Microsoft recently announced its campaign to "secure the perimeter" of Windows networks. We conducted a poll about Microsoft's campaign that asked the question, "Do you think Microsoft's 'Secure the Perimeter' strategy will significantly reduce the company's security problems?" The vast majority of respondents answered "No, Microsoft needs to address the underlying security of its products."
The impetus for securing the perimeter is obvious: If the perimeter is well secured, intrusion into vulnerable Windows systems is less likely and the stress on network administrators, the businesses they work for, and of course Microsoft's overall reputation is reduced. Interestingly enough, part of Microsoft's campaign to secure network perimeters involves securing machines that are inside the perimeter. The company plans modifications for Windows XP in the upcoming Service Pack 2 (SP2) that will make the built-in Internet Connection Firewall (ICF) technology more manageable--which might make administrators more inclined to use it.
How many people use ICF technology now or might use it in the future is unknown. What is known is that a huge number of people rely on third-party desktop firewall products to protect their systems, especially mobile computers and pre-XP systems. Such products are typically more powerful than XP's built-in ICF, and Microsoft doesn't provide any kind of reasonable firewall technology for any Windows version earlier than XP.
Even though many people use desktop firewall technology, many more Windows users probably don't. If they did use personal firewalls and locked them down properly, we wouldn't have to endure such nuisances as the MSBlaster worm, which affected hundreds of thousands of Windows systems around the world. An effort to get as many people as possible to load desktop firewalls would benefit everyone because Windows is buggy and has long remained the favorite target of large-scale attacks.
One way to help expand the use of desktop firewalls is by spreading the word about how important they are. At the recent NTBugtraq conference in Canada, Paul Robertson (moderator of the firewall-wizards mailing list) discussed the possibility of a "personal firewall day"--a 1-day blitz aimed at enticing users everywhere into obtaining and installing personal firewalls.
Whether such an effort would work remains to be seen, but the idea seems useful. NTBugtraq moderator Russ Cooper has put together a Web page (see the URL below) that contains a list of personal firewall software products and is working with Robertson to further develop the "personal firewall day" idea. Cooper said that we can expect more information about the project in the near future. Meanwhile, Cooper intends to conduct a poll to see which personal firewall products are the most popular.
Public participation would obviously be necessary for the "personal firewall day" to succeed. If you're interested in the idea, be sure to read the NTBugtraq archives to watch for more details as they become available.