[60592] in North American Network Operators' Group
RE: Microsoft to ship new versions with firewall enabled
daemon@ATHENA.MIT.EDU (Drew Weaver)
Thu Aug 14 13:04:43 2003
From: Drew Weaver <drew.weaver@thenap.com>
To: 'Scott McGrath' <mcgrath@fas.harvard.edu>,
'Greg Maxwell' <gmaxwell@martin.fl.us>
Cc: "'Eric A. Hall'" <ehall@ehsco.com>,
'Sean Donelan' <sean@donelan.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
Date: Thu, 14 Aug 2003 13:25:29 -0400
Errors-To: owner-nanog-outgoing@merit.edu
ipchains and similar firewalls are indeed far superior. I manage "real"
firewalls as part of my responsibilities.
However the new microsoft policy will help protect the network from Joe
and Jane average who buy a PC from the closest "big box" store and hook it
up to their cable modem so they can exchange pictures of the kids with the
grandparents in Fla. This is the class of users who botnet builders dream
about because these people do not see a computer as a complex system which
_requires_ constant maintenance but as a semi-magical device for moving
images and text around.
----
I don't believe that many people really see ipchains as a real viable
firewall. I think it is awesome, but in many corporations simply mentioning
it gets you a stern eyeing. Of course these corporations can spend tons of
money on Checkpoint and PIX boxen.
-Drew
