Full Disclosure mailing list archives
Re: Anti-MS drivel
From: Tobias Weisserth <tobias () weisserth de>
Date: Tue, 20 Jan 2004 21:53:54 +0100
Hi Mary, Am Di, den 20.01.2004 schrieb Mary Landesman um 20:13:
not lose your keys on purposeDoes anyone lose their keys on purpose? :-)
If you've got a stupid insurance company... :-) I don't know?
As I stated originally, you can reduce the risk but you can never alleviate it entirely. Windows can be broken, locks can be picked, heck, use a chainsaw and you can slice right through pretty much any part of it. Of course, it requires physical presence which raises the risk of being caught, hence it's not very likely. Conversely, using the Internet to anonymously launch exploits is pretty much risk-free - some might argue it's ideally suited to the cowardly criminal. Sometimes smarts plays a part, but never guts.
We all agree that the people behind these attacks are the bad guys. But we can't change them, we can't eradicate them. We have to live with them. The one thing we can change though is accepting or not accepting the way vendors ship software. Opportunities make thieves. If you leave your door open you mustn't be surprised if that Van Gogh is gone when you're done with shopping. No insurance would cover the loss of that picture if you didn't lock the door. So in fact, although someone else has committed the crime, the loss of the Van Gogh is YOUR fault. YOU didn't lock the door. YOU created the opportunity. What I'm criticising here is the amount of senseless opportunities MS has created over the past years. Nothing else.
Now, MS has made bad decisions but they are not unique in this regard.
That's not what I said. But they have a unique impact. Up to now they rule the consumer OS market with more than 90% market share. Any error they make regarding default settings in their OS affects 90% of all end consumers. It is impossible to require that many customers to adapt. Rather the vendor has to adapt. This is only logical.
They certainly have more at stake, given the numbers of users, thus their bad decisions tend to be very high profile.
Well seen.
I suspect that when and if they achieve their Trusted Computing goals, many of the same anti-MS folks will shift their focus to complaining about the privacy and censorship issues it brings to the table.
You still haven't understood. Trusted Computing won't bring us security as long as basic philosophies like "secure by default" and "opt-out of security" haven't been accepted by MS. Having an open RPC port in a consumer OS that can be exploited ISN'T solved by putting a personal firewall in front of it. The flaw is still there, may it be hid by an additional layer of software (which itself can contain flaws). Trusted Computing will worsen matters actually. Not only from the privacy point of view, also from the security point of view. No matter what technical feature they will use to implement Trusted Computing it will be broken the minute it is on the market. Add the lack of basic security philosophies and you're stuck in the same bad situation with the added "bonus" of a lack of privacy and some more technical abstraction layers many more end users won't be able to understand. Take a look at the X-Box. The X-Box actually implements what MS had in mind as a predecessor for Trusted Computing. Has it been 6 months until people were able to run ANY code they wanted to with minor modifications to the X-Box?
Ironically, the very people who seek to publicly decry and exploit every MS flaw are the ones who are helping to force TC into reality.
No, that's actually not the case. Technical innovations and new features are subject to market laws. If consumers ultimately decide to reject such technologies then it will fail. As soon as there is an opportunity for alternative vendors to promote hardware and software WITHOUT these unwanted features, competition will kick in and level market shares again. I'm pretty confident free markets will take care of "Trusted Computing". Look at the trouble the music industry has to establish "Trusted Computing" in audio goods.
For more on the implications, see http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
This seems interesting though not new. I'll give it a "visit" ;-) cheers, Tobias W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Anti-MS drivel, (continued)
- Re: Anti-MS drivel Piotr |-|4w4+ Kostrzewa (Jan 18)
- Re: Anti-MS drivel Piotr |-|4w4+ Kostrzewa (Jan 18)
- RE: Anti-MS drivel James Patterson Wicks (Jan 19)
- RE: Anti-MS drivel Schmehl, Paul L (Jan 20)
- RE: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Mary Landesman (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Mary Landesman (Jan 20)
- Re: Anti-MS drivel Mary Landesman (Jan 20)
- RE: Anti-MS drivel David Bartholomew (Jan 20)
- Message not available
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Ron DuFresne (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 21)
- RE: [inbox] Re: Anti-MS drivel Curt Purdy (Jan 21)
- RE: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Dave Sherohman (Jan 20)
- Re: Anti-MS drivel Harry Hoffman (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Message not available
- Re: Anti-MS drivel Gregh (Jan 21)