> Though i think people who buy Checkpoint stuff are somehow non-representa=
> (i think if one tried that with, say, Cyberguard, we'd see completely
> different picture) the results are still scary. Damn scary. That means 80=

> firewalls could be thrown off with no further harm to security.

I've been meaning to stay away from this fun, but [by far] too bigoted
discussion, but this spiked my curiosity. What't wrong with Checkpoint
[in this context]? I have a sneaking suspicion that its the pretty
GUI. Am I correct?

However, I suspect that a "pretty GUI" is a reasons the results for
Cybergard (or, iptables, for that matter) will be way more horrendous.
A well-designed and intuitive rule UI will likely work to reduce the
errors made by the admins thus, indirectly, incresing security and the
value of a firewall.

On a related note, I was shocked when I've heard that some org was
choosing an anti-virus (from all things!) based on its management UI
intuitiveness, but it does make sense on some level: bad UI -> admins
hate the product -> its not used / not configured right -> security

Thus, "pretty UI" =3D "higher security" :-)

Fight on! :-)

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org
firewall-wizards mailing list