[Dshield] Re: "Personal Firewalls" are mostly snake-oil?

IT Department - CI Holding Group, Inc. it at ciholding.com
Thu Jul 25 16:54:52 GMT 2002

Comments in line...

At 07:48 PM 7/24/2002 +0200, Jan Wildeboer wrote:
>The real(tm) problem is that many OSes tend to make the user think it is 
>all uncomplicated stuff. It is like saying "Flying an helicopter is easy! 
>Just sit down and fly!"

I think you need to see the implicit value of using an O/S -- it's a 
tool.  A tool to allow a WIDE variety of users the ability to function and 
utilize the functionality of a system -- let alone an interconnected 
network of systems.

The job of O/S manufacturers is just that -- make it easy.  Harness the 
absolute power with the minimal amount of difficulty, and make it 
functional.  Who, today, could code an entire GUI to be used as a front end 
for DOS based systems?  Very few.  So, if you think you could jump behind a 
DOS 5 CLI, tool it to crank out a front-end for CAD, more power to you.  If 
not, pipe down.

>This discussion is based on false assumptions. Security is something that 
>must be learned. TCP/IP is something that is too complicated to be 
>considered common knowledge.
>One cannot - I repeat - cannot judge a firewall software without knowing a 
>lot - I repeat - a lot about the TCP/IP stack. The ZD-Net rating is based 
>on "this looks good". Tiny doesnt look good. But it works better.

But the ULTIMATE end to implementing a "firewall", personal or not, is to 
make security paramount.  Whether they begin elementary school classes on 
TCP/IP stack basics or not isn't the point.  The point is that everyone CAN 
learn, if they NEED to learn.  As stated above, software vendors are TRYING 
to make it all easier on the END USER.  Hopefully not compromising the 
systems along the way (with bug ridden code).

>Let them (the PF-users) die dumb. Let's go back to work.

Ignorance is bliss.  It is that very elitist attitude that caused other 
compromising world events.


More information about the list mailing list