lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200401161657.i0GGvclU095569@mailserver1.hushmail.com>
From: mike at shawnuff.net (Mike Shaw)
Subject: Flawed arguments (Was all that other crap about PFW day)

On Fri, 16 Jan 2004 07:33:29 -0800 "Schmehl, Paul L" <pauls@...allas.edu>
wrote:
>The previous poster complains that PFWs fool people into thinking
>that
>they are more secure.  Several other posters have cited the fact
>that
>most *nixes now come with "the firewall enabled", which obviously
>means
>they think that makes *nix more secure.  So, they believe, simply
>by
>having iptables (or whatever) enabled, they are more secure.

I'll have straw men for $800, Alex.

Seriously, I don't think that it's fair to amalgamate the posts of several
people and then condense the unrelated parts as a weak target.

I think what people are saying about the iptables stuff is that many
of these OS' come out of the box with a)unneeded services disabled and
b)a rule enforcement mechanism to minimize the risk of abuse.  I don't
know that this assertion is actually *true* or not (I do know that OS
X seems to do a pretty good job at this) but what ever the case it's
quite different than the situation with Windows, so your parallels aren't
really accurate.

As I said before, user edumuhcation is great...but educating them to
use a bolt-on-after-the-fact personal firewall is a bit misguided.  They're
kludgy and strange to administer for the average user, they gloss over
the preposterous out-of-box behavior of the OS, and they create financial
incentives for poor products.

And again, calling an education day "personal firewall day" and expecting
the message to make any sense to the masses is just plain silly.  It's
like the March of Dimes naming their whole effort "The coping with fetal
alchohol syndrome campaign".  It makes no sense in the broader realm
of education, ingnores vast tracts of far more effective information,
 and shouldn't the effort be to prevent that specific syndrome?

On the bright side, hopefully with some of the new MS service packs,
this distraction of 3rd party products will slowly dissipate. 

-Mike


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ