[tor-talk] Open source firewall.

Patrick Schleizer adrelanos at riseup.net
Mon Jan 20 14:35:07 UTC 2014


TheMindwareGroup:
> Windows firewall is useless.

Citation required.

I guess Windows firewall does what it promises. You can have some
services reachable on lan, but not on wan. Which is the original purpose
of a firewall. You're probably looking for filtering outgoing traffic?
That is flawed concept. You can not reliably stop untrustworthy software
such as spyware, not to speak about malware from communicating over the
internet while having internet connected.

But before I reinvent the wheel demystifying the myth of outgoing
filtering, see this article, explains it quite well:
http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/

> Someone should write an open source firewall,

Someone should do it almost never works.

If not you, now, who and when?

> Such a piece of software would be a great security enhancement to Tor.

I don't think so. On Windows, Windows firewall is enough. Seems futile
to me to invest into a closed source operating system. If you cannot
trust the foundation and also can't improve it, why bother.

> Even just a small program to block all outgoing traffic to stop
> programs from accessing the internet directly (which would also stop
> virus's and Trojans).

It can't. See above.

> When I used it I was amazed to see how many IP address's get accessed
> without my knowledge, and how many other IPs that tried to access my
> computer (all strange port numbers probably virus, trojan programs).

That's how the internet works nowadays. Fetching loads of resources from
loads of different IPs. Some websites have more than twenty tracking
services running on them.

> The NSA must have a hell of a job cos they dont even know if any of
> these access's where even you or not.

They have teams of people working full time on this. They're not
manually looking at all these connections for everyone, they create
filters to get rid of the noise.

> Does anyone actually trust any of the commercial firewalls?

Does anyone actually trust closed source operating systems?

> And why would anyone pay for a large slow, piece of software that
> probably doesn't do a good job anyway and might have back doors?

>From my experience, most users have no interest in these things.
Sometimes also no time. And often thoughts such as "Who would be
interested to break into my computer?!?", "I have nothing to hide!".
Most don't know what a back door is. When someone asks, "What is
best Antivirus, what must I buy to make my computer secure?" I don't
even know where to begin. Starting with compartmentalization, threat
models and security concepts? Forget about it. They want to have a
certain service, namely computer security and are willing to pay for it.
Problem is, we're far away from computer security as click, install and
subscription service.

All the best,
Patrick


More information about the tor-talk mailing list