Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch

[Pierre Vandevenne <pierre () datarescue com>]

Good Day,

Tuesday, January 3, 2006, 10:15:40 PM, you wrote:

F> Not sure I like how this story is worded. I mean, I realize
F> that MS won't exactly endorse it, but WTF...

The wording is, imho, miles better than Sony's initial reaction to
the "rootkit" affair. It is very responsible, very technically
accurate, and not disparaging in any way. You couldn't expect MS to
endorse anything produced by a third party, this is natural. I've
always had a lot of "free speech" respect for Microsoft, compared to
other companies, and I've really been positively impressed at their
reaction to the (bulgarian/romanian?) guy who made a job of finding
vulnerabilities in Office.

Although I am an early adopter of the patch. I would NOT take the
responsability to recommend to anyone to deploy it in a huge corporate
environment without extensive testing by the involved parties.

As Ilfak made it clear from the start, this patch evolved from his
(and my own need) to protect ourselves to what we perceived was a real
threat. Ilfak apparently posted this on his blog, which is usually
followed only by a bunch of very competent hard core techies, as a
technical demonstration of how such an issue could be solved. Knowing
Ilfak, I am sure he did not expect it to be picked up by the
mainstream as it was. Basically, the idea was - source code provided -
to demonstrate a potentially useful technique to solve such issues.

Now, to speak of hypothetical scenarios, if I was the "Blue Team" and
the "Red Team" attacked on a global scale, I'd be glad to have that
guy on my side ;-)

Gadi asked me in private if Ilfak could be trusted (a natural
question if their ever was one). My answer was basically that I would
trust Ilfak with my wallet, my girlfriend and my programs. I stand by
that assessment.

It should also be noted that, in an indirect way, a lot of the people
who rely on a anti-virus or a vulnerability fix rely on the tool Ilfak
masterminds. A lot of the hard core techies around know that, but that
is a bit complex to explain to non techies.

The wording "a Russian computer programmer" is factually true
(although Ilfak is a Tatar living in Belgium), but the "the designer
and main programmer of the most widely used malware analysis tool" is
also factually true.

I guess the one you pick reveals your bias.

-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.