What's your reaction on this... bout outbound?

Am using Astaro 6.0 myself! And find it to be an excellent firewall! Using proxies for HTTP/HTTPS/DNS/POP3 & SMTP with integrated AV/spyware engines.. No outbound app filtering here. From a network 'point of view' this would be over-kill, especially if half your machines are a unix platform...I agree with Blue on that this some how 'touchy' subject here in the forum. And I guess I am one of those guys who have been posting here for some time and who do AV/AT scans... That is part of it, the other part is your surfing habbits, what activities you engage in, ect... Not to put down App filtering, but too many people are brain washed into thinking it is a protect all, secure all solution. Which it isn't.. I know it could be argued that it is better than 'No' outbound protection, but that is the hype that is posted all over this forum. IE: 'I would feel naked without it!' There are other ways to monitor your applications/services than with an app filtering firewall...

Regards
Jazzie

 

Infinity while I'm not saying you are wrong in wanting outbound protection, and i would guess most people here have it (plus a heck of a lot more stuff)it's surprising that you aren't aware of the arguments raised by myself, Blue and others about this issue.

It's a fully valid and legimate position held as i said by many informed people, and not something I argued just to play devil's advocate.

Hmm, Blue and SSk have already answered and I don't think I can improve on their answers. Still let me try.

Your question is pretty loaded. since there is definitely a point if you look hard enough.For example you just want control. So you just want to be as armored as possible and are willing to pay any price, even if the gain is small.

Security wise, as Blue says it's not as important relatively speaking because it's too "downstream" (very good word) with regards to threat mitigiation.

I'm not saying security wise it's useless, as there are definitely some cases where it might help , partcularly if supplemented by extremely tight system , OS control (you know the stuff i'm talking about right?).

But that isn't really an option for 'normal users' (too difficult to use, too painful to use etc) , and in any case, in such setups most of the work is done not by the outbound firewall anyway.

On other hand, most posters on this forum are willing to go the extra mile to be extra safe With process/directory/registry control layers. Once that is in place, outbound control starts to make some sense.

Without such layers in place any malware that starts running can do a dance all over your system, do you really care then if it 'phones home' as part of it's routine if you don't catch all the rest?

Let me quote from the well known security focus article "Software Firewalls: Made of Straw?", which shows how much you must control at least before it's worth using outbound control.

Okay say you have a firewall that handles all these issues, maybe ZA pro and Outpost Pro (hello Paranoid2k!) come closest , and you build this "system/OC firewall structure" which comes at a high cost of user complexity. Is the cure worse than the disease?

And in the end, what exactly is saving your butt? The OS system control or is it your outbound control?