Firewall Wizards mailing list archives

Re: Firewall Primitives

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 11 Nov 2002 17:34:54 -0500

Stephen P. Berry wrote:

As a result, customers, on the whole, get the security the dumbest customers
deserve.


I'm convinced - and scared - by your logic. I've also had a few
other private emails pounding on me for the "Customers get the
security they deserve" crack. So I'd formally like to recant. ;)
You (you know who you are) have all talked me out of it.

Basically, we're dealing with a problem that is on the order of
a public health issue. Imagine there's a sexually-transmitted
disease that can kill if you get it. But lots of people ignore
it because mitigation is a pain in the neck and the rest of the
people are ignorant. So maybe only a small percentage of the
population protects themself. Sooner or later, that percentage
gets it _anyhow_ because within a long enough time, everyone on
earth has it and, well, the few clueful people are still stuck
on earth. Now, there are fixes - but they are draconian and
involve trampling on people's "right" to be stupid. This is the
kind of thing I was talking about a few months ago: make it
illegal/impossible to run a PC with Windows that doesn't have
an antivirus program (a simple technical problem: make it part
of the O/S and boot process...) and mandate personal firewalls,
etc. Sure there are technical details I'm blowing over but you
could take a HUGE bite out of the problem by just making stupidity
no longer an option...  But I don't think I want to live in that
kind of world.

Anyhow - the relationship between customer requirements, what
vendors build, and what customers buy has always fascinated
me. Depending on which perspective you adopt, you can lay
the blame squarely at the feet of any one of the parties involved.
Which means, in practical terms, that the blame is shared - or
should be shared. And, perhaps, pretty much evenly.

mjr.
---
Marcus J. Ranum                         http://www.ranum.com
Computer and Communications Security    mjr () ranum com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall Primitives, (continued)
- - - Re: Firewall Primitives Adam Shostack (Nov 09)
    - BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
    - Re: Firewall Primitives Mikael Olsson (Nov 09)
    - Re: Firewall Primitives Marcus J. Ranum (Nov 09)
    - Re: Firewall Primitives Christopher Hicks (Nov 10)
    - Re: Firewall Primitives Predrag Zivic (Nov 10)
    - Re: Firewall Primitives Stephen P. Berry (Nov 11)
    - Re: Firewall Primitives Cat Okita (Nov 11)
- Re: Firewall Primitives Chris Calabrese (Nov 05)
- Re: Firewall Primitives Alex Goldney (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 11)
  - Re: Firewall Primitives Paul Robertson (Nov 11)
  - Re: Firewall Primitives Stephen P. Berry (Nov 11)