Great offer Argint. Lets wait n see whats gonna happen with this one now !!!
From a personal perspective, I never use the firewall products from the antivirus firms and even Zone alarm in my opinion is a POS...Norton Internet Security, the Mcafee Firewall, and Trend Firewall are designed to provide a basic level of protection (like the windows 2008 firewall, POS as that is too now), while attempting to not cause undue grief to the end user . These products are typically not used by a corporate IT team, but an End user who isn't willing to accept that their app does not work because it doesn't use a well known port and on 75% of SMB and home markets, you can't design your product around allowing ports 80,443, 20/21, and 25 (since many still use smtp email apps) and expect not to get hammered tech support wise.
Sure they can try and build some IPS intelligence into them, but out of the 100+ clients I support, there are always the "Tech Saavy" owners (so they think) who install everything under the damn sun and expects it to work. Only the most advanced IPS systems will work due to the sheer number of poorly written, non standard applications out there.
Hell on my own network where I run ISA Server I typically run into tons of issues with apps not working until I find all the primary and secondary connections alot of the apps I use (or test). If I had to either deal with the popups or allow every application under the sun I'd kill myself...and my clients would probably kill me too.
Long story short, I don't plan on rolling out the firewall to my 100+ clients as I don't need the hassle. In the SMB Market, I allow everything except IRC outbound and deal with the problems on the client side if necessary.
If you are an internal IT supprot at an SMB, and that much control is needed, then use a combination of the AV and Web Filtering (call it cheaper websense) and lock down outgoing traffic at the firewall. You won't miss the software based firewall's.
I have passed your offer/request on to the relevant department.
Hi Rumple - I can see where you are coming from. In our circumstances, I consider all employees as road warriors. They are rarely in a fixed place at any time. With ToPS, the personal firewall represents something I feel we need even at a bare minimum. The central administration of that facility is crucial. We do have a strong policy in not allowing the installation of any software without senior approval.
So, I pretty much know what each machine will have installed and what I can expect to see accessing the internet. I know the firewall isnt foolproof, but I feel happier having it in place due to the way we work.
I know we cannot expect things to change overnight, but we have used the product for 2 years and the managebility of that section in particular has been pretty painful to say the least from the security center. I really imagined at the beginning that this would receive constant review and updating, but not a lot has happened in those two years in that area. Its as much a case of usability. I would suggest they have the information, its just not userfriendly or manageable when the number of nodes increases, in our case 34.
I also agree with your earlier points, if the criticism is done in a detailed way then perhaps people will see the light. I have certainly felt more than frustrated, last year I through my heart and soul generating bug reports, screen grabs, detailed explanations.Obviously they have to consider impact of changes, but the firewall section needs serious thought and consideration, I have tried to outline very clearly in another thread my main concerns
I feel somewhat heartened that you have had a positive conversation with the appropriate people. I had a similar call last year and felt sure something might happen.
So - lets all be polite, detailed in our suggestions from real world use, and hope for the best???
lol. The representative, of course, would have to by me a beer.