On Mon, 25 Mar 1996 mdr @
> I understand. And I feel for you. But on the other hand, I think
> that KMG's reaction does represent a perpertual question w.r.t your
> product's implementation. The question is: what have you done to
> address the problem? Booting off DOS and taking over (if that's what
> you do) is certainly a viable approach. But it needs to address host
> security to guarantee for example that the binaries that you boot have
> not been modified. It also needs some method of monitoring its own
> operation. That's not easy. Your application may start looking like
> an operating system, and then we're back to OS security again.
Many good points on all sides, except perhaps for the OS-jihad that grew
out of this ...
There is room for a range of firewall products - not everyone needs, or
can afford, some of the levels of protection that are available. Just
because one cannot afford the best locks around, two armed guards, and
closed circuit t.v. doesn't mean that the door should be left unlocked.
This is not an all-or-nothing proposition.
There seems to be a tremendous market out there for a relatively simple
system that can protect somewhat lax host-security on the inside from
"most basic" efforts from the outside (drawing the line at
play-in-the-middle attacks and such). While this is admittedly poor
security practice, it is a market-driven occurence. Many new sites are
connecting every day, and they are looking for basic "car alarm" security
- won't keep out the professional, but "better than nothing." This is
probably not going to change any time soon, unless a major exploitation
occurs that manages to attract attention well beyond the IS community.
Many of these sites can scarcely afford a full-time, qualified sys.
admin, let alone dedicated infosec pros. A system that can do the basics,
is self-contained ("firmware") and runs on a platform that these people
understand would seem to have a niche.
I'm sure everyone's products have room for improvement. Isn't that why
we're all here?
p.s. Thanks for the info, Mark. Informative, as always.