12 Jul
2012
12 Jul
'12
2:31 a.m.
Russell Coker wrote:
The problem is that in most cases firewalls don't do much good. If a firewall is deny by default then it gets in the way every time the user installs a new Bittorrent program that uses different ports
That's a *feature*.
and is likely to get turned off.
The user is broken. Swap in a new one.
Really the best thing is for applications to not listen for external connections unless explicitely configured to do so.
IMO both are desirable, and orthogonal to one another. Programs shouldn't listen until instructed to do so, but operating a default deny firewall is a defense-in-depth safety net to protect you when a program *does* listen by default.