Firewalls: Re: RE: NT Firewall

Firewalls
(October 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: RE: NT Firewall
From:	jim @ SmallWorks . COM (Jim Thompson)
Date:	Sun, 29 Oct 1995 14:12:33 -0600
To:	buster @ klaine . pp . fi, scanner @ jurai . net
Cc:	firewalls @ GreatCircle . COM, markly @ ci . riverside . ca . us, tli @ cisco . com

> Just a piece of logic here. NEVER trust an OS you dont have the source 
> for. :) That should solve the little NT dispute right there. 

Sorry, that just isn't going to cut it.  I like Unix about as much as
the next guy on this list (hey man, I sell product that sits on top of
it), but your suggestion isn't practical for a number of reasons.

First, the OS vendors just aren't going to get in the habit of giving
you source.  Can you buy source from SunSoft for Solaris?  Yes.  Are
you *sure* that it has the same bits that come on the binary version
of the CD that SunSoft sells you?  Not really.  (Speaking from
experience here.)

Second, trusted computing doesn't really have much to do with being
able to read the source (either with your eyes, or with a compiler.)
The problem is just too big.  A review of the trojan horse that Ken
Thompson (no relation) installed in the login path (I forget if it was
getty or login) way back may serve as sufficent example.  The trojan
horse was in yacc (or was it lex?), and the command (yacc or lex)
'knew' when it was compiling login, and dropped a bit of extra code in
the resultant binary.  If you go ask the folks who are 'into' these
kinds of things, you'll find that they can't even programaticly
'prove' a program correct, or that it doesn't have side effects that
would have an adverse effect on security.

Microsoft has a lot to loose if it sells NT as a secure OS, and then
fails to deliver in a meaningful way.  Some large organizations
(corporations) *believe* in NT, and *believe* in 'Bill'.  If he drops
them on the floor by failing to deliver on a promisse, they will all
act as jilted lovers, and turn their backs on Microsoft at the first
opportunity.  There are also a large number of smart folks that stand
ready to expose any chink in the armor of Microsoft.  A major security
flaw will get a helluva lot of press.

I find the whole discussion a little disconcerning.  There are just
too many variables.

  Can you get source for NETBsd/Linux/BSDI?  Yes.  Do they offer the
  features you need?  Maybe.  Does NT?  Maybe.  Can you roll your own
  firewall?  Maybe.  If you purchase a firewall product, can you get
  source?  Maybe.  (You can from us, for example.)  Is it cost-effective
  to roll your own?  Maybe.  Will your boss think so?  Maybe.  Will it
  forward packets at T3 rates?  Probably not.  Do you care?  Maybe.

Jim

p.s. I'm sure someone will soon correct me on the above-referenced
trojan horse example.

Follow-Ups:

Re: RE: NT Firewall
From: Scott Barman <scott @ Disclosure . COM>
Re: RE: NT Firewall
From: Phil Howard <phil @ colt . milepost . com>

Indexed By Date	Previous:	Re: RE: NT Firewall From: Tony Li <tli @ cisco . com>
Indexed By Date	Next:	RE: response to questions regarding Rapt From: dcarter @ inmar-inc . com (Carter, David)
Indexed By Thread	Previous:	Re: RE: NT Firewall From: David Jobes <renegade @ Onramp . NET>
Indexed By Thread	Next:	Re: RE: NT Firewall From: Phil Howard <phil @ colt . milepost . com>