[Dshield] "Personal Firewalls" are mostly snake-oil"

Mark Rowlands mark.rowlands at minmail.net
Tue Jul 23 10:25:04 GMT 2002

On Mon July 22 2002 18:57, John Hardin wrote:
> > On Mon, Jul 22, 2002 at 07:17:09AM +0200, Stephane Grobety wrote:
> > > But the point is that it's not because a solution is not "the best" or
> > > a perfect one that it's "snake oil". Personal FW DO have an effect.
> > > They DO keep the random scan down and more often than not, they do
> > > succeed in protecting the user from some of his/her mistakes (like
> > > not knowing that IIS is running on his/her machine or turning on file
> > > sharing and giving "guest" full acess to a share).
> ...unfortunately these are largely the same users who have been
> conditioned to click [OK] to get the damned distracting dialog box off
> the screen without reading and thinking about what it's asking. This may
> greatly hamper the effectiveness of personal firewalls on the Windows
> platform - they detect unsafe traffic, but the user tells them to permit
> the traffic just to get them to shut up.

Well I did a practical test .......  I installed Tiny Personal Firewall on my 
girlfriends win2k machine, explained what the options meant and why you 
should use em. Now she aint dumb, but after a couple of days of listening to 
occasionally outraged howls I checked the configuration.....  essentially it 
was "allow all from any to any". When I asked her why, she said "it was just 
too annoying having to decide from which machine to which and sometimes you 
had to allow any and sometimes not so it was just easier......."

Until the default installs and actual practices of these products get smarter 
they will remain at best, of limited use. 

p.s this aint a windows issue..... I have seen the same phenomena on unix 
based firewalls as well.

More information about the list mailing list