Great Circle Associates Firewalls
(September 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Guaranteed trouble
From: Peter da Silva <peter @ baileynm . com>
Date: Tue, 16 Sep 1997 12:59:05 -0500 (CDT)
To: gaspar @ ms . com (Carson Gaspar)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <Pine . GSO . 3 . 95k . 970916122307 . 12039B-100000 @ vulture> from "Carson Gaspar" at Sep 16, 97 12:29:26 pm 
> Ah. That's the problem. You _should_ be asking for better software. Virus
> scanning on firewalls already exists (although it's a performance pig, and
> can't deal with everything, and - well - you know the rest). The firewall
> is just the _wrong_ place in the data model for this kind of thing. It may
> be the expedient place (and frequently is), but the "correct" solution is
> to stop such things the only place that has access to the unencrypted,
> undecoded, unmangled document - the user's machine.

<bofh>
By running software that doesn't execute untrusted code whenever you start
up a text editor, read mail, or view a web page, right? By using operating
systems that don't assume that users have to have write access to system
files, right? Virus checking is just the _wrong_ place in the data model for
this kind of thing.
</bofh>
References:
Indexed By Date Previous: Re: access for remote users through the firewall
From: David Lang <dlang @ diginsite . com>
Next: Re: Info on Cisco Pix
From: Paul Ferguson <ferguson @ cisco . com>
Indexed By Thread Previous: Re: Guaranteed trouble
From: Carson Gaspar <gaspar @ ms . com>
Next: Re: Guaranteed trouble
From: harley @ icrf . icnet . uk
Google
 
Search Internet Search www.greatcircle.com