RE: Time for a new FWTK?

["Marcus J. Ranum" <mjr () nfr net>]

Bret Watson wrote:
> Personally I don't think 'signature' analysis like RealSecure et al do is a
> viable long term solution - there becomes an upper limit on permutations
> that is economically unviable (did someone say virus detection - woops).

There are technical problems and non-technical problems. :)
Signature analysis is something that the virus scanners have
conditioned the consumer market to accept and understand.
People are comfortable with the concept, it does work, and
it works *predictably*. In other words, it demos well. :) If you
have the right signature and someone triggers it, then the
alarm beeps and the customer feels good. This is the same
reason people like virus scanning software! It is comprehensible.
People do not enjoy buying things that challenge their intellects
or preconceptions.

So, I'd predict that signature analysis systems (I call them
"Burglar Alarms" because they share similar simple properties)
are going to be a very popular product in the future. They will
become a market force like firewalls, because they share
similar properties of simplicity, comprehensibility, and predictability.

My guess is that they'll evolve into something else. At least I
hope they will!! The virus scanning software has had a huge
market run and shows no sign of petering out. It's possible that
it's such a successful market that none of the players in it will
do anything to risk disrupting it -- like trying to actually solve the
problem.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr