Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: January 15 is Personal Firewall Day, help the cause

From: "Mike Shaw" <mike () shawnuff net>
Date: Thu, 15 Jan 2004 13:08:35 -0800
On Thu, 15 Jan 2004 09:28:39 -0800 Ron DuFresne <dufresne () winternet com>
wrote:


There have been alot of 'complaints' or FUD replies concerneing the
efforts for personal firewall day, 1/15/04, yet not a single, "this
would
work much better" replies or offerings.  do  any of the unsuporteres
have
something better to offer that is;


Okay, here's the deal.

a)  If this is truly an 'education' effort and not a security software
pushing effort, it's an extremely poorly named one.  The average uneducated
user is going to look at this and say "huh?"..and I don't mean the "let's
find out more about this" huh...I mean "this makes no sense and I don't
even begin to understand firewall and I'm moving on to the next easy
thing to grasp" huh.

"Safe computing" day or something else warm and fuzzy would have been
far better.

b)  If the name simply must be something technical, then personal firewalls
are probably the 3rd most valuable thing to push.  Patching and AV are
waaay ahead.  I would say anti-spyware is probably even more important
to the average Windows user than a personal firewall.

Personal firewalls are also far too complex for the average user to be
good as an 'on message' movement.  If they can understand that stuff,
 they already understand patching, AV, and clicking "no" when prompted
to install malware.

c)  When you center an education effort around a niche product whose
very existence depends on the very security holes that cause the problem...don't
expect to garner much support.  The marketing behind these products has
far more sinister potential than that of $150/hour security consultants.

So to wrap up...IMHO, if this had been "safe computing day"--focusing
on patching, AV, and possibly anti-spyware, it would have gotten far
far more positive reaction.  Leave the personal firewalls out--not nearly
enough bang for the buck.

Now...not to be fatalist, but while this effort is well intentioned,
the bottom line is the population in general toast until the primary
players fix their code and defaults.  There are millions of unsafe PC's
out there manned by non-experts, and there are a handfull of key software
companies manned by plenty of experts.  Where should the primary effort
be?

-Mike




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: