lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: mike at shawnuff.net (Mike Shaw) Subject: Flawed arguments (Was all that other crap about PFW day) On Fri, 16 Jan 2004 07:33:29 -0800 "Schmehl, Paul L" <pauls@...allas.edu> wrote: >The previous poster complains that PFWs fool people into thinking >that >they are more secure. Several other posters have cited the fact >that >most *nixes now come with "the firewall enabled", which obviously >means >they think that makes *nix more secure. So, they believe, simply >by >having iptables (or whatever) enabled, they are more secure. I'll have straw men for $800, Alex. Seriously, I don't think that it's fair to amalgamate the posts of several people and then condense the unrelated parts as a weak target. I think what people are saying about the iptables stuff is that many of these OS' come out of the box with a)unneeded services disabled and b)a rule enforcement mechanism to minimize the risk of abuse. I don't know that this assertion is actually *true* or not (I do know that OS X seems to do a pretty good job at this) but what ever the case it's quite different than the situation with Windows, so your parallels aren't really accurate. As I said before, user edumuhcation is great...but educating them to use a bolt-on-after-the-fact personal firewall is a bit misguided. They're kludgy and strange to administer for the average user, they gloss over the preposterous out-of-box behavior of the OS, and they create financial incentives for poor products. And again, calling an education day "personal firewall day" and expecting the message to make any sense to the masses is just plain silly. It's like the March of Dimes naming their whole effort "The coping with fetal alchohol syndrome campaign". It makes no sense in the broader realm of education, ingnores vast tracts of far more effective information, and shouldn't the effort be to prevent that specific syndrome? On the bright side, hopefully with some of the new MS service packs, this distraction of 3rd party products will slowly dissipate. -Mike
Powered by blists - more mailing lists