- Jul 5, 2013
- 12,306 (4.39/day)
|Processor||Rockchip RK-3288 1.8ghz quad core|
|Video Card(s)||Mali T764|
|Storage||16GB Samsung NAND|
This statement implies you might misunderstand how a firewall works. If you can't access the kernel, any vulnerabilities are a moot point.Unless, of course, a kernel vulnerability is found at the networking level where it takes no interaction from the user to be exploited.
Oh, that is very well remembered. While it was a bit more complicated than that, you summed it up well. That problem is what started my interest in firewalls. Started using one shortly there after. Tiny Personal Firewall was a good one until Kerio Personal Firewall arrived.Some of you may not be old enough to remember the dark old days of Windows 9x in which there was a TCP/IP stack vulnerability that could be triggered with a malformed packet which would cause the system to instantly crash.
That is incorrect. Most routers have packet inspection built into their firewalls. Additionally, I have yet to find a software firewall that does not also include said feature.Now, this could be mitigated but would have to be mitigated at the router level before it even hits your Windows 7 system with the use of a full stateful packet inspection in which all packets that come in are analyzed for content and source.
Yes, they do.Unfortunately, most home routers don't do this
All competent firewalls close ports that are not in use, stealth them and will reject packets for ports that are not open. Additionally, most firewalls will reject packets not expected by the system, IE unsolicited packets.Incoming port 2354 is sent to the machine with an internal IP of 192.168.1.68 on the same port, there's no source check so if a bad guy were to be able to know exactly when to strike, they could sneak in a packet to that port and it would slip through and hit your internal system and the router would just be happy to pass it.
If you are not using a firewall(the one built into Windows itself does not count), that would be true.So with that being said, if a kernel vulnerability was found and the TCP/IP stack is at risk you could, in theory, be vulnerable no matter what you do if you continue to stay on Windows 7.