Putting a "firewall" on the machine that winds up protecting
itself is something of a bad idea. A firewall really wants to
be an entity which has all the packets in the network flowing
past it, where it makes determiniations about them.
Putting this software right on the client machine, espically
a software platform that more resembles swiss cheese than
rock would seem to be fraught with potential problems.
Would this help, at least some? Probably. Proper security
is much more like an onion than a castle wall--oen does
things layer by layer, each hopefully adding something to
the equation.
You might want to tell your users that it isn't likely to hurt,
but also, it isn't likely to be of tremendous help in some
new nasty attack.
I have heard too many people say "we have a firewall! We're
safe!", not understanding that a firewall by definition has to let
certain types of packets though (like http), and as such isn't
protection for a web server. If you can educate people that
this is just one tool in the arsenal of security and not a holy
weapon, then it is likely a win. I still question the effectiveness
of the placement of the tool however.
--STeve Andre' (Political Science computer geek)
On Thursday 16 January 2003 14:15, Cheryl Akers wrote:
> BlackICE personal firewall as sold by the computer store for $5
> Should I recommend it to my faculty users?
>
> Rating?
>
> 1) Better than nothing
> 2) More trouble than it is worth
> 3) If you're going to pay, buy something worthwhile like Zone Alarm
>
> Is the firewall in XP as good as the one in BlackIce for nonserver
> purposes?
>
> Other thoughts?
>
> Thanks
> Cheryl
|