funsec mailing list archives
Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch
From: Pierre Vandevenne <pierre () datarescue com>
Date: Wed, 4 Jan 2006 01:10:48 +0100
Good Day, Tuesday, January 3, 2006, 10:15:40 PM, you wrote: F> Not sure I like how this story is worded. I mean, I realize F> that MS won't exactly endorse it, but WTF... The wording is, imho, miles better than Sony's initial reaction to the "rootkit" affair. It is very responsible, very technically accurate, and not disparaging in any way. You couldn't expect MS to endorse anything produced by a third party, this is natural. I've always had a lot of "free speech" respect for Microsoft, compared to other companies, and I've really been positively impressed at their reaction to the (bulgarian/romanian?) guy who made a job of finding vulnerabilities in Office. Although I am an early adopter of the patch. I would NOT take the responsability to recommend to anyone to deploy it in a huge corporate environment without extensive testing by the involved parties. As Ilfak made it clear from the start, this patch evolved from his (and my own need) to protect ourselves to what we perceived was a real threat. Ilfak apparently posted this on his blog, which is usually followed only by a bunch of very competent hard core techies, as a technical demonstration of how such an issue could be solved. Knowing Ilfak, I am sure he did not expect it to be picked up by the mainstream as it was. Basically, the idea was - source code provided - to demonstrate a potentially useful technique to solve such issues. Now, to speak of hypothetical scenarios, if I was the "Blue Team" and the "Red Team" attacked on a global scale, I'd be glad to have that guy on my side ;-) Gadi asked me in private if Ilfak could be trusted (a natural question if their ever was one). My answer was basically that I would trust Ilfak with my wallet, my girlfriend and my programs. I stand by that assessment. It should also be noted that, in an indirect way, a lot of the people who rely on a anti-virus or a vulnerability fix rely on the tool Ilfak masterminds. A lot of the hard core techies around know that, but that is a bit complex to explain to non techies. The wording "a Russian computer programmer" is factually true (although Ilfak is a Tatar living in Belgium), but the "the designer and main programmer of the most widely used malware analysis tool" is also factually true. I guess the one you pick reveals your bias. -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Fergie (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Barrie Dempster (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Pierre Vandevenne (Jan 03)
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Randy Abrams (Jan 06)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Gadi Evron (Jan 06)
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Randy Abrams (Jan 06)
- <Possible follow-ups>
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Blanchard, Michael (InfoSec) (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Florian Weimer (Jan 03)