lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: UTTER HORSESHIT: [was January 15 is Personal Firewall Day, help the cause] On Thu, 15 Jan 2004, Mary Landesman wrote: > Interpretation is subjective, but I have always interpreted the Sam Spade > rant to be directed at the alerting many of these PFWs do, vs. the actual > effectiveness. I read the rant there as a fed up admin/code warrior tired of dealing with bug reports due to PFW's blocking his samspade apps capabilities. > In fact, his point seems to be to get a hardware-based > firewall. Not only is it not an option for most home based users, even if it was, in the vast majority of cases it's not going to lower the issues broght to his desk about his samspade app or similiar apps cause even a HW based FW requires the proper tuning and training to do it's job correctly/near-perfectly. Most folks with a new PC from x-mas or a b-day or graduation do not have the funds to keep a sec expert on contract for the time it's going to take to do this. Sure, sure, HW fw's often com preconfigured with some level of effectivness,just like the SW version tend to offer 1-3 levels of preconfigged 'protection modes' to those that rely upon them. But, what we have to remember is; ONE SIZE DOES NOT FIT ALL. Even in the home user/non-professional categrories. But the objective or personal FW day is to; enlighten thse that are not IT professionals to get IT pros to share a bit f their time and skills to do the enlightening and perhaps some tuning and training for their friends, family, etc... And damn, if folks don;t like the SW-PFW idea, then spends the extra time and most likely a few of your own har earned bucks and get these folks a HW based set of protections, afterall, it's in our own best interests to see as many folks getting a clue or partial one, and a bit of defense setup. Of course, there are many that will prefer to stand still, cry FUD and do not a gawd damned thing. The Good thing about potential is as long as you do nothing you'll always have it. [the rest of a decent post and a few whiners statements SNIPPED] Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists