lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200401152108.i0FL8Zd3005238@mailserver1.hushmail.com>
From: mike at shawnuff.net (Mike Shaw)
Subject: January 15 is Personal Firewall Day, help the cause

On Thu, 15 Jan 2004 09:28:39 -0800 Ron DuFresne <dufresne@...ternet.com>
wrote:
>
>There have been alot of 'complaints' or FUD replies concerneing the
>efforts for personal firewall day, 1/15/04, yet not a single, "this
>would
>work much better" replies or offerings.  do  any of the unsuporteres
>have
>something better to offer that is;

Okay, here's the deal.

a)  If this is truly an 'education' effort and not a security software
pushing effort, it's an extremely poorly named one.  The average uneducated
user is going to look at this and say "huh?"..and I don't mean the "let's
find out more about this" huh...I mean "this makes no sense and I don't
even begin to understand firewall and I'm moving on to the next easy
thing to grasp" huh.

"Safe computing" day or something else warm and fuzzy would have been
far better.

b)  If the name simply must be something technical, then personal firewalls
are probably the 3rd most valuable thing to push.  Patching and AV are
waaay ahead.  I would say anti-spyware is probably even more important
to the average Windows user than a personal firewall.

Personal firewalls are also far too complex for the average user to be
good as an 'on message' movement.  If they can understand that stuff,
 they already understand patching, AV, and clicking "no" when prompted
to install malware.

c)  When you center an education effort around a niche product whose
very existence depends on the very security holes that cause the problem...don't
expect to garner much support.  The marketing behind these products has
far more sinister potential than that of $150/hour security consultants.

So to wrap up...IMHO, if this had been "safe computing day"--focusing
on patching, AV, and possibly anti-spyware, it would have gotten far
far more positive reaction.  Leave the personal firewalls out--not nearly
enough bang for the buck.

Now...not to be fatalist, but while this effort is well intentioned,
the bottom line is the population in general toast until the primary
players fix their code and defaults.  There are millions of unsafe PC's
out there manned by non-experts, and there are a handfull of key software
companies manned by plenty of experts.  Where should the primary effort
be?

-Mike





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ