[Full-Disclosure] Flawed arguments (Was all that other crap about PFW day)
mike at shawnuff.net
Fri Jan 16 16:57:37 GMT 2004
On Fri, 16 Jan 2004 07:33:29 -0800 "Schmehl, Paul L" <pauls at utdallas.edu>
>The previous poster complains that PFWs fool people into thinking
>they are more secure. Several other posters have cited the fact
>most *nixes now come with "the firewall enabled", which obviously
>they think that makes *nix more secure. So, they believe, simply
>having iptables (or whatever) enabled, they are more secure.
I'll have straw men for $800, Alex.
Seriously, I don't think that it's fair to amalgamate the posts of several
people and then condense the unrelated parts as a weak target.
I think what people are saying about the iptables stuff is that many
of these OS' come out of the box with a)unneeded services disabled and
b)a rule enforcement mechanism to minimize the risk of abuse. I don't
know that this assertion is actually *true* or not (I do know that OS
X seems to do a pretty good job at this) but what ever the case it's
quite different than the situation with Windows, so your parallels aren't
As I said before, user edumuhcation is great...but educating them to
use a bolt-on-after-the-fact personal firewall is a bit misguided. They're
kludgy and strange to administer for the average user, they gloss over
the preposterous out-of-box behavior of the OS, and they create financial
incentives for poor products.
And again, calling an education day "personal firewall day" and expecting
the message to make any sense to the masses is just plain silly. It's
like the March of Dimes naming their whole effort "The coping with fetal
alchohol syndrome campaign". It makes no sense in the broader realm
of education, ingnores vast tracts of far more effective information,
and shouldn't the effort be to prevent that specific syndrome?
On the bright side, hopefully with some of the new MS service packs,
this distraction of 3rd party products will slowly dissipate.
Full-Disclosure is hosted and sponsored by Secunia.