I’ve spent some time searching this question, but I have yet to find a satisfying answer. The majority of answers that I have seen state something along the lines of the following:

  1. “It’s just good security practice.”
  2. “You need it if you are running a server.”
  3. “You need it if you don’t trust the other devices on the network.”
  4. “You need it if you are not behind a NAT.”
  5. “You need it if you don’t trust the software running on your computer.”

The only answer that makes any sense to me is #5. #1 leaves a lot to be desired, as it advocates for doing something without thinking about why you’re doing it – it is essentially a non-answer. #2 is strange – why does it matter? If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded? #3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access. #4 feels like an extension of #3 – only, in this case, it is most likely a larger group that the device is exposed to. #5 is the only one that makes some sense; if you install a program that you do not trust (you don’t know how it works), you don’t want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device’s actions.

If anything, a firewall only seems to provide extra precautions against mistakes made by the user, rather than actively preventing bad actors from getting in. People seem to treat it as if it’s acting like the front door to a house, but this analogy doesn’t make much sense to me – without a house (a service listening on a port), what good is a door?

  • Kalcifer@sh.itjust.worksOP
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    put a fresh-install of MS-Windows on a machine, & connected it to the internet.

    What version of Windows? Connected how? Through a NAT, or was it through a DMZ connection, or netiher? Was Windows’ firewall enabled?

    It took SEVERAL MINUTES for it to be broken-into, & corrupted, botnetted.

    This is highly dependent on the setup, ofc. I can’t really comment without more knowledge of the experiment.

    haven’t done it in years: they’ll not pay-for good anti-virus

    Idk, nowadays, 3rd party anti-virus software on Windows doesn’t have too much user – Windows Defender is pretty dang good. If anything, a lot of them are borderline scams, or worse.

    get AIDS, then, & don’t use anti-AIDS drugs, & see how “healthy” you are, 2 years in.

    You don’t catch AIDS. HIV is the virus which causes AIDS to develop over time, if untreated. I’m not sure what you mean by anti-AIDS drugs. You could potentially be referring to anti-retroviral medication, or other related medication used to treat HIV, but, again that’s treating HIV to prevent the development of AIDS. You could also be referring to PrEP, but, once again, that is for protection against contracting the virus, not the collection of symptoms from a chronic HIV infection which is referred to as AIDS.

    Tarpit was a wonderful-looking invention

    This is interesting, I hadn’t heard of this!

    Linux’s netfilter/iptables

    Just a side note: iptables is deprecated – it has been succeeded by nftables.

    EDIT: “when do I need to wear a seatbelt?”

    is essentially the same category of question.

    Fair point!