RE: [OFFTOPIC] Zone Alarm

["JT" <ptourvi1 () twcny rr com>]

Hey, I totally agree that some security is better than none at all. But I
also have yet to have a problem getting a person to get a router....if they
have an issue, then by all means, I'd rather go PFW than nothing at all.
Apparently YOU would have us believe a user would GO TO BEST BUY vs just
ordering it online! You create difficulties that do not really exist in
order to support your argument. How many people have a BEST BUY near them??!
No, they'd "order" it the same way they "order" ZA, by clicking some links
and providing some info. After that, the setup is easier, please show me
where ZA comes with a huge fold out diagram with pictures on it showing
where to plug the 3 whole cables and be done with it except for a possible
update here and there. Either way, I don't think anyone is saying to go with
NO security vs. some. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Shawn McMahon
Sent: Thursday, June 05, 2003 11:39 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] [OFFTOPIC] Zone Alarm


On Thu, Jun 05, 2003 at 11:13:04AM -0400, JT said:
> This is a lame basis for your argument. You provide 2 vulnerabilities that
> are old. Everything has vulnerabilities, I will not waste my time search
ZA

It wasn't a basis for my argument.  It was a specific answer to a
specific assertion, which was that nobody here has had to flash upgrade
a router in the last few years.  Vulnerabilities that affect both of the
major home router vendors, that have occured in the last few years, and
that require a flash upgrade to fix, are perfectly reasonable responses
to that.  In summary, read the entire thread, or go play somewhere else.

> for the most part. Which is easier? Right, the router is easier because
they
> just plug it in and go. You would have us believe that these "inept" users
> WITHOUT ANY computer person are going to be smart enough to FIND zone
alarm,
> INSTALL it, CONFIGURE it, and then decide each time anything wants to hit
> the net. Please, spend 30 more seconds and show me some CURRENT
> vulnerabilities. 

And you would have us believe that if offered a choice between "go to
this link, download it, and install it" and "go to Best Buy and spend
money, then hook up cables", every single user in the entire world will
choose the latter.  This naive beyond belief, even if you don't count
the people for whom the purchase option will take weeks even if they had
the money.  Most Windows users know how to install a program.
Many (and I'm not by any stretch of the imagination saying all)
are afraid of hardware, and many (ditto) will view the tradeoff of
$40 for security as worthless.  Are you going to write all x-hundred
million of them personal emails talking them into it?

There are people on the Internet for whom their PC represents a year's
labor, and a new router represents months.  Telling those people not to
bother with any security is ridiculous.

Nobody is saying that software firewalls are inherently superior to
dedicated firewalls in all circumstances, or even most circumstances.
But security that isn't used isn't security.  If the choice is between
doing nothing or downloading a program, and I assure you that in many
cases it will be that choice, I'd rather they download the program
and have SOME security, which means some resistance to being 0wnz0r3d
and causing ME a problem despite my security.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html