OT: Re: The Morris worm to Nimda, how little we've learned or gained

[Roelof JT Jonkman <roel () SiliconDefense com>]

This is off-base for firewall-wizards, nevertheless here goes:

All,

Internet security constantly boils down to risk assessment.

Tying a machine to the Internet regardless of how well secured is a risk,
simply because IP is fundamentally not secure. It's just a matter of how
much risk you care to expose yourself to. In general people are terrible at
risk assessment when it comes to the Internet. (And propably dito in
other areas too, but that's aside.)

The other major issue is that security is almost inherently user unfriendly,
for your ordinary internet user security is an obstacle, hence people get
highly inventive about avoiding and working around these obstacles.
(avoid security, tunneling through chat/p2p network clients eg.)

Unless we as security professionals make security accessible for your average
user Internet Security will be a utopia. I believe that one of not so recent
developments of personal firewalls has helped considerably in making security
more accessible for an average Internet User. (I'm not quite sure, but is
Microsoft shipping a personal firewall integrated with the latest windows
incarnations?)

IMHO.

                roel

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards