, not just to get rid of messenger.I am arguing your suggestion to use a firewall to fix a problem that does not require a firewall.
No, because having a firewall is simple security. By recommending you turn off the service your ignoring a larger issue, the machine is not properly protected. It's thinking like that, that allows virii and worms to run rampant. It's that reason why if you connect a PC to some broadband connection you will get a worm within minutes, like you got at school. BTW I would get a firewall for you dorm room, esp. in a college, you people are the worstest at security.Maybe institutional or corporate networks need the service, but certainly not a single home user.
Well not really, they are on a network segment, and it can get congested. But I will admit, even if all this traffic is flowing on your private segment it's not going to flood or overload it. It's just a matter of practice, again security is a practice not a setting. Why have known bad traffic reach your machine? You don't, you block it.Again, for a single home user, this really does not apply since there is not an internal network to be congested.
That's a bad assumption, esp at the [H]. You can clog up a 100Mbps (haha, 100Mbps, some people have fibre in their home ) network with just a few machines if you are pushing the right data, but that doesn't mean you require a massive up-link to the Internet... Internal traffic doesn't necessarily relate to external traffic.If a user does have a network large enough to require segmenting, then he is not going to use some shitty little cable modem firewall.
So basically we agree. I have a pretty good grasp of security, I'm no guru, but I know you don't slap a firewall on and forget it.After all that, I still do recommend users to use a firewall, but not simply to replace computer security.