Full Disclosure mailing list archives

Re: Anti-MS drivel

From: Tobias Weisserth <tobias () weisserth de>
Date: Tue, 20 Jan 2004 21:53:54 +0100

Hi Mary,

Am Di, den 20.01.2004 schrieb Mary Landesman um 20:13:

not lose your keys on purpose


Does anyone lose their keys on purpose? :-)


If you've got a stupid insurance company... :-) I don't know?

As I stated originally, you can reduce the risk but you can never alleviate
it entirely. Windows can be broken, locks can be picked, heck, use a
chainsaw and you can slice right through pretty much any part of it. Of
course, it requires physical presence which raises the risk of being caught,
hence it's not very likely. Conversely, using the Internet to anonymously
launch exploits is pretty much risk-free - some might argue it's ideally
suited to the cowardly criminal. Sometimes smarts plays a part, but never
guts.


We all agree that the people behind these attacks are the bad guys. But
we can't change them, we can't eradicate them. We have to live with
them. The one thing we can change though is accepting or not accepting
the way vendors ship software.

Opportunities make thieves. If you leave your door open you mustn't be
surprised if that Van Gogh is gone when you're done with shopping. No
insurance would cover the loss of that picture if you didn't lock the
door. So in fact, although someone else has committed the crime, the
loss of the Van Gogh is YOUR fault. YOU didn't lock the door. YOU
created the opportunity.

What I'm criticising here is the amount of senseless opportunities MS
has created over the past years. Nothing else.

Now, MS has made bad decisions but they are not unique in this regard.


That's not what I said. But they have a unique impact.

Up to now they rule the consumer OS market with more than 90% market
share. Any error they make regarding default settings in their OS
affects 90% of all end consumers. It is impossible to require that many
customers to adapt. Rather the vendor has to adapt. This is only
logical.

They certainly have more at stake, given the numbers of users, thus their bad
decisions tend to be very high profile.


Well seen.

I suspect that when and if they achieve their Trusted Computing goals, many of the same anti-MS folks will
shift their focus to complaining about the privacy and censorship issues it
brings to the table.


You still haven't understood. Trusted Computing won't bring us security
as long as basic philosophies like "secure by default" and "opt-out of
security" haven't been accepted by MS.

Having an open RPC port in a consumer OS that can be exploited ISN'T
solved by putting a personal firewall in front of it. The flaw is still
there, may it be hid by an additional layer of software (which itself
can contain flaws).

Trusted Computing will worsen matters actually. Not only from the
privacy point of view, also from the security point of view.

No matter what technical feature they will use to implement Trusted
Computing it will be broken the minute it is on the market. Add the lack
of basic security philosophies and you're stuck in the same bad
situation with the added "bonus" of a lack of privacy and some more
technical abstraction layers many more end users won't be able to
understand.

Take a look at the X-Box. The X-Box actually implements what MS had in
mind as a predecessor for Trusted Computing. Has it been 6 months until
people were able to run ANY code they wanted to with minor modifications
to the X-Box?

Ironically, the very people who seek to publicly decry
and exploit every MS flaw are the ones who are helping to force TC into
reality.


No, that's actually not the case. Technical innovations and new features
are subject to market laws. If consumers ultimately decide to reject
such technologies then it will fail. As soon as there is an opportunity
for alternative vendors to promote hardware and software WITHOUT these
unwanted features, competition will kick in and level market shares
again. I'm pretty confident free markets will take care of "Trusted
Computing". Look at the trouble the music industry has to establish
"Trusted Computing" in audio goods.

 For more on the implications, see
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html


This seems interesting though not new. I'll give it a "visit" ;-)

cheers,
Tobias W.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Anti-MS drivel, (continued)
- Re: Anti-MS drivel Piotr |-|4w4+ Kostrzewa (Jan 18)
- Re: Anti-MS drivel Piotr |-|4w4+ Kostrzewa (Jan 18)
- RE: Anti-MS drivel James Patterson Wicks (Jan 19)
- RE: Anti-MS drivel Schmehl, Paul L (Jan 20)
  - RE: Anti-MS drivel Tobias Weisserth (Jan 20)
    - Re: Anti-MS drivel Mary Landesman (Jan 20)
    - Re: Anti-MS drivel Tobias Weisserth (Jan 20)
    - Re: Anti-MS drivel Mary Landesman (Jan 20)
    - Re: Anti-MS drivel Mary Landesman (Jan 20)
    - RE: Anti-MS drivel David Bartholomew (Jan 20)
    - Message not available
    - Re: Anti-MS drivel Tobias Weisserth (Jan 20)
    - Re: Anti-MS drivel Ron DuFresne (Jan 20)
    - Re: Anti-MS drivel Tobias Weisserth (Jan 21)
    - RE: [inbox] Re: Anti-MS drivel Curt Purdy (Jan 21)
    - Re: Anti-MS drivel Gregh (Jan 20)
    - Re: Anti-MS drivel Tobias Weisserth (Jan 20)
    - Re: Anti-MS drivel Gregh (Jan 21)
    - Re: Anti-MS drivel Dave Sherohman (Jan 20)
    - Re: Anti-MS drivel Harry Hoffman (Jan 20)
    - Re: Anti-MS drivel Gregh (Jan 20)
    - Message not available
    - Re: Anti-MS drivel Gregh (Jan 21)

(Thread continues...)