Re: The Morris worm to Nimda, how little we've learned or gained

["Richard Johnson" <rdump () river com>]

At 13:44 -0700 on 1/3/02, Marcus J. Ranum wrote:
> I can tell you a few of the indicators that I'm looking for which will indicate
> that progress is about to be made in security:
> ...
> 3) The first time customers place and enforce a puchase ban on a software
>         product notorious for insecurity and unreliability
> ...
> Note that not only do I see no sign of the above happening, I see signs in
> the industry and community that steps are being taken to _prevent_ some of
> the above. Most notably #5 and possibly #3.


Some organizations have made progress on #3.  Outlook and Outlook Express came close to being banned at ucar.edu due to 
the severe time drain caused by always having to clean up after the latest Outlook-enabled virus.  Sadly, the 
entrenched convenience argument was used in conjunction with the lack of enforceability cop-out to water the ban idea 
down to a "we disrecommend the use of Outlook and Outlook Express."


> I expect to be dead of old age (at a healthy age, mind you!)
> before major progress in computer security is widespread.


I'm hoping to live long enough to see Outlook banned, or fixed so it doesn't deliberately conflate the user's desire to 
"open this data so I can look at it" with "execute all the malicious code in this worm message."

In the meantime, it's virus scanner time.  Sheesh, what an ineffectual cop-out.


Richard


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards