Full Disclosure mailing list archives
RE: [OFFTOPIC] Zone Alarm
From: "Robert J. Liebsch" <rliebsch () stoneyamashita com>
Date: Wed, 4 Jun 2003 16:45:28 -0700
I have on asbestos underwear, so I am prepared for your flames... However, Because security is inconvenient does not make it irrelevant. You do have your car serviced? You do go see a doctor regularly? You do perform maintenance to your home? ....don't you? How can you expect the right thing to be easy? You must have at least NAT running on a fairly safe box. Everything, software/hardware/firmware/you/me/the damed dog have security vulnerabilities. Safe sex is everyone's responsibility isn't it? Safe driveing is everyone's responsibility. Safe gun handling. And we all know what happens. Come on. If we don't make demands that people wake the hell up and be responsible human beings, and responsible computer users... Give up and get a different career on a different planet. I have a VERY small office. Only 30 users. But EVERY one of them has DSL at home. Every one of them has hardware providing NAT, every one of them has system monitoring utilities and antivirus utilities, every one of them has much more than the basic precautions taken. But now, two years later, they take it as a given. As a requisit for computing in this information age. My users, my lame ass users who forget how to print, who can seldom remember how to zip a file, or any number of other things users don't know how to do because they weren't practiced.... They laugh at people who don't concider some security issues. Take your stance a little bit further... How many sysadmins, netadmins, secadmins don't follow policy? How many skip security because its too hard. Because its too complicated, because it takes too long? I know how many. Look at the penetrations, look at the defacements. This is everyones issue. This is not offtopic. Lets take this further still... Suppose you don't expect users to do this. Suppose I plant a zombie on your users machine because all they had was Zone Alarm, or better yet, Nothing at all. Now your user comes to work. My zombie says "hey, this address is an RFC1918 address, Time to wake up and go to work." Then I can weasle my way in to your very well maintained network. This isn't easy. Neither was getting people to take a bath during the plagues. Neither is carrying herpes because you didnt wear a condom, Netiher is burying family because you didn't put your gun away, or put on a saftey belt... off topic? How?
---------- From: Kurt Seifried Reply To: Kurt Seifried Sent: Wednesday, June 4, 2003 4:21 PM To: Michael Reilly; Schmehl, Paul L Cc: Ben Tyson-Norrman; full-disclosure () lists netsys com Subject: [Full-disclosure] [OFFTOPIC] Zone Alarm Increased complexity is not a good thing. Think about it folks: Solution A) PC with zonealarm, relatively easy to configure (it's what I reccomend to most users). Solution B) Hardware firewall with potential security flaws such as web interface, firmware flaws, etc. Difficult for user to update, if firmware update fails product is largely "Dead". None of these systems I have seen have automated updates or even prompt the user to check for new software versions/etc. Result: firmware falls out of date, web interface/etc possibly exposed, increased exposure for user. Solution C) a PC with some form of UNIX installed to act as a firewall. User needs to learn to become UNIX administrator, configure and update system. You are kidding right? This opens up a HUGE number of potential vulnerabilities, increases complexity hugely, and costs quite a bit as well. This is insane. NOW PLEASE LET'S KILL THIS THREAD. DO NOT REPLY TO THIS PUBLICLY. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [OFFTOPIC] Zone Alarm, (continued)
- Re: [OFFTOPIC] Zone Alarm morning_wood (Jun 04)
- Re: [OFFTOPIC] Zone Alarm Shawn McMahon (Jun 05)
- Re: [OFFTOPIC] Zone Alarm morning_wood (Jun 05)
- RE: [OFFTOPIC] Zone Alarm JT (Jun 05)
- Re: [OFFTOPIC] Zone Alarm morning_wood (Jun 05)
- Re: [OFFTOPIC] Zone Alarm Shawn McMahon (Jun 05)
- RE: [OFFTOPIC] Zone Alarm JT (Jun 05)
- Re: [OFFTOPIC] Zone Alarm Shawn McMahon (Jun 05)
- RE: [OFFTOPIC] Zone Alarm JT (Jun 05)
- Re: [OFFTOPIC] Zone Alarm Shawn McMahon (Jun 05)
- Re: [OFFTOPIC] Zone Alarm Nick FitzGerald (Jun 05)
- Re: [OFFTOPIC] Zone Alarm morning_wood (Jun 04)
- RE: [OFFTOPIC] Zone Alarm JT (Jun 04)
- RE: [OFFTOPIC] Zone Alarm Lars Duesing (Jun 05)
- RE: [OFFTOPIC] Zone Alarm Cedric Blancher (Jun 05)
- Re[2]: [OFFTOPIC] Zone Alarm Frank J. Hoffmann (Jun 05)
- Re: Re[2]: [OFFTOPIC] Zone Alarm lee . x . james (Jun 05)