[Dshield] Windoze Questions...

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Fri Feb 13 21:24:17 GMT 2004


list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on Friday,
February 13, 2004 10:04 PM UTC+2:

||| http://securityfocus.com/bid/vendor/
||| 
|| 
|| Please note that at least all (above) referenced ZoneLabs' firewall issues
|| relate to old, i.e. out-of-date versions of ZoneAlarm or ZoneAlarm Pro.
|| 
|| Have not seen a single one issue reported for the current version of, e.g.
|| ZoneAlarm Pro (4.5.538.000).
|| 
|| Have not checked the other vendors' issues since they are of little
|| interest to me.
| 
| but as a measure of the company's track record on buggy code, i feel it is a
| useful yardstick.
| 
| -d
| 

David et al.

Of course, you can see it that way if you feel so.

However, that almost sounds that one is not allowed to make mistakes (and
learn from them, which in my opinion is a natural way to learn things and make
progress). 

If using ancient reported issues as a yardstick, I think one should also take
into account, e.g. the comprehensiveness, etc. of the various products. (Bugs
per lines of code type of things. In addition, to what the product delivers.)

An analogy from the automobile industry: If previous models of a given car
have been safe or unsafe weights little when I get the current model of the
car right now.

I would not get a car that used to have safe models in the old days but does
not have to offer any safe models now. I would rather get a car that is safe
right now.

In other words, I recommend getting a product that is safe now.


- Pete


      "The only real mistake is the one from which we learn nothing."
      John Powell (1834-1902); American geologist and ethnologist. 





More information about the list mailing list