Firewall Wizards mailing list archives
Re: The home user problem returns
From: Mason Schmitt <mason () schmitt ca>
Date: Mon, 12 Sep 2005 10:49:47 -0700
You know what I find highly ironic in all of this -- and I don't mean to pick on you or your ISP -- is that there is a single symptom, a common thread that ties together all of these problems you're attempting to combat. And that common thread is required or at least preferred by all of the major ISPs, and that is Windows desktops. In other words, ISPs everywhere are complicit in their own security and performance headaches.
The irony is not lost on me at all. In my department, we pick on our level 1 tech support guys all the time. One of our digs is that if we could just get all our customers to buy Macs, they would be out of a job. In terms of ISPs preferring windows, that's really related to ease of support. If you have a single dominant platform and a very limited number of applications on that platform that you have to support, then you're miles ahead of a heterogeneous network. With support being one of the larger costs of running an ISP, every little bit helps.
The bitter pill for the clueful is that those people that run a firewall appliance or build their own Linux/BSD firewall for their home network typically get no support from their ISP. (If you have Comcast cable like I do, you can't even register your cable modem without a Windows box. That was an unpleasant surprise when I moved recently.)
I've heard that happens at some of the larger ISPs. That again relates to the sorry state of tech support at most ISPs.
It is not lost on me that this is all due to market forces beyond the control of even the largest ISPs. But I think we can all agree that this is and will continue to be the primary trade-off that those charged (saddled with?) network security must live with, at least in the short-term.
I fully agree. If customers are to run windows, I wish that we could at least get them to run XP SP2. We still have a large percentage of our customer base running 9x, me, 2000. Aside from that, the issue is of course, that these are not security people. Which to a certain degree makes choice of platform less of an issue. I know that the last thing I want to see is Linux/BSD in the hands of Joe Noob. Which takes me right back to the point I made in an earlier email about home users needing to be protected. These people are unlikely to want to learn about computer security because it doesn't interest them. I also don't think they should have to. What they really need is a tool that allows them to do what they want to do, while simultaneously providing a base level of security that is managed by the provider of that system. I realize I may be sounding a bit hypocritical at this point. So, I'll try to clarify. I don't think people should have to know much about computer security, "security apps" like anti-virus, firewalls, etc. I think that computers should be ubiquitous, non intrusive and largely trustworthy. The problem is that this is so far from current reality as to be easily confused with fantasy. So, in our current environment, the home user has to be involved, simply due to the fact that the tool they are using has so many wheels and cogs exposed and those wheels and cogs need constant attention. That's why the prevailing wisdom seems to be that computers need sys admins if they are to be maintained properly.
At the same time, I don't want special treatment from my ISP (I mean, I *do*, but I don't want it institutionalized). I don't want the "secure people here, insecure people there" mentality from what is essentially a utility. Nothing personal, but the likelihood that an ISP will properly be able to correctly and continually analyze the security stance of anyone's home network is slim enough that I'd prefer not to pay more per month for them to try (and probably fail). I can barely do it myself, and I am one of 2 users (that I know of) and I built it.
This is where Marcus's comment about reducing the noise to a manageable level applies. As well, the idea that multiple levels of low to moderate defences can add up to a fairly decent defence. You're right, looking at home networks from the outside in a largely automated fashion is not going to be 100% effective in controlling security problems - not even close. However, if ISPs implement a number of different defences they may actually be able to gain some ground without negatively impacting the vast majority of their customers. An ISP can never hope to provide as robust a defence as a more controlled environment such as a business network, that's not the ISP's job. However, I think it is realistic to expect that an ISP can fall within the 80/20 rule, where they are able to block 80% of the badness. I have a plan that I'm working through right now that I can share if anyone is interested. BTW, does anyone feel I'm going off topic with this stuff? Paul keeps letting them through, so maybe that means something... -- Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Message not available
- Message not available
- Re: The home user problem returns mason (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 22)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 22)
- Message not available
- Re: The home user problem returns Mason Schmitt (Sep 12)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Bill Royds (Sep 14)
- RE: The home user problem returns Jim Seymour (Sep 22)
- RE: The home user problem returns Brian Loe (Sep 22)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 14)