Microsoft’s OneCare firewall draws fire
The firewall component in Microsoft’s Windows OneCare security bundle has holes, experts have warned.
The firewall allows anyone application that uses java vurtial machine or has a digital signature to connect to the net. What is going on here I ask you should the Firewall be not allowing the programs out and also where does it ask you to let you choose what you want to do with the programs. Security at microsoft has taken a back seat to getting programs out and being the first one out on the market with the latest and greatest software. After they just got the award for windows xp sp2 for security and now this happens. Foundstone, a part of McAfee said this about the new software.
“Any firewall, any security device should have a default deny,” Curphey said in an interview Tuesday. “Any door should always be closed.” He has made a good point this reader was already picked up on. when going to the Microsoft blog posting this is what was said about the problem.
“It is highly unusual for malware to be signed,” according to the Microsoft blog posting. Furthermore, if an application is signed, it can be traced to its author, it said.
Blocking Java would result in many applications being disabled, Microsoft, the posting added. And asking users to allow applications to pass through each time they are invoked would be too confusing. If a malicious program that uses the Java Virtual Machine does land on a user’s PC, the antivirus component of OneCare should catch it, the OneCare team wrote.
Oh Really Unusual for malware to be sigined? Not so said Spyware expert Ben Edelman.
It is really easy to get the the Signatures for the software on the Internet.
Asking users to allow applications to pass through each time they are invoked would be too confusing.
To confusing what do the mean? That is what in the old days of Zone Alarm, Black Ice Defender and Kerio and Norton Internet Security and Sygate did. That is what you want you do not want the computer running software that does things for you. Like I have said people are becomming lazy when it comes to security. The Fast food people want to get it done with out having to play with anything. Man what is going on? Do you want your computer doing that and letting people go in and out with out your knolege. Do you need people like China and Forgen goverments trying to connect to your computer and looking at what you are doing. Also what about microsoft who keeps records for what you are doing at it headquarters in redmand. Come on Miucrosoft wake up and let people have some choice of what goes on on the computer instade of controlling what can not be deleted on the computer and how healthy the computer is. When will you learn over their like the Linux people have and make software that works the first time out of the box and not have security issues.
We in this world have security software to keep us safe form what out selfs or from others who are trying to get in?
In short Microsoft needs to get with the program and fine tune security or get out of the game.
Links to the Article are below and the software will be here in MAY if you want to get it.
