Volker Kindermann wrote: >>Fact is, the posts that are most harmful don't come across as "y0ur >>pr0dukt sukz", they are carefully written by intelligent folks who >>insert their lies into coherent sentences. Even with an equally >>intelligent statement refuting it by the vendor, there is no real way >>for a 3rd party observer to know who is telling the truth. > > > In this case it should be easy for the vendor to provide a trial version > to show all interested clients the capabilities of the product. > > David, don't get me wrong, but I've made the experience over the years > that mostly the vendors are telling lies about their products, not the > users. Not to mention that other users of said product will come out with their own experiences. There's a very good possibility that if someone were to come out with a lie, bit of misinformation, or otherwise incorrect statement put forth as fact regarding a product, that another user of said product would correct them publicly. The security community isn't all THAT big, and most of it is on at least some securityfocus lists, it seems. I'd be very surprised if there were a product which no one or only one person here had experience with. Especially a commercial product, considering that oftentimes professionals will evaluate multiple products before making a purchase, hence giving them the ability to make at least mostly accurate testimonials to those products. I usually check out at least 10 options when I want to implement something new, and test at least 4 or 5 of them before shelling out money (or even just time in the case of free software) to implement it in full production capacity. The professionals here will generally police one another on the account of mistakes, and will also correct any incorrect hogwash. And as for opinions, they're simply that. An opinion is an opinion is an opinion. People are entitled to their own, and that's the way it has to be for the world to keep on spinning. In the case of mis-statement of facts though, we enter a much more powerful area - "I think foo's IDS is a pain in the neck to administer" is different from "Foo's IDS has an issue with certain types of packets being caught and identified as belonging to a signature but then not being processed properly or alerts being sent" - the former would make me try Foo's IDS out before sinking money into it, to see if the interface was compatible with my and the other engineers' method of working, the latter would make me far more wary of the product. And now, I'll throw my two cents in regarding accountability and whatnot. Unlike some other people, I seem to actually understand the spirit of the point Al is trying to make. Maybe it wasn't laid out in clear layman's English, but it was easy enough to pick up on if you actually pondered it for a moment and *wanted* to get it. The point is simply this. There is no good reason not to be yourself. It shows a lack of maturity, and leads to a lack of trust. If you're not willing to be honest about your name here (which you most certainly are in other places out in the world, like the department of motor vehicles, or your doctor's, or your employer's) then why should the list trust your opinions or anything that you have to say? Furthermore, as a moderator, why should Al trust you, on behalf of this list? If anyone can find a single good reason not to use one's real name when posting to a mailing list (real employer is different - there're plenty of good reasons not to use that especially in the case of sensitive government security positions), then please feel free to speak on that point. How many people here's real address and whatnot are in the whois information for the domain from which they're sending mail? I'd gather at least a few. - MDH --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jul 11 2003 - 10:54:49 PDT