"yellow submarine" <I
_want no spam> wrote in
news:HDceb.37487$ hlink.net:
> Norton firewall sent it from their site.
<big snip>
Read this:
<http://www.samspade.org/d/firewalls.html>
Especially this bit:
"Why is an end user going to buy / register / upgrade their 'personal
firewall'? They're not going to do so if they don't perceive any benefit
from it. If it were a properly written application that just sat there,
doing its job quietly in the background, users would forget it was there.
But if it pops up warnings about 'attacks' all the time then it's clearly
Doing Something. Most of those warnings are entirely frivolous - normal
network traffic. And the remaining few... well... if the 'personal
firewall' has protected your system from the supposed 'attack'... why do
you care about it? You're safe from that supposed 'attack', right? So why
pop up warnings and alerts? To make you feel you're getting a service
from this program and so you'll pay for updates or 'Pro' versions."
And this bit:
" Turn off all the alerts and logging - you'll just waste your time (and,
more importantly to me, my time and the time of other network
administrators your complaints go to) increase your blood pressure and
provide no benefit to you. If you really want to leave them turned on and
see where traffic is coming from, feel free, but remember that most of
the traffic you see is harmless, and that even if it isn't harmless it
can't affect your system (if it could, it wouldn't be logged). Oh, and
try not to waste admins time with frivolous complaints.
"But, but, but reporting these alerts to network administrators will help
them catch crackers!"
Uhm, no. I know a whole bunch of network security and abuse staff. The
response to any complaint with ZoneAlarm, BlackIce etc logfiles in it is
to close the ticket, usually with an annotation like 'GWF' (Goober with
Firewall). 99% of those reports are frivolous, about normal network
traffic. In the remainder of cases there's nowhere near enough data in
the logfiles to provide any idea of why the end user is upset. If you
send frivolous complaints that just wastes the time of the staff
receiving them and prevents them from handling real security issues. How
do you tell if a complaint is frivolous? If the sender doesn't understand
basic networking, it's almost certainly frivolous. If the sender is
complaining based on 'personal firewall' logs, it's definitely frivolous.
The abuse desk staff I talk with hate users of 'personal firewalls' more
than they hate spammers. That should tell you something about how useful
your complaints will be."
----
Did you read it?
Similar Threads
