3:50 PM -- Why do all of the firewalls that ship with operating systems suck? OS makers have tried -- well, at least Apple tried, and Linux succeeded. Microsoft's attempt in Windows XP was weak and one-sided, but it made a huge impact on network service-based exploits because Service Pack 2 turned on the firewall by default.
With BSD at the core of Mac OS X, you'd think it would be a no-brainer for Apple to use ipfw as the firewall. Why did Apple switch with Leopard? Why not just offer something that monitors network activity and modify ipfw rules as appropriate? Instead, Apple chose to use socketfilterfw. Thankfully, ipfw is still there for us diehards that want more control. There's a good post over at Securosis -- make sure to read the comments.
There are several third-party firewalls available for Windows, but I've been hearing less and less about them lately. Why is that? Are people settling with what is included with Windows, or are they going with newer version of antivirus solutions that bundle in everything? There is definitely a trend toward all-in-one endpoint security solutions -- antivirus vendors are pushing these to consumers with subscription fees.
What about solutions for Mac OS X? I mentioned last week in my blog about Leopard that WaterRoof still works with Leopard and can be used to configure ipfw if you don't want to use the new application-aware firewall, which sometimes makes bad decisions for you. For something more full-featured, check out Little Snitch. I'd heard about it before, but since it was just updated to fully support Leopard, I decided to try it out.
Wow! Little Snitch is hot! It has an attractive, easy-to-use interface and the dialogs are intuitive. I may find myself recommending this to everyone from the executive assistants in your enterprise to the security professionals who want to take back control.
The Network Monitor feature is really nice for those of us that just have to know what is going on at all times. Sure, MenuMeters is good for monitoring transfer rates, but Little Snitch's Network Monitor tells you what application is talking to the network, what host it is communicating with, and measures inbound and outbound traffic.
What are you doing for personal firewalls? Do the built-in solutions work for you? Post me a message via the link on this blog.
John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading