Re: [fw-wiz] Personal Firewall Day?

From: Gary Flynn (flynngn_at_jmu.edu)
Date: 10/07/03

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Personal Firewall Day?"
    To: "Marcus J. Ranum" <mjr@ranum.com>
    Date: Mon, 06 Oct 2003 21:41:24 -0400
    
    

    Marcus J. Ranum wrote:

    >But we're
    >addicted to general purpose computing because we (mistakenly)
    >perceive a need to upgrade system components in order to save costs
    >over time. We also ae addicted to general purpose computing because
    >our software base is so buggy that we need to upgrade software
    >components constantly in hopes of finding something that doesn't
    >crash.
    >
    I think we're addicted to general purpose computing because of its
    versatility,
    freedom, and associated potential to innovate. Indeed, GP computing itself
    rather than some specific implementation of it, may be our monoculture.

    We've forever been able to download some "neat new tool or app". Therein
    lies the problem. Today, there are a lot more malicious "neat new tools and
    apps". Today there are a lot more tools to exploit the increasing
    complexity
    and defects found on today's desktops and infrastructure.

    Who would have thought ten or fifteen years ago that today's common
    consumer desktop would have dozens of background services running,
    including several that open listening ports on the network?

    But the problem isn't entirely with the platform. There are a lot more
    naive,
    overwhelmed, paranoid, exploitative, and uncooperative individuals
    connected
    to our world wide network. A network that not too long ago was nowhere
    near as accessible or commonplace. And with that increasing population and
    associated increase in usage, has come motivation for evil doers - money,
    fame, and worse.

    >General purpose computing also brings gigantic hidden
    >costs in terms of system administration and GP systems vulnerability
    >to trojans and viruses. Reverting to a monoculture would actually help
    >us address a lot of these issues.
    >
    I'd have to agree with that but the nature of the machine would have to
    change drastically. I pondered this in the first wave of DDOS attacks in
    2000:

    http://falcon.jmu.edu/~flynngn/whatnext.htm (currently down but its cached
    through the magic of Google)

    I'd even go so far as to say that such a machine would be adequate for the
    vast majority of consumers. However, those machines would be significant
    impediments to innovation and growth. While we might consider HTTP and
    IMAP base functionality today, they weren't around a decade ago. I have
    to wonder whether we would have had the explosion in growth and
    functionality we've experienced if the installed base had to have ROM
    upgrades or complete replacement to support new standards - HTTP,
    IMAP, SSH, SSL, IPSEC, multicast, IM, etc. Shoot, it wasn't too long
    ago that TCP/IP stacks were add-on software. Growth, fluidity, and
    change have always brought some growing pains. Unfortunately, I don't
    think we've seen the worst of what is to come.

    Certainly, the platform has to change to improve today's situation. But I
    don't think we'll see universal, GP platform improvements that will solve
    the problems. The nature of a GP computer is inherently unsecure in the
    hands of untrained individuals in a hostile environment. And the
    Internet will
    need to be considered hostile as long as its world-wide, unauthenticated,
    and freely accessible. Perhaps what we need instead is a range of devices
    with a range of functionality to be used in appropriate situations.
    Maybe that
    is what we're beginning to see with handhelds, phones, and home
    entertainment systems increasingly taking on data communications and
    applet capabilities. But, of course, the closer they get in functionality to
    a GP computer....

    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Devdas Bhagat: "Re: [fw-wiz] Personal Firewall Day?"