Full Disclosure mailing list archives

RE: Flawed arguments (Was all that other crap about PFW day)

From: "Mike Shaw" <mike () shawnuff net>
Date: Fri, 16 Jan 2004 08:57:37 -0800

On Fri, 16 Jan 2004 07:33:29 -0800 "Schmehl, Paul L" <pauls () utdallas edu>
wrote:

The previous poster complains that PFWs fool people into thinking
that
they are more secure.  Several other posters have cited the fact
that
most *nixes now come with "the firewall enabled", which obviously
means
they think that makes *nix more secure.  So, they believe, simply
by
having iptables (or whatever) enabled, they are more secure.


I'll have straw men for $800, Alex.

Seriously, I don't think that it's fair to amalgamate the posts of several
people and then condense the unrelated parts as a weak target.

I think what people are saying about the iptables stuff is that many
of these OS' come out of the box with a)unneeded services disabled and
b)a rule enforcement mechanism to minimize the risk of abuse.  I don't
know that this assertion is actually *true* or not (I do know that OS
X seems to do a pretty good job at this) but what ever the case it's
quite different than the situation with Windows, so your parallels aren't
really accurate.

As I said before, user edumuhcation is great...but educating them to
use a bolt-on-after-the-fact personal firewall is a bit misguided.  They're
kludgy and strange to administer for the average user, they gloss over
the preposterous out-of-box behavior of the OS, and they create financial
incentives for poor products.

And again, calling an education day "personal firewall day" and expecting
the message to make any sense to the masses is just plain silly.  It's
like the March of Dimes naming their whole effort "The coping with fetal
alchohol syndrome campaign".  It makes no sense in the broader realm
of education, ingnores vast tracts of far more effective information,
 and shouldn't the effort be to prevent that specific syndrome?

On the bright side, hopefully with some of the new MS service packs,
this distraction of 3rd party products will slowly dissipate. 

-Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Flawed arguments (Was all that other crap about PFW day) Schmehl, Paul L (Jan 16)
- RE: Flawed arguments (Was all that other crap about PFW day) Erik van Straten (Jan 16)
- <Possible follow-ups>
- RE: Flawed arguments (Was all that other crap about PFW day) Mike Shaw (Jan 16)
- RE: Flawed arguments (Was all that other crap about PFW day) Schmehl, Paul L (Jan 16)