RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm

From: JT (ptourvi1_at_twcny.rr.com)
Date: 06/05/03

  • Next message: Darren Reed: "Re: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords" 
    Date: Thu, 5 Jun 2003 00:07:45 -0400

    I don't quite understand here. A user generally has WAY more options/ways to
    make a mistake interacting with Zone Alarm vs say, a Linksys firewall. Yes,
    the user will not know how to flash it, and will not stay up to date with
    any updates, but that's our job anyways. IMHO any auto update feature is a
    problem waiting to happen, which leads you back to having to do/provide the
    update yourself anyways. I understand not all PFWs work like ZA though too,
    but that is the PFW of choice among end users it seems. Does anyone have any
    experience using the Linksys WITH Zone Alarm, does it provide any features
    that either product on their own do not? Thanks for any info.

    JT

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Schmehl, Paul L
    Sent: Wednesday, June 04, 2003 10:29 PM
    To: Robert J. Liebsch
    Cc: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm

    If you understand security, using Outlook/Exchange is not dangerous. If
    it makes you feel better, I can respond from my RedHat box or my OpenBSD
    box or my FreeBSD box. Frankly, I don't really give a rats a$$. I use
    what's handy at the time. They're just tools, and I'm not religious
    about them.

    I'm already on record as saying that I *prefer* a DSL router or "true"
    firewall. I'm just trying to make the point that *for some people* PFWs
    are better, because they're simple to use and understand and they're
    certainly better than nothing, which is what they'll have if you try to
    get them to use more sophisticated tools. Hell, some of our users still
    struggle trying to figure out how a mouse works. I just tell them,
    don't ask me to master physics and I won't ask you to master computers.
    They're just tools to do work.

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    -----Original Message-----
    From: Robert J. Liebsch [mailto:rliebsch@stoneyamashita.com]
    Sent: Wednesday, June 04, 2003 8:57 PM
    To: Schmehl, Paul L
    Cc: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm

    worse than HTML email... Exchange
    *eep*
    I have mixed emotions about making ppl understand security. Users are
    rather stupid by nature.
    Otherwise, I wouldn't have a job.
    I think however, having them use the software and equipment, making
    natural, and letting them
    watch the news and read the magazines, and talk to the clients about
    "oh, that worm/virus/hack,
    didn't affect us.
    I cannot make users understand why they need to change passwords. They
    argue and whine and
    cry alot, but they do change those passwords.
    My wife, my family are not tech savvy folks. But they humor me and they
    take precautions, then
    they patiently listen to their friends and collegues complain about
    virii, ftp and irc servers they were
    unwittingly running on thier systems. Then I get to overhear my family
    say things like "well why don't
    you have a Router/Firewall thingy... it works for me"
    9out of 10, that silly little NAT on the linksys is enough to ward off
    penetrations to home computers, for
    home manual non-reading users.
    Ferrari?!? Um, need a son, or another admin... I don't even own a car
    *grin*

    ----------
    From: Schmehl, Paul L
    Sent: Wednesday, June 4, 2003 6:44 PM
    To: Robert J. Liebsch; Michael Reilly; Kurt Seifried
    Cc: Ben Tyson-Norrman; full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm
    >-----Original Message-----
    >From: Robert J. Liebsch [mailto:rliebsch@stoneyamashita.com]
    >Sent: Wednesday, June 04, 2003 6:45 PM
    >To: Michael Reilly; Schmehl, Paul L; Kurt Seifried
    >Cc: Ben Tyson-Norrman; full-disclosure@lists.netsys.com
    >Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm
    >
    >
    >I have on asbestos underwear, so I am prepared for your flames...
    >
    You should be, since you're using HTML email. :-)
    >
    >However, Because security is inconvenient does not make it
    >irrelevant. You do have your car serviced? You do go see a
    >doctor regularly? You do perform maintenance to your home?
    > ....don't you?
    Yes, but I don't expect my 20 year old daughter to jump in my Ferrari
    and drive it safely either. She drives the Honda Civic, and after she's

    got some experience under her belt and has gone to driving school *then*

    I'll consider giving her the keys to the Ferrari.
    I'd rather have an inexperienced user behind a PFW any day than expect
    them to understand and *properly* implement NAT *and* a firewall. I'd
    rather have them introduced to the concept of security in a way that
    they understand than to shove it down their throats with technology they

    don't comprehend and can't possibly use correctly.
    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Darren Reed: "Re: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords"