On Mon, Dec 20, 2004 at 12:26:31AM +0100, Florian Weimer wrote: > * Barney Wolff: > > > Perhaps, then, one should not be so quick to disparage software-based > > firewalls, resident on the computer itself. > > Yes, but it's only a real obstacle if the malware doesn't run with > SYSTEM privileges. If it's impossible for home users to work with > reduced privileges, a host-based filter is no good (unless it's a very > obscure brand which is not targeted by the malware 8-).
In general, home firewalls are better at preventing infection than containing it. That's true no matter where the firewall resides. > By the way, do you know if these "hardware firewalls" have a > management interface on a factory-default IP address? 192.168.0.1 admin/admin is a good bet. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
