Full Disclosure mailing list archives
Re: Trustworthy Computing Mini-Poll
From: "yossarian" <yossarian () planet nl>
Date: Sat, 28 Dec 2002 13:51:06 +0100
Palladium will have an option to turn certain features "off", says MS, so you can run programs deemed untrusted, outside the sandbox. If there is a mechanism to turn features off, they differ from TCPA, that is mandatory.
Sounds great, doesn't it? What would you choose: 1. Run without Palladium, but your MS Office, IE and Windows update might not work since your computer is considered insecure. 2. Active Palladium.
I think i might run w/o Palladium - and search the net for cracked windows updates, they are availale now, so why should'nt they be in the future? I never thought it useful upgrading to a newer office since 2000, so why should I do so in the future?
The only thing unclear for want of funcspecs is if I will be able to take files out of the sandbox. If they want to make the systems 'backwards compatible', there must be such a feauture.
If the system is backwards compatible, what's the point with Palladium? It's like the "improved security" of XP or .NET server: they still use the NTLM-hash so LC still works.
Let's turn the question around a bit: if it is not backwards compatible, how am i going to upgrade a 150.000 usr network? This answers your question on XP and .NET as well - getting secure means big bang migrations. But these are rarely feasible. So there must be a backwards compatability on some levels, such as network authentication, which can be turned off later. Of course, we forget, but we can't blame MS for that. Same goes for Palladium, a system msut not only be secure, it should be useable, including during migrations. /Yossarian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Trustworthy Computing Mini-Poll, (continued)
- Re: Trustworthy Computing Mini-Poll Ron DuFresne (Dec 20)
- Re: Trustworthy Computing Mini-Poll Bruce Ediger (Dec 20)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 20)
- Re: Trustworthy Computing Mini-Poll yossarian (Dec 20)
- Re: Trustworthy Computing Mini-Poll Thomas Sjögren (Dec 21)
- Re: Trustworthy Computing Mini-Poll Georgi Guninski (Dec 22)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 22)
- Re: Trustworthy Computing Mini-Poll Peter van den Heuvel (Dec 22)
- Re: Trustworthy Computing Mini-Poll Bruce Ediger (Dec 23)
- Re: Trustworthy Computing Mini-Poll Georgi Guninski (Dec 23)
- Re: Trustworthy Computing Mini-Poll Thomas Sjögren (Dec 29)