Windows OneCare Firewall Hole

Get the WebProNews Newsletter:

[ Business]

News.com reports that the firewall in the Windows OneCare beta comes with blanket default rules for the Java Virtual Machine, creating a security hole that would be a major exploit point if OneCare were in wide use.

As is, its something that needs to be changed by the time the product goes gold.

Like any blanket security-bypass rule, these default settings are a bad idea, said Mark Curphey, vice president at vulnerability management specialist Foundstone, a part of McAfee.

“Any firewall, any security device should have a default deny,” Curphey said in an interview Tuesday. “Any door should always be closed.”

Note the company the “source” works for. Not to say he isn’t right, although my install of OneCare has no rules for the VM, as I don’t have one installed. Just that a reporter can find a better primary source than a VP at a competitor.

Nathan Weinberg writes the popular InsideGoogle blog, offering the latest news and insights about Google and search engines.

Visit the InsideGoogle blog.

Windows OneCare Firewall Hole
Comments Off on Windows OneCare Firewall Hole
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom