>>>>> "Russ" == Russ <Russ .
Russ> What do you think when "another" one of your faithful Unix-based
Russ> Firewall vendors goes out and implements their product on
Russ> Windows NT?
I think that it's a company that's run by marketing and business
types, not engineers.
Russ> Checkpoint doesn't just implement their GUI on NT,
Russ> they've implemented their entire product suite (see
Russ> http://www.checkpoint.com/press/ntrelease.html ). Seems they
Russ> must have figured out whatever your didn't like about NT's
Russ> TCP/IP stack, or, as anyone could, replaced it with one they
Russ> were happier with.
Or caved to nonsense marketing pressure.
Russ> "With FireWall-1 on Windows NT,
Russ> corporations evaluating Windows NT can feel more confident about
Russ> implementing enterprise-wide Intranet and Internet security
Russ> using Windows NT." According to IDC, the number of Internet and
Russ> Intranet servers based on Windows NT will increase more than
Russ> twelve-fold in 1997 from 1995, and will overtake servers based
Russ> on UNIX operating systems by 1999."
Let's see, didn't IDC also predict something like 12 quadrillion units
of Winblows 95 would be sold by year end at first, only to reduce
Who cares what IDC says? IDC is not a security organization. They
are not engineers. They are in no position to tell anyone what is a
Good Thing or Bad Thing for a firewall.
How useful is Windows NT if Microsoft cripples its "workstation"
version to support only 10 TCP sessions (even if only by license)? NO,
says Microsoft, you can't use *that* product, you need the $1000 copy
of NT, which also includes IIS and all kinds of great and wonderful
things to run on your bastion host.
'Hey! So what if there's security problems in 3.51? Patch? No patch!
Upgrade to 4.0, give us an extra $500, and we'll fix that problem. No,
there won't be any others. We swear. Look, our browser is secure, too!'
Russ, and every other NT zealot out there needs to calm down and quit
getting a stiffy every time that some suit-wearing, 8-5-working,
industry-analyzing, helpdesk-calling, gobbledegook-speaking,
Microsoft-worshipping ding dong says "Hey, this NT is good stuff!"
We talk about firewalls on this list, and there are plenty of reasons
not to use NT for firewalls. In some organizations, they'll do it
anyway, deciding that the level of risk associated with such behavior
is acceptable for their organization. Others will blindly go
goosestepping along to the empty sayings of mushy-headed "consultants"
who pretend to know what they're talking about.
A proprietary operating system can *never* be a better solution than
an open one where security is an issue. Without the ability to look
under the hood, you forfeit the ability to see what's going on and
make intelligent evaluations. And then, you're at the mercy of your
Live Free or Die.
C Matthew Curtin MEGASOFT, LLC Chief Scientist
I speak only for myself. Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet