[Dshield] RE: this whole personal firewall debate

Russell Washington russ.washington at vaultsentry.com
Wed Jul 24 18:43:25 GMT 2002


<snip>

> Now maybe (I'm no expert on these products), the problem lies in that the
user is asked any questions at all, as then the default wouldn't change
unless the user chose to specifically change something. Is this too
simplistic? I don't think so. <

Kenton, good post in general, btw.

I think the biggest difference between a "personal firewall" and a
"traditional firewall," barring the obvious topological distinctions, is
your point above.  A "traditional firewall" does NOT interactively ask *any*
user about authorizing traffic as it shows up, nor does it offer quickie
click-here-to-change-the-policy-to-something-more-to-your-liking dialog
boxes.  This distinction is perhaps subtle, but given that traffic
management boils down to blocking this and accepting that, the only real
programmatical difference left between personal vs traditional firewalls
is... the involvement of the end user.  And that's where they divide into
two very, very different camps.

I would be in grand favor of a so-called personal firewall, topologically
speaking, if its default behavior was to make you have to dig into it and do
something explicitly, intentionally, and hopefully with some knowledge, to
get it to undo its security measures.  *Without* that, it just doesn't seem
to me to be a particularly effective security device in the aggregate.  For
the *single informed user*, effective, yes; but not in the uninformed
aggregate.




More information about the list mailing list