Re: How to Save The World

["Marcus J. Ranum" <mjr () ranum com>]

Frederick M Avolio wrote:
> Can you buy such a thing? I know that early AV software did that. Is
> there anything we can buy today that will do this?

There are a few products out that do this. Citadel has a pretty cool
package "SecurePC" (http://www.citadel.com/securepc.asp) that's
designed for kiosk applications. I've considered using it as a lock
down tool for my laptop but the tool is a bit more "enterprisy"
than I need. I think it's designed for locking down ATMs and
stuff like that from a central point. What I want is something that
has a ZoneAlarm-like "smart interface" that lets me reverse-engineer
a policy over time.

Side-note:
YES, ATMs run Windows inside. Another example of the kind of
pervasive IT stupidity I was referring to, earlier. Rather than run
a custom locked-down minimized O/S it runs a full Windows
distro that has been locked down with a layer of software. Why?
Because it's too much work to develop a new video player rather
than use Windows Media Player, etc, etc. So rather than spend
$400,000 to own a solution that's "done right" corporate IT would
rather pay $150/ATM for a turd, and millions of dollars in turd
polish to overcome the flaws in the turd. And, of course, turd
polish is a recurring expense whereas just doing it right the
first time is a gift that keeps on giving.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards