Firewall Wizards mailing list archives

Re: Personal Firewall Day?

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 05 Oct 2003 13:30:17 -0400

Charles Miller wrote:

'To combat the problems with patch management, however, the company [Microsoft] is moving to a "securing the 
perimeter" strategy where it will partner with various firewall companies to ensure that electronic attacks don't even 
reach their intended targets but are instead thwarted at the edge of the network


One of the indicators of a security problem that has gotten out of
hand is a flip-flopping between firewalls and host security. :)  I remember
a couple government agencies that went that route over the years.
        - "We don't NEED a firewall, we have good host security!"
        (they get hacked to pieces and finally can't hide it anymore)
        - "We don't NEED host security, we have a good firewall!"
        (they get trojaned, botted, and hacked to pieces and finally
                can't hide it anymore)
        - "We are going to use strong host security because we don't
                need a firewall..."
        (lather, rinse, repeat...)

Is there a real answer? I think that there is but Microsoft can't
give it because it's contrary to their business model. Linux can't
do it because it's contrary to its proponent's mind-sets. Maybe
Sony can do it through their Playstation sales unit. Basically,
the answer is to kill off general-purpose computing for 99.9%
of the desktops in the world. Really, it's not necessary for Joe
Average User (though Joe wouldn't agree). I think Schneier and
Geer et al were wrong when they wrote their little paper about
Microsoft monoculture being dangerous - they adopted a
disease model and, like most analogies, they let the analogy
steer their thinking. What we need is a monoculture but we
need to recognize that we're building one and make sure it
has a good immune system that can spread and share
immunity as fast (ideally faster!) than new cyberpathogens can
spread.  But that's a topic for another day. ;)

mjr.  

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Personal Firewall Day? Charles Miller (Oct 05)
- Re: Personal Firewall Day? Paul Robertson (Oct 05)
- Re: Personal Firewall Day? George Capehart (Oct 05)
- <Possible follow-ups>
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 05)
  - Re: Personal Firewall Day? Devdas Bhagat (Oct 06)
    - Re: Personal Firewall Day? Christopher Hicks (Oct 06)
  - Re: Personal Firewall Day? Christopher Hicks (Oct 06)
    - Re: Personal Firewall Day? Crispin Cowan (Oct 06)
    - Re: Personal Firewall Day? Marcus J. Ranum (Oct 06)
    - Re: Personal Firewall Day? Crispin Cowan (Oct 07)
    - Re: Personal Firewall Day? Gary Flynn (Oct 07)
    - Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
    - Re: Personal Firewall Day? David Lang (Oct 07)
    - Re: Personal Firewall Day? Bill Royds (Oct 11)

(Thread continues...)