本文发表在 rolia.net/zh 相约加拿大网上社区枫下论坛
But don't get me wrong, they are still useful.
Trojan horses cannot be implanted by merely connecting to a TCP/UDP port. For that to work, you have to have a service listening on that port, and that service is having security problems (most notably buffer overflows) that can give remote attacker root (administrator) access. After the attacker gaining root access, they can do whatever they want including implanting a trojan horse.
The warnings from those personal firewalls are most likely happened when someone trying to connect to a well known trojan TCP/UDP port. That means, if you have a trojan planted, and you don't have a firewall to block that port, the attacker can gain control of your machine through the trojan. For example, netbus (a well known back oriffice like trojan) is listening on TCP/12345. When someone is trying to connect to that port on your machine, your Norton firewall will probably put out a warning saying that you are being attacked by netbus trojan. But the fact is, you might not have netbus on your machine listening on TCP/12345.
In unix world, you can control precisely which port(s) to open. But that's not the case with windows. Windows has to open certain ports in order for it to function normally. That's why you need those personal firewalls to block those ports on the Internet side. If you want to share something through some services (HTTP, FTP), make sure to configure you firewall to allow connections only to those ports (eg., TCP/80) and the services are updated with the latest security patches. IIS is notoriously insecure from the default install, and very few ftp servers don't have security problems.
更多精彩文章及讨论，请光临枫下论坛. 网址: rolia.net/zh