[Dshield] "Personal Firewalls" are mostly snake-oil"

Russell Washington russ.washington at vaultsentry.com
Mon Jul 22 15:12:58 GMT 2002

Re this:

> Now, you're being completely unfaire here. First, you can't expect the Joe
Average to learn about IP services and the like. Home users are NOT
specialists and, while most of them have enough sense to read and follow
simple manuals, there is simply too much to know before you can configure a
firewal properly. <

I think the point is that to configure and use a firewall properly, you DO
have to know this stuff, and if you DON'T then you're deceiving yourself the
moment you tell yourself you know all you have to.

The problem with many software products is that in deference to a lack of
end-user expertise, they are designed to give the user the sense that
something is being done properly when in fact it is not.  The user then
turns around and starts questioning whether the "experts" know more than
they (the users) do and invariably assume that those experts don't
(something about all uf us being equal, same, whatever).  You see this in
fields all over the place that involve skilled labor-- IT, electricians,
auto repair, yadda yadda.  So Joe User decides that he knows just as much as
"those security expert guys" and merrily throws some doodad that says "you
can protect yourself, you don't need those other (expensive) products and
you don't need to know anything new" onto his system.  Then he thumbs his
nose, least importantly at the folks who do know something, but most
importantly, at the very notion that he is at risk of compromise at ALL.

Because there is "too much to know" that Joe User doesn't know, he now
thinks he's Superman and that in fact there isn't any such thing as
Kryptonite either, so he's got a leg up on the situation.  Sitting duck.
Quack quack. :)

Yes, I know Joe User can't be expected to know the guts of TCP/IP.  But with
that in mind, I wouldn't hand a Joe User client *any* product that
facilitated their sense that NOBODY, himself included, needs to know this
stuff to offer them adequate protection.  The word "deception" comes to

More information about the list mailing list