EXACTLY!! Sorry to post a one word reply and not trim the fat from this post, but, it's probably one of the best replies to this whole thread, and worth a second read!
Thanks, Ron DuFresne On 15 Jan 2004, Kenton Smith wrote: > These have got to be trolls. This is the most pathetic argument I have > ever heard for not using security products. > The software we use is bad and inherently insecure, people don't know > what they're doing. Therefore the only solution is to open it all up and > wait for the software vendors to fix all the software problems. That's > the b*llsh*t. > I know most of the people on this list don't have time for anything but > themselves so I don't expect you to pay any attention to something like > this. You just stay in your holes and keep looking for vulnerabilities. > I know when everyone eschews personal firewalls as these brilliant posts > suggest, your jobs will become much easier. > Some of us actual believe (because we've seen proof) that a little > education goes a long way. Instead of using your vast knowledge to tell > people the weaknesses in these products, why don't you take a few > minutes out of your valuable time to show people how to use one > effectively? > > This is just another example of what a waste of time this list is > becoming. Many of the people on here care nothing about security, they > only care about berating everyone else and the choices they make (and > I've fallen right into their stupid trap). > > Kenton > > On Thu, 2004-01-15 at 05:55, Erik van Straten wrote: > > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>: > > > We hereby reject this utter horseshit unreservedly. > > > > Agreed - when it's intended to "protect" aunt Annie's Xmas present. > > > > It just makes NO SENSE to have PC's listening on lots of ports, by > > default on any interface, and then add a PFW to prevent anyone from > > accessing them. > > > > (much like building a wall in front of your house because your doors > > and Windows(TM) have broken locks). > > > > In particular because most Annie's have no clue what IP is, and > > undesired egress traffic easily bypasses PFW's (if the malware hasn't > > shut down the darn thing right away). > > > > Classic PFW = Snake Oil: http://www.samspade.org/d/firewalls.html > > > > If Annie's weren't members of Administrators, and members of > > Administrators would not have access to apps like IE and OE, and > > WindowsUpdate would not require admin privs to download, and there > > wouldn't be so many privesc sploitz, and the FS and registry would > > have much tighter perms by default, PFW's *would* make sense - for > > blocking undesired egress traffic. > > > > That is, provided that the PFW reliably starts before net I/O is > > possible, runs in "Safe Mode With Networking", and is not crowded > > with bugs itself. > > > > Cheers, > > Erik > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
