[Dshield] "Personal Firewalls" are mostly snake-oil?

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Jul 25 00:15:08 GMT 2002


Gene, et al.

Trying to answer the questions you made. Responses embedded in your
message (below).
 
Best Wishes,
Peter
------------------------


-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Gene Bradford
Sent: Wednesday, July 24, 2002 4:23 PM
To: list at dshield.org
Subject: Re: RE[5]: RE[2]: [Dshield] "Personal Firewalls" are mostly
snake-oil?

pre-suppossing a general knowledge of security, systems (as in one, ten
or 
thousands) and network administration (whether it be for a home network,
a 
corporate network or a government network) i do believe the statement
made 
below is in reference to the fact that there isn't *time* to take a slow

approach to security.  if you do, your system/network has been breached
and 
you're in trouble.  slow and sure might win the proverbial race, Peter,
but 
quick and alert wins this one.

>>>>> Again it seems that I did not express myself clearly enough. I
will try to rephrase:

0) If a given product shuts by default down all traffic between the
machine it resides on and the Internet, when is the system breached in,
e.g. my case?
1) The software firewall in question does not prompt me of any inbound
traffic attempts. (I do not want or need it to do so.) In this respect
it scores high according to someone I cannot remember who said so
earlier in this thread. (The requirement was of not being annoying to
the user.)
2) I have not faced a situation yet, where I would not had time to find
the right (i.e., safe) answer if and when a prompt would show. I am
talking about outbound traffic here. I require explicit allowance given
by myself per case for any and all outbound traffic controlled by the
software firewall. I give the ok or denial per case. It's no bother to
me. You can also call me control freak if you like. However, that's how
I strive to enhance security.
3) Only when a NEW program or more likely a PROGRAM COMPONENT (*.acm,
*.cnv, *.cpl, *.dll, *.drv, *.ftl, *.ocx, *.qtx, . level) in my case
wants to access the Internet only then will I have to check whether it's
a legitimate component or not.
The innovative interface helps in making the proper decision easily,
quick and accurate based on facts, not on fiction or user guesses. If
you had had experience in using this piece of software you would know
this yourself. What comes to the question of some users being lazy
enough not to find out the right answer, they would possibly learn the
hard way what being lazy can lead to. (I this context I do not address
the problem of mentally lazy people, but lazy in general.)
4) So what is meant by "too slow learning curve" in this approach? <<<<<

i don't feel any of us have taken the viewpoint of anything other than
home 
user.  while some mention has been made of "clients" that was in
reference to 
personal opinions and not directly related to the discussion.  

>>>>> Again I did not express myself clearly enough. I will try to
rephrase more clearly. Those who barrel down software firewalls WHAT DO
YOU RECOMMEND INSTEAD? Semantically a hardware firewall can be just as
"personal firewall" than a software firewall. I understood the question
was "Personal Firewalls" as "Software Firewalls" in opposite to Hardware
Firewalls - are they useless? At least that's the impression I got when
I read the same source of information, disinformation or opinion. You
should read the entire thing so you would know why the original writer
called personal firewalls or software firewalls "snake-oil". An analogy
would be to state that using seat bets, air bags, air curtains, etc. is
buying "snake-oil". They do not protect you 100 per cent under ALL
possible circumstances. I think it is easier for us to judge whether "Do
not buy a car with the previously mentioned features." is a good and
sound recommendation or not. <<<<<


who among us has stated that we're "experts"?  i've read through this
thread 
and don't find one statement to that effect.  while i'm positive there
are 
quite a few in this group who can rightfully and justly claim this
title, 
they haven't.  please don't assume a negative thought pattern just
because 
someone or some group doesn't agree with your point of view.  

>>>>> I did. I am responsible for that. Could it be you looked further
than was necessary to find out this? I apology if I was mistaken. But
reading what you write (above) we seem to share the view. I could not
agree more on what you advice for me. I try to show as a good example
what I recommend. How do you think you succeeded in the same (above)?
Where is the "negative thought pattern"? I was genuine and sincere. On
both accounts: calling another person expert and myself amateur. If you
refer to labelling people or categorizing people then I apology for
having done so. Please, however note that the label for the other person
was positive. <<<<<

as for Stephane's prefrence of FW; a statement was made and that was it.
"I 
prefer...."  no one flamed on this.  Stephane also disavowed any
relationship 
with the publisher of said software.  that's something you haven't done
nor 
have you even addressed my half facitious comment concerning Zone Labs'
pay 
rate.  the intent of that question, if it must be explained to you, was
to 
point out that you're a walking advertisment for them.  ARE you employed
by 
them?  if so it would have been not only polite but honest of you to
have 
made an up front statement to that affect.  if you aren't then i offer
my 
apologies for this paragraph (and my congratulations for not being
employed 
by them as well.)

--gene


>>>>> On your first point in this paragraph we disagree on "no one
flamed on this". I did not experience it that way. Besides I did not
join the discussion but for quite some time later. "No one flamed on
this" and "I did not experience it that way" are both subjective
statements but who can be objective on the issues? I felt that the
feedback to Stephane's posting was hostile. The factual matter "Are
software firewalls good?" or "May software firewalls exist or be used?"
was addressed more by expressing opinions than facts or on-hand
experience on the subject. That's how I interpreted some parts of the
discussion. I agreed on many thing posted by others, but unfortunately
most likely did not bring this up enough. Maybe that made my writing
look biased in someone's eyes.

However, I have tried to tell what is my experience with a given
software firewall. I my mind naming the product(s) is taking
responsibility of not giving general recommendations "yes all software
firewalls are good" or "alike". Besides one of the excerpts I had in my
posting put the software firewalls into three categories and named the
products in question as well. I just had no idea on what effect naming
or referring to one certain person would have on several individuals
taking part in the discussion.

I ignored your comment on the pay rate. I have no other than those
explicitly and openly told [financial or other] bindings to the company
you name (above). Same applies to the company I work with and run. It's
a Finnish company you probably know nothing of. It is privately owned by
my co-founder (five per cent) and myself (the rest).

What comes to the walking advertisement slogan. That's how things work
in life. I am aware of the power of reference selling. You should
however, realize that it is one hundred percent voluntary and genuine in
this case.

I agree with you that it would be unethical to "sell one's own product"
or "products by one's own company" in disguise". I would not consider it
wise or effective either. Even though I thought that you were merely
joking I now realize you were/are sincere with the innuendo(s).
Therefore: Apology accepted. <<<<<

-- Peter


------------------------------------------------------------------------
On Wednesday 24 July 2002 04:38 pm, Peter Stendahl-Juvonen wrote:
> Russell, et all.
>
> However, I do not understand what is meant by '"Gradual" and
"security"
> are mutually exclusive in any context that means
> anything in systems or network administration.'
>

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list