Re: ZoneAlarm advert?
To be fair, I don't know how many embedded devices have the hardware to do deep packet inspection. My Drobo doesn't. And it would probably murder battery life on a mobile. CheckPoint can't fix that.
An embedded device doesn't need to do deep packet inspection, it just needs to only respond to what it's supposed to handle and to safely reject everything else. If you send it a packet that is too long then the network stack should discard it without overrunning a buffer, if you send a malformed packet of suitable length then the application should correctly parse it and throw out anything that doesn't make sense. Many flaws are there because the software writer was lazy, or didn't think of all the corner cases and handle them. It was many years before people even really thought about deliberate malicious attacks on software, much error-handling was intended to deal with benign mistakes.
Biting the hand that feeds IT
