OK, I'm stupid. Explain to me again, WHY should the number of ports open be such a big deal? If these ports are each focussed at a relatively secure application then so what? I mean yes, there will be additional complexity and one more thing to go wrong, but is that really any different from any other patch or service tweak to any other protocol?

Additionally, if a browser is well structured, then why should another bit of functionality be a headache?

To use your logic, we should all restrict our firewalls to port 80 and use Lynx. And I suppose there will be issues at some high security places where this is a reasonable approach.

But gosh, why is this any different than IRC? or FTP? Did you object to those too?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11248/32107#32107