[snip]
I don't know what I'm trying to say here... I'm beginning to think that
the only truly safe system is one that can't be used (and thus can't be
abused). The only case where my example _might_ work, is when someone
knowledgable enough has already configured the machine correctly
(hardened the OS). But even then I have my doubts.
[snip]
I run a PFW, not windows, on this laptop, and I've run one on every
laptop we own, for years, and always found them to be of great benefit
and of little trouble. We take our laptops to many locations, to
compromised networks of new customers, we watch the port traffic inbound
to look for compromised machines, we also have clients with PFW
solutions on their portable devices, and not one of them has ever been
compromised.
I also know a lot of people using PFW solutions that have been
compromised by not knowing what to block/permit and unknowingly allowing
something they should have blocked. I have not seen any websites take
over a protected computer, not seen any probes take over a computer,
I've only seen users download/install something that has poked a hole or
disabled the PFW solutions - and in most cases the little start item
that flashes a warning about the PFW being disabled was enough to clue
them in.
So, while many people will state that a PFW is a risk, that windows
firewall is the only real solution, that all PFW are bad, the real world
shows that they do offer benefit, but, they don't offer more risk than
any other method (except to disable the computer), in most cases.
I will keep using my PFW on my laptop and all the company laptops and
all our clients laptops, as it give them an indication, which Windows
firewall doesn't even attempt to do.
