Firewall Wizards mailing list archives
Re: Personal Firewall Day?
From: Gary Flynn <flynngn () jmu edu>
Date: Mon, 06 Oct 2003 21:41:24 -0400
Marcus J. Ranum wrote:
I think we're addicted to general purpose computing because of its versatility,But we're addicted to general purpose computing because we (mistakenly) perceive a need to upgrade system components in order to save costs over time. We also ae addicted to general purpose computing because our software base is so buggy that we need to upgrade software components constantly in hopes of finding something that doesn'tcrash.
freedom, and associated potential to innovate. Indeed, GP computing itself rather than some specific implementation of it, may be our monoculture. We've forever been able to download some "neat new tool or app". Therein lies the problem. Today, there are a lot more malicious "neat new tools andapps". Today there are a lot more tools to exploit the increasing complexity
and defects found on today's desktops and infrastructure. Who would have thought ten or fifteen years ago that today's common consumer desktop would have dozens of background services running, including several that open listening ports on the network?But the problem isn't entirely with the platform. There are a lot more naive, overwhelmed, paranoid, exploitative, and uncooperative individuals connected
to our world wide network. A network that not too long ago was nowhere near as accessible or commonplace. And with that increasing population and associated increase in usage, has come motivation for evil doers - money, fame, and worse.
General purpose computing also brings gigantic hidden costs in terms of system administration and GP systems vulnerability to trojans and viruses. Reverting to a monoculture would actually help us address a lot of these issues.
I'd have to agree with that but the nature of the machine would have tochange drastically. I pondered this in the first wave of DDOS attacks in 2000:
http://falcon.jmu.edu/~flynngn/whatnext.htm (currently down but its cached through the magic of Google) I'd even go so far as to say that such a machine would be adequate for the vast majority of consumers. However, those machines would be significant impediments to innovation and growth. While we might consider HTTP and IMAP base functionality today, they weren't around a decade ago. I have to wonder whether we would have had the explosion in growth and functionality we've experienced if the installed base had to have ROM upgrades or complete replacement to support new standards - HTTP, IMAP, SSH, SSL, IPSEC, multicast, IM, etc. Shoot, it wasn't too long ago that TCP/IP stacks were add-on software. Growth, fluidity, and change have always brought some growing pains. Unfortunately, I don't think we've seen the worst of what is to come. Certainly, the platform has to change to improve today's situation. But I don't think we'll see universal, GP platform improvements that will solve the problems. The nature of a GP computer is inherently unsecure in thehands of untrained individuals in a hostile environment. And the Internet will
need to be considered hostile as long as its world-wide, unauthenticated, and freely accessible. Perhaps what we need instead is a range of deviceswith a range of functionality to be used in appropriate situations. Maybe that
is what we're beginning to see with handhelds, phones, and home entertainment systems increasingly taking on data communications and applet capabilities. But, of course, the closer they get in functionality to a GP computer....
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Personal Firewall Day? Charles Miller (Oct 05)
- Re: Personal Firewall Day? Paul Robertson (Oct 05)
- Re: Personal Firewall Day? George Capehart (Oct 05)
- <Possible follow-ups>
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 05)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 06)
- Re: Personal Firewall Day? Christopher Hicks (Oct 06)
- Re: Personal Firewall Day? Christopher Hicks (Oct 06)
- Re: Personal Firewall Day? Crispin Cowan (Oct 06)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 06)
- Re: Personal Firewall Day? Crispin Cowan (Oct 07)
- Re: Personal Firewall Day? Gary Flynn (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? David Lang (Oct 07)
- Re: Personal Firewall Day? Bill Royds (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 11)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 06)
- Re: Personal Firewall Day? Devdas Bhagat (Oct 07)
- Re: Personal Firewall Day? Dragos Ruiu (Oct 07)
- Re: Personal Firewall Day? Christopher Hicks (Oct 07)
- Re: Personal Firewall Day? Marcus J. Ranum (Oct 07)
- Re: Personal Firewall Day? Adam Shostack (Oct 07)
- Re: Personal Firewall Day? R. DuFresne (Oct 07)