Reply to post: Re: the problem is Microshaft's design

Microsoft won't patch SMB flaw that only an idiot would expose

Roland6 Silver badge

Re: the problem is Microshaft's design

>The default state for ports should be disabled with the minimum possible exceptions in order to get the box up and running.

This was the default setting for secure third-party Windows firewalls such as Comodo and Outpost from the very beginning (ie. before 2005), but then they also blocked inbound and outbound traffic and performed stateful inspection, whereas the Windows firewall was only a simple outbound port blocker.

Also in the case of Outpost, SMB/NetBios traffic (if you enabled it) was limited by default to IANA defined private networks and specifically the subnet the host was attached to.

I would assume that this is also the case will all modern security suites...

>but why would HTTP be enabled by default?

On a system (not a firewall appliance), I would expect outbound HTTP to be enabled by default, given the extent to which browsers have become as essential to system setup and operation as TelNet and FTP were a few decades back.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019