Name: APK 2009-03-01 14:49
I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.
----
1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file
(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)
In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!
E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!
&
2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section
(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!
Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.
----
QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?
See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx
AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...
(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)
APK
P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:
From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:
----
"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:
Windows Firewall that was first introduced in Service Pack 2
TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection
IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in
On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"
----
Lame reasoning imo!
I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).
AND
E.G.-> Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES (which because they work @ an unrelated level (drivers-wise), in the IP stack, makes it an actual advantage because it cannot be 'taken out' from a single point of attack (though, perhaps MS is saying a single point of control is the advantage in their method, it still lends itself to being taken down from a single place too by the same token - imo? A "catch-22" situation, quite possibly & MOST likely))?
I.E.-> It weakens the concept of "Layered Security"... especially vs. say, recent attacks on services like the RPC bug in the SERVER service, for example... no more firewall (or other layers like Port Filtering) in the way, once said software firewall is down (since it works on a diff. driver level than Port Filters do)!
P.S.S.=> Mr. Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) & I are currently in progress searching for the reasoning behind the removal of 0 as a valid IP blocking address in a HOSTS file, but even HE was unaware of WHY this was done... but, with any luck? We're going to find out - &, I'll let you all know, here, if the thread isn't dead by then... apk
----
1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file
(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)
In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!
E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!
&
2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section
(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!
Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.
----
QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?
See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx
AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...
(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)
APK
P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:
From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:
----
"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:
Windows Firewall that was first introduced in Service Pack 2
TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection
IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in
On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"
----
Lame reasoning imo!
I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).
AND
E.G.-> Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES (which because they work @ an unrelated level (drivers-wise), in the IP stack, makes it an actual advantage because it cannot be 'taken out' from a single point of attack (though, perhaps MS is saying a single point of control is the advantage in their method, it still lends itself to being taken down from a single place too by the same token - imo? A "catch-22" situation, quite possibly & MOST likely))?
I.E.-> It weakens the concept of "Layered Security"... especially vs. say, recent attacks on services like the RPC bug in the SERVER service, for example... no more firewall (or other layers like Port Filtering) in the way, once said software firewall is down (since it works on a diff. driver level than Port Filters do)!
P.S.S.=> Mr. Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) & I are currently in progress searching for the reasoning behind the removal of 0 as a valid IP blocking address in a HOSTS file, but even HE was unaware of WHY this was done... but, with any luck? We're going to find out - &, I'll let you all know, here, if the thread isn't dead by then... apk