[Dshield] "Personal Firewalls" are mostly snake-oil?

Tom Liston tliston at premmag.com
Wed Jul 24 17:52:37 GMT 2002


I just kept telling myself I wasn't going to get involved in this...

Oh well...

The real question here, the one that seems to be getting lost in the 
shuffle is this: is PFW software of any use?

The answer is obvious: certainly.

The larger question though is this: do PFWs live up to the claims 
that are made for them by the people who market them.

The answer again, is obvious: certainly not.

And therein lies the real problem.

The marketing hype is driven by the need to set their product apart 
from the rest of the pack, and while that is understandable, when it 
crosses the line from fact to fiction, people who buy their product 
and use it assuming that it will live up to these claims can end up 
getting burned.

Zone Labs is perhaps the most egregious offender in this area, which 
is actually a shame, because ZoneAlarm is a decent PFW.  If they 
would market it based on it's capabilities rather than screaming that 
it:

"barricades your PC, and your network, from known and unknown 
Internet threats."

I would have a great deal more respect for the company.

In the final analysis, I would say this:  If you use a PFW, it will 
block any connection FROM the outside world TO your computer that you 
tell it to block.  Beyond that, things get much more "hit-or-miss".  
Outbound data blocking is a very tricky thing, analogous to the issue 
of "copy protection", and quite honestly, I don't think that the PFW 
vendors are smart enough that I would entrust the privacy of my data 
to them, and them alone.  

PFWs have a very important place in a "defence in depth" posture.  
Push them to be anything beyond that, and you're just asking for 
trouble.

-TL

PS: Just to see if Johannes is right: "Steve Gibson"
Tom Liston, GSEC
Network Administrator
Prem Magnetics, Inc.
tliston at premmag.com
tliston at hackbusters.net




More information about the list mailing list