Firewall Wizards mailing list archives
Re: Home firewall/NAT appliances - summary
From: Christopher Hicks <chicks () chicks net>
Date: Sun, 20 Jul 2003 05:37:10 -0400 (EDT)
On Thu, 17 Jul 2003, Dave Piscitello wrote:
I won't start a thread about this, I'm sure we've endured enough "security vs. ease of installation" discussions.
Tastes great. Less filling.
If you want to take this up with me, do so offline and save maillist electrons.
Oh, sorry.
Some folks responded with experience from personal firewall software. Several of these do indeed block all outbound applications by default and some interact with the user on a per application basis to customize a policy. I'm not convinced every home user responds knowledgeably to "notarookit.exe wants to connect to the internet, is this OK?", but at least it's not wide open.
I've installed virus/personal firewall software from a couple of different vendors and here's what I found: - it wasn't worth doing except on the machines of the PEBCAK issue generators. Those people /definitely/ have no idea what should be installed, allowed to connect to the internet, or how to find their way out of a small paper bag....but anyway, the corrollary is also true: the power users found it a pain and superfulous because they "knew how to not click on the wrong &*^*& thing in the first place." - the amount of information provided to decide whether to allow a connection or not is rather limited and you will often be confronted with this shortage. Every piece of wintray garbage these days seems to want to connect to the Internet. If you've never seen how much your box talks to the net "on your behalf" hook one of these things up and let it annoy you for a full day. (But not a Monday.) - the majority of software we found when we looked (about a year ago) was configured in this really annoying fashion. While I'm sure software could be configured to quietly "prevent what we know is bad and otherwise stay out of the way", that's a lot of work and if it doesn't come that way out of the box, or more easily doable that hand-configuring a firewall it's not going to be useful for most IT folks. - other solutions seem to have solved most of the problems the personal firewall software was aimed at preventing. Personal firewall hardware has become quite cheap (~$100) and painless. This takes care of half of the problem because things can't get in that aren't brought in. (You know what I mean.) Virus scanning on the mail server and e-mail proggies that don't suck down web images (at least as an option) have wiped out the big wins that the personal firewall software people had to start with. Disclaimer: I don't have any financial or other interest in seeing these guys fail. So, I'm wondering what I'm missing. Is there some point to this stuff this year? Has personal firewall software gottena any better? Really, does anyone have any glowing stories of these products making their lives more pleasant? -- </chris> The death of democracy is not likely to be an assassination from ambush. It will be a slow extinction from apathy, indifference, and undernourishment. -Robert Maynard Hutchins, educator (1899-1977) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Home firewall/NAT appliances Dave Piscitello (Jul 16)
- Re: Home firewall/NAT appliances Baruch Even (Jul 18)
- Message not available
- Re: Home firewall/NAT appliances - summary Dave Piscitello (Jul 18)
- Re: Home firewall/NAT appliances - summary Christopher Hicks (Jul 20)
- Re: Home firewall/NAT appliances - summary Dave Piscitello (Jul 18)
- <Possible follow-ups>
- re: Home firewall/NAT appliances Mike Hoskins (Jul 18)