RE: [OFFTOPIC] Zone Alarm

["Schmehl, Paul L" <pauls () utdallas edu>]

Off course you're right.  My point, which I obviously made ineptly, is
that *everything* must be patched at some point, so the idea that you
install a DSL router and just forget about it was what I was trying to
get at.  There *is* no panacea for security.  It's an ongoing,
never-ending process of checking and rechecking and rechecking again to
make sure that there aren't any known holes in your defenses.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Thursday, June 05, 2003 3:09 PM
To: Schmehl, Paul L
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] [OFFTOPIC] Zone Alarm 


On Thu, 05 Jun 2003 10:17:57 CDT, "Schmehl, Paul L" <pauls () utdallas edu>
said:
> I wasn't going to respond to that because it was so patently obvious, 
> but since you did, I'll append this note - I have flashed my DSL 
> router three times since I bought it.  I've had it for about a year.  
> (It's not a LinkSys or a NetGear router.  It's an SMC Barricade.)
>
> In case anyone hasn't noticed, you have to patch some systems almost 
> daily - RedHat, for example, Windows obviously, etc., etc.

On the flip side, let's compare apples to apples, shall we?  Unless your
DSL Router also has Gnome and OpenOffice and 693 other .rpms installed,
the RedHat is getting patched more because there's more stuff.

How about comparing how often you have to update your DSL router with
how often you have to update the corresponding code on a RedHat box
(say, the networking parts of the kernel, iptables/iproute, maybe
iputils and parts of initscripts)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html