Re: UTTER HORSESHIT: [was January 15 is Personal Firewall Day, help the cause]

[Ron DuFresne <dufresne () winternet com>]

EXACTLY!!  Sorry to post a one word reply and not trim the fat from this
post, but, it's probably one of the best replies to this whole thread, and
worth a second read!

Thanks,

Ron DuFresne

On 15 Jan 2004, Kenton Smith wrote:

> These have got to be trolls. This is the most pathetic argument I have
> ever heard for not using security products.
> The software we use is bad and inherently insecure, people don't know
> what they're doing. Therefore the only solution is to open it all up and
> wait for the software vendors to fix all the software problems. That's
> the b*llsh*t.
> I know most of the people on this list don't have time for anything but
> themselves so I don't expect you to pay any attention to something like
> this. You just stay in your holes and keep looking for vulnerabilities.
> I know when everyone eschews personal firewalls as these brilliant posts
> suggest, your jobs will become much easier.
> Some of us actual believe (because we've seen proof) that a little
> education goes a long way. Instead of using your vast knowledge to tell
> people the weaknesses in these products, why don't you take a few
> minutes out of your valuable time to show people how to use one
> effectively?
>
> This is just another example of what a waste of time this list is
> becoming. Many of the people on here care nothing about security, they
> only care about berating everyone else and the choices they make (and
> I've fallen right into their stupid trap).
>
> Kenton
>
> On Thu, 2004-01-15 at 05:55, Erik van Straten wrote:
> > "http-equiv () excite com" <1 () malware com>:
> > > We hereby reject this utter horseshit unreservedly.
> >
> > Agreed - when it's intended to "protect" aunt Annie's Xmas present.
> >
> > It just makes NO SENSE to have PC's listening on lots of ports, by
> > default on any interface, and then add a PFW to prevent anyone from
> > accessing them.
> >
> > (much like building a wall in front of your house because your doors
> > and Windows(TM) have broken locks).
> >
> > In particular because most Annie's have no clue what IP is, and
> > undesired egress traffic easily bypasses PFW's (if the malware hasn't
> > shut down the darn thing right away).
> >
> > Classic PFW = Snake Oil: http://www.samspade.org/d/firewalls.html
> >
> > If Annie's weren't members of Administrators, and members of
> > Administrators would not have access to apps like IE and OE, and
> > WindowsUpdate would not require admin privs to download, and there
> > wouldn't be so many privesc sploitz, and the FS and registry would
> > have much tighter perms by default, PFW's *would* make sense - for
> > blocking undesired egress traffic.
> >
> > That is, provided that the PFW reliably starts before net I/O is
> > possible, runs in "Safe Mode With Networking", and is not crowded
> > with bugs itself.
> >
> > Cheers,
> > Erik
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html