Re: [fw-wiz] How to Save The World
From: Marcus J. Ranum (mjr_at_ranum.com)
To: email@example.com (Frederick M Avolio), firstname.lastname@example.org Date: Mon, 13 Dec 2004 10:09:29 -0500
Frederick M Avolio wrote:
>Can you buy such a thing? I know that early AV software did that. Is
>there anything we can buy today that will do this?
There are a few products out that do this. Citadel has a pretty cool
package "SecurePC" (http://www.citadel.com/securepc.asp) that's
designed for kiosk applications. I've considered using it as a lock
down tool for my laptop but the tool is a bit more "enterprisy"
than I need. I think it's designed for locking down ATMs and
stuff like that from a central point. What I want is something that
has a ZoneAlarm-like "smart interface" that lets me reverse-engineer
a policy over time.
YES, ATMs run Windows inside. Another example of the kind of
pervasive IT stupidity I was referring to, earlier. Rather than run
a custom locked-down minimized O/S it runs a full Windows
distro that has been locked down with a layer of software. Why?
Because it's too much work to develop a new video player rather
than use Windows Media Player, etc, etc. So rather than spend
$400,000 to own a solution that's "done right" corporate IT would
rather pay $150/ATM for a turd, and millions of dollars in turd
polish to overcome the flaws in the turd. And, of course, turd
polish is a recurring expense whereas just doing it right the
first time is a gift that keeps on giving.
firewall-wizards mailing list