Full Disclosure mailing list archives

Who's to blame for malicious code?

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 20 Jan 2004 12:53:12 -0600

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Tobias Weisserth
Sent: Tuesday, January 20, 2004 11:42 AM
To: Mary Landesman
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Anti-MS drivel

This is too easy. It's the same with guns. People always 
blame the people who pull the trigger but the fact that guns 
are soooooo damn easy to get, even for minors doesn't startle 
a soul...

This is a ludicrous argument.  Do you seriously believe that if all guns
suddenly disappeared that murders would cease????  But this is
completely off topic, so I'll leave it at that.

Returning more to the topic at hand, I agree with Mary that the writers
of malicious code are to blame for much of the present problems, but I
also think users must take some responsibility as well.  So should the
writers of software.  It's been proven conclusively in the US, IMNSHO,
that you cannot legislate good behavior, no matter how much the
politicians try, mostly to society's detriment.  All the warnings in the
world won't stop some idiots from flying to Nigeria to pick up their
commissions, and all the security in software that you can possibly
design in won't stop some people from doing stupid things that
compromise their machine, *regardless* of how well designed it is.  You
need only look at the number of compromised Unix machines worldwide to
realize that the OS isn't the problem.

In a perfect world, no one would write malicious code, and the OS you
use wouldn't matter at all.  But we don't live in a perfect world, do
we?  Yet, no matter what OS you use, you can find *someone* whose
machine is compromised.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 20)
  - Re: Who's to blame for malicious code? Paul Schmehl (Jan 20)
    - RE: Who's to blame for malicious code? Steve Wray (Jan 21)
    - Re: Who's to blame for malicious code? Ron DuFresne (Jan 21)
    - Re: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- <Possible follow-ups>
- Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
  - RE: Who's to blame for malicious code? Brent Colflesh (Jan 20)
- RE: Who's to blame for malicious code? Schmehl, Paul L (Jan 21)
  - RE: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
  - Re: Who's to blame for malicious code? Vlad Galu (Jan 21)

(Thread continues...)