Apologies for the anonymous. I think people focus too much on the existance of hackers - of course they are to blame, sort of why we are forced to have police because people break laws. They are a natural product of human curiosity and schedenfraude, though, and I can't imagine a universe in which a computing environment would have evolved without them. Less effective ones, maybe - or maybe much smarter ones, depending on how you look at it.

The "Rape" analogy has been used before with computer security and I'm not sure I completely agree. I liken it more to someone unwilling to accept danger. For instance, I prefer an analogy like someone driving a motorcycle at high speed on the highway and when he falls he cracks his head open because he didn't use a helmet. Society would blame the increased injury on his refusal to wear a helmet, even if the crash wasn't caused by the motorcycle rider.

That said, I think people rely on firewalls TOO much. The application is still the basic hole in the armor. But people like centralized management of security because people can't manage hundreds of application spread over thousands of nodes. Firewalls are easy to centralize, therefore, they are the silver bullet in the eyes of most people.

Windows XP sp2 now has firewall built in - I can count on the fingers of my hand the number of people who have even bothered to remotely consider how to properly configure that fireawll without just turning it off so they can use their applications because they do not care ('its not their job') to understand how firewalls work.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/32042#32042