[Full-Disclosure] January 15 is Personal Firewall Day, help the cause
Joris De Donder
fulld-j at digitaldefense.be
Thu Jan 15 20:31:18 GMT 2004
> There have been alot of 'complaints' or FUD replies concerneing the
> efforts for personal firewall day, 1/15/04, yet not a single, "this would
> work much better" replies or offerings. do any of the unsuporteres have
The main problem is the user. Annie for example opens/runs every
attachment she receives. Now if you say to Annie that all she needs to
do to be secure is installing (buying) a PFW (from a short list of
sponsors (*)), using an Anti-Virus program and keeping her system
updated, you actually encourage her to continue her dangerous
behavior. Fact is that even with a PFW, up to date AV and system,
Annie (who is part of the Administrators group btw) will get infected
if she keeps opening/running every attachment.
And then it's game over. This is not 1998, trojans/backdoors are
becomming more and more advanced (public rootkit projects for MS
Windows are becomming more common) and no PFW (a program that is
running on the same, now compromised, system) can prevent a 'modern'
backdoor/trojan from "getting out".
So we need to change Annies behavior. An obvious (technical) solution
would be to give Annie an email client that's incapable of launching
(possibly harmful) attachments, but that only solves part of the problem
since Annie just received a .scr file through her favorite IM client
and next week Annie will find and install a new filesharing program...
Annie needs to realise that she's not safe. She needs to realise that
even with a PFW, up to date AV and system, she can still get infected.
She needs to learn to 'think' when her new PFW pops up a message
saying that a file cald "iexpIlore.exe" (with a nice IE like icon)
tries to "connect to the internet".
So (unless ofcourse, we can move Annie and the millions like her away
from general purpose desktop computers like we know them today to some
new kind of secure frontends, that store their files and settings on a
remote server(**)) it's essential that we educate Annie.
Computer stores can play a very important role in this and for example
give their customers a flyer or 'brochure' with usefull tips and
ISPs could give the same information to their customers or even put
certain 'security requirements' in their contracts. They could send
their users a 'security newsletter' and/or setup a special
website/page with usefull information (usefull information != some
links to your sponsors and and some FUD text written by people from
the marketing dep.)
Conclusion: The purely technical solution (with obvious commercial
intentions) proposed by personalfirewallday.org will lead to a false
sense of security, resulting in more insecure systems.
User Education is an essential part of the solution.
(*) I see the list just got updated....
(**) No, I don't mean dumb terminals.
Full-Disclosure is hosted and sponsored by Secunia.