Friday, November 16, 2007


Got to thinking about stealth recently.

No, not because I've been hiding for a couple of weeks.

Okay, I haven't been hiding. I've been busy. With work.

I made the decision when I started this little blog to not blog about work. And that wasn't a problem.

Oh, occasionally, I'd mention the Evil Corporation where I work. Not that it's really evil. But it is a large corporation. And, to hear some folks talk, all large corporations are evil corporations. Therefore, when I' mentioned the place I work, I'd mention the Evil Corporation.

I like where I work. It's, well, I don't know if "fun" is the right word, but I enjoy what I do. And the folks I work with.

But, I'm not going to blog about work. I don't blog at work. And I don't blog about work. Blog and work are separate.

So, why do I spend all this time talking about what I'm not going to talk about.

Well, if I didn't blog about work, I wouldn't have a whole lot to blog about right now.

And that explains why I haven't blogged about much lately. I haven't been in stealth mode. Not on purpose, anyway.

Tonight, though, I ran across something else about stealth.

It's my MacBook.

Or, actually, it's the wireless router.

It began when I found about about Apple's update to Leopard.

Now, being a PC Guy since, well, a quarter of a century, I'm not used to operating systems known as things like "Tiger" or "Leopard."

MS-DOS 2.11.

Now, that's a name for an operating system.

It was the first PC operating system I had.

Oh, I had a Tandy Color Computer running OS 9 before that. But, when I moved onto a "mainstream" platform, it was DOS 2.11.

And Windows 2.03.

That was the first edition of Windows I used.

So, calling an operating system "Leopard" takes some getting used to.

If you're still PC Guy, it's Mac OS X 10.5.1

But they call it "Leopard."

Same thing.

Anyway, Apple released an update to OS X 10.5 on Wednesday. But I didn't know about it, until I got an email from ZD Net talking about it.

I have the MacBook set to check for updates weekly. So, it would have caught the update in the next 5 days ... or sooner.

But, I forced an update check today. And it got it.

After reboot, I checked out the main thing ZD Net was talking about -- the firewall.

I made sure it was in stealth mode, then did something I hadn't done in a while.

I went to Gibson Research and checked out Shields Up!

And was I ever shocked to find out I failed.

Was the firewall screwed up?

No, it turns out the firewall is fine. Or at least, I think it's fine.

But a couple weeks ago, I got a new router: The Apple AirPort Extreme.

Powerful little thing. Great signal all over the house. Like it.

But, as it turns out, it's not stealthy.

The old Motorola router that cost half what the AirPort cost was stealthy.

Used to be able to go to GRC, run Shields Up!, and get a "passed" report. That meant all ports were in stealth mode.

If you're not familiar with that, it might help to know that the Internet is a bunch of computers communicating with each other. But you knew that.

When it was put together, it assumed that all machines talking to all other machines was a good thing.

They forgot one little thing: people would be using those machines.

And some people are mean people. That's why we have to be on our guard against thieves, spammers, hackers, and Democrats.

Anyhow, because some people are like some people are, we don't want our computers to always respond positively to all other computers.

Because, if they did, bad people could put bad things on your computer. And we don't want that.

One way of stopping it is to not let computers respond to all requests.

And, there are a couple of ways to do that.

One is with a software firewall. Microsoft includes a simple software firewall with Windows. And other companies sell more powerful ones. And Apple includes a firewall with OS X. Including an update in OS X 10.5.1.

The other way is with a hardware firewall. And many routers, including my old Motorola router, as well as my older Netgear one, have built-in firewalls.

But Apple's AirPort Extreme router doesn't operating in stealth mode.

Tonight, researching it, I ran across a post at the Houston Chronicle from back in May talking about the previous version of the AirPort Extreme. And they take a classical "on the fence" position.

And, I admit, I see both sides of it.

But, they bring up the same thing that concerns me.

Which is, how big a deal is it if an address -- and your computer on the Internet does have an address -- rejects a request to a port, as opposed to not responding at all.

Here's one way to look at it.

A kidnapper walks up to a house and asks, "Can I come in?"

Now, the kidnapper doesn't want to visit. He wants to kidnap someone. He's a kidnapper. But he's acting all nice and polite and asking to come in.

Now, if he walks up to two houses. One blue and one green.

He asks each house, "Can I come in?"

From the blue house, he gets no response. From the green house, he hears a voice say, "No, you can't come in."

Now, tell me, which house is he more likely to keep trying to enter?

I think he'll keep trying the green house. He knows there is someone there.

And, to me, that's the difference in a firewall responding with a refusal or just not responding at all.

And the not responding? That's "stealth" mode.

That's what I'd prefer.

But, Apple says it's okay.

Me? I'm not so sure. I think I'd rather be stealthy on the Internet. And not by going two weeks between blog posts.

No comments:

Post a Comment

Please choose a Profile in "Comment as" or sign your name to Anonymous comments. Comment policy