R: [Dshield] "Personal Firewalls" are mostly snake-oil?
jan.wildeboer at gmx.de
Wed Jul 24 17:48:15 GMT 2002
Johannes Ullrich wrote:
> Which personal firewall is best? I don't know. But I recommend
> that you just try one of the free once and see how well it works
> for you.
That IS the problem. How can the unaware user judge something he doesn't
understand? How can he decide if a "personal firewall" is good or crap
if he is totally unaware of the knowledge needed to decide that?
All of these "personal firewall" stuf remind me of that company that
offered a piece of software that promised to double RAM but turned out
to contain NOPs ;-)
The real(tm) problem is that many OSes tend to make the user think it is
all uncomplicated stuff. It is like saying "Flying an helicopter is
easy! Just sit down and fly!"
This discussion is based on false assumptions. Security is something
that must be learned. TCP/IP is something that is too complicated to be
considered common knowledge. Hey, many people don't even know you can
use ALT+TAB under windows to switch tasks ;-)
One cannot - I repeat - cannot judge a firewall software without knowing
a lot - I repeat - a lot about the TCP/IP stack. The ZD-Net rating is
based on "this looks good". Tiny doesnt look good. But it works better.
In my personal opinion people should use routers that are capable of
handling firewall rules. And they should get those shipped with at least
a basic set of security rules. How sick I am of all those unfiltered
netbios broadcasts ...
Let them (the PF-users) die dumb. Let's go back to work.
More information about the list