Network
Security -or- “Don’t ask. You can always apologize later.”
.

Huh? I guess I misunderstood some fundamentals of security,
firewalls and trustworthy computing. Let me rephrase this
requirement: “If you want your server application to receive the
‘Designed for Windows XP’ logo, it should detect firewalls and
re-configure them automatically to allow inbound traffic. Do this
without any intervention by the user. Don’t care about network
security – your application won’t have any unsafe buffers, right?.
You really shouldn’t care about the user who maybe wouldn’t want
internet connectivity to your application because he doesn’t trust
your skills.”

Or as some kids would put it “Don’t ask. You can always
apologize later.”

I guess this requirement should be dropped immediately. Let’s
just assume we’ve never ever seen it, ok?
[Ingo Rammer’s
Weblog
]

To be fair, it doesn’t actually say what Ingo suggests it
does. My reading is that it says that manual configuration of NAT
port mappings are unwelcome by customers, and so they are. It
doesn’t say anywhere that you must go around opening up ports
without confirming that this is okay with the user. My mother
doesn’t know or care about TCP port mappings and she certainly
won’t be hand editing them. On the other hand, if she chooses to
run a piece of software that carries out some sort of network
connectivity, it’s probably fair to say she can choose to run it or
not.