On Thu, 12 Oct 2000, Daniel Baldoni wrote:
> Two questions which keep cropping up on the list are:
>
> Which firewall product is best?
> Which is better - A or B?
Neither of which are appropriate questions, because they're missing "for
my environment and risk level."
> What do people think about setting up a members' opinion page listing the
> products they've used? (I'd be willing to host it on my site - but I should
> point out that it's at the end of a slow link.)
I think that people are ill-served by choosing critical security
infrastructure by opinion poll. Keeping information up-to-date is a
nightmare, and requires advocates. Keeping vested interests out is also a
full-time proposition, or you risk badly skewed data. One good
disinformation campaign...
Rather than giving people answers which may not be appropriate for their
environment, we should teach them how to evaluate for themselves. The
end-game is significantly better than "Vote for ZoneAlarm[1], everyone
runs it and it's free!"
Having seen some of what goes into producing even a "standard feature
comparison" from vendors in our Annual Firewall Buyers Guide, what passes
for popular conceptions of product bugs, and people trying to track
version issues with most of the firewalls on the market, I think it's not
a thing that's easily done well. That's likely why those particular
questions aren't answered in the Firewalls FAQ (the current and past
maintainers can correct me if that's a mistaken assumption.)
> If properly maintained, it could be an invaluable resource containing lists
> of gotchas for various products and/or versions of products, interoperability
> issues, etc. I imagine it to be a "place" where list members can submit
> their opinions (no commercial input from the "big boys") - with "majority
> rules" (to prevent "invisible commercial input").
If you've ever tried to do Web-based stuff that makes an even playing
field out of the results, you'll find that it's not trivial and easily
surpassable. One AOL account, Hotmail and some perl break almost anything
that's trivial enough for most people to want to use.
That said, it's the Web- build it if you like. Just don't expect not to
take some incomming fire for it. Hopefully that fire won't include
incomming lawyers from mis- or dis-information.
Paul
[1] ZoneAlarm isn't a bad product, and it's very popular, it's just not
something I'd want to choose as a primary control to protect a hospital
with network-attached diagnostic and patient scheduling systems running
on an AS/400. It's also probably not free for business use.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
