from slashdot.com and Flexbeta.com

Though Microsoft is doing their part in protecting Windows users from internet attacks by including a firewall in their latest service pack, one has to wonder just how secure is the Windows Firewall from XP Service Pack 2? Not too good according to Flexbeta (http://www.flexbeta.net/main/articles.php?action=show&id=76). Their recommendation is to turn off Windows Firewall and get an alternative such as ZoneAlarm or Sygate PF. Simply the fact that Windows Firewall can be turned off by another application is enough to tell me Microsoft has goofed again." PCWorld (http://www.pcworld.com/news/article/0,aid,117380,00.asp) also has a story about the new firewall capability.

I figured some Mac users would get a kick out of this. I love how Microsoft still cant get the firewall/security thing right, while apple did it right a while ago! :p

from slashdot.com and Flexbeta.com



I figured some Mac users would get a kick out of this. I love how Microsoft still cant get the firewall/security thing right, while apple did it right a while ago! :p

Actually Apples Firewall is based on ipfw.... Which noone who had any sense would use either... It is a buggy implementation that has been dropped from most unix/linux except for open bsd distributions due to its numerous weaknesses.

Just for fun enable it then run a port scanner against your MAC...
You will be suprised by the ports left open

GIVEN A CHOICE.... I would prefer IPTABLES to ipfw

THAT being said I do agree anything would still be better than Microsoft Xtra Patches POS security

Actually Apples Firewall is based on ipfw.... Which noone who had any sense would use either... It is a buggy implementation that has been dropped from most unix/linux except for open bsd distributions due to its numerous weaknesses.

Just for fun enable it then run a port scanner against your MAC...
You will be suprised by the ports left open

GIVEN A CHOICE.... I would prefer IPTABLES to ipfw

THAT being said I do agree anything would still be better than Microsoft Xtra Patches POS security

I did a port checker a while back and i got a green report, there were only a few ports open and apparently they were ok. I am safe according to it. I can't remember where I checked it but i remember my mac had far fewer ports open than my pc! according to the tester my XP machine was wide open!

Hey now, ipfw isn't bad at all..

What IS bad is Apple's GUI control for it. It's completely worthless. Completely.

What IS bad is that MS has an enormous budget and can only manage to make half (if that) of their products worth using

I can't wait for SP2 to get smashed by the next virus. And then Microsoft says, "Don't worry, we'll fix it!" And all the lemmings, errr people, say "Ok, sounds good." And continue to take it up the...

What IS bad is that MS has an enormous budget and can only manage to make half (if that) of their products worth using


How True...

The real problem with Windows is I.E.
When MICROSOFT.... decided in their infinite wisdom to intergrate I.E. into their O.S. they made a terrible mistake....

It was and is an terribly hole ridden sucurity nightmare...And since it cant be removed from the OS Windows security will always suffer

Hey now, ipfw isn't bad at all..

What IS bad is Apple's GUI control for it. It's completely worthless. Completely.

You will get no argument from me on Apples worthless gui tools for ipfw, nfs, web services, dns, etc.....
They are all terrible at best....

But then again... I never configure those types of items from a gui tool anyway...

I can't wait for SP2 to get smashed by the next virus. And then Microsoft says, "Don't worry, we'll fix it!" And all the lemmings, errr people, say "Ok, sounds good." And continue to take it up the...

Na dont blame the Windows lemmings... er users...
They live in the monopoly world of Microsoft.....
And until vertical market business apps start showing up in sufficent numbers on the MAC and or Linux.... We will all be stuck with Windows...

I never configure those types of items from a gui tool anyway...

Nor do I, but using the CLI or reading man pages can be daunting to someone who knows nothing about UNIX or using command line apps. Certainly the GUI control for ipfw is there for them, but it's so mind bogglingly worthless. It's such an afterthought. I couldn't believe they didn't fix it in Panther.

You will get no argument from me on Apples worthless gui tools for ipfw, nfs, web services, dns, etc.....
They are all terrible at best....

If you take a look at OS X Server, Apple does have good GUIs for those. In OS X, there are many third party apps that provide you with "advanced" GUI control for them as well. Apple just figures (correctly) that a normal user has no idea what nfs or dns is.

If you take a look at OS X Server, Apple does have good GUIs for those. In OS X, there are many third party apps that provide you with "advanced" GUI control for them as well. Apple just figures (correctly) that a normal user has no idea what nfs or dns is.

I disagree... I have extensively used OSX server...
And as a matter of fact I work on the largest OSX server installation in the world... And the server tools for those utilities are not very good...

Now I do think server monitor is usefull. and Server admin to a lesser degree ... but opinions are opinions... I have mine you have yours

I disagree... I have extensively used OSX server...
And as a matter of fact I work on the largest OSX server installation in the world... And the server tools for those utilities are not very good...

Now I do think server monitor is usefull. and Server admin to a lesser degree ... but opinions are opinions... I have mine you have yours

And where is "the largest OS X Server installation in the world"? I've never heard any site make that claim - no big universities, no big businesses, no-one.

Are you comparing Apple's GUI server admin tools to other OS-bundled apps, such as Windows' or something else?

It is a buggy implementation that has been dropped from most unix/linux except for open bsd distributions due to its numerous weaknesses.

if you're referring to openBSD, their new firewall has been designed from scratch and seems to be a nifty tool...

controlling pf from the cli (http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8&arch=i386&apropos=0&manpath=OpenBSD+Current)

pf's man page (http://www.openbsd.org/cgi-bin/man.cgi?query=pf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)