Re: Another way to deal with hackers.
Posted: 05 Nov 2011, 21:15
In general, Windows runs too many services by default. Apparently, it would be a tragedy if users had to actually configure something in order to use it. Every service/daemon is a potential security problem. I don't think most Windows users intend to run a Samba service and share files with anyone. As if that wasn't enough, anonymous sessions are possible? Awesome! You really don't need a firewall for this though if you are behind a router, just don't forward these ports to your machine (this should be the default).
Comodo is so good its almost illegal? I smell marketing hype. Security tools can't really be illegal in the U.S. (and this is an American company) with one caveat: software that employs high-grade encryption may considered 'military grade' and hence be illegal to export to certain (hostile) nations (http://en.wikipedia.org/wiki/Export_of_ ... ted_States). Even crypto export restrictions are mostly a joke though because the algorithms are well-known...you can learn how RSA works on Wikipedia and make your own implementation even if you couldn't directly obtain such products due to export restrictions. To suggest that a firewall can work "too well" is absurd.
No, us GNU/Linux users don't have many of these problems because most distros don't run network-connection-accepting daemons in the default install. When we add daemons, it is done deliberately so there shouldn't be any surprise holes, they are configurable so you could improve security while providing a service by controlling aspects of how the service is provided, and the default configs tend to be tuned to higher security/lower usability so you have to manually open yourself up to greater risk.
Comodo is so good its almost illegal? I smell marketing hype. Security tools can't really be illegal in the U.S. (and this is an American company) with one caveat: software that employs high-grade encryption may considered 'military grade' and hence be illegal to export to certain (hostile) nations (http://en.wikipedia.org/wiki/Export_of_ ... ted_States). Even crypto export restrictions are mostly a joke though because the algorithms are well-known...you can learn how RSA works on Wikipedia and make your own implementation even if you couldn't directly obtain such products due to export restrictions. To suggest that a firewall can work "too well" is absurd.
No, us GNU/Linux users don't have many of these problems because most distros don't run network-connection-accepting daemons in the default install. When we add daemons, it is done deliberately so there shouldn't be any surprise holes, they are configurable so you could improve security while providing a service by controlling aspects of how the service is provided, and the default configs tend to be tuned to higher security/lower usability so you have to manually open yourself up to greater risk.