funsec mailing list archives
Re: standards status in the industry - opinion?
From: Drsolly <drsollyp () drsolly com>
Date: Sun, 8 Jan 2006 18:10:40 +0000 (GMT)
On Sun, 8 Jan 2006, Blue Boar wrote:
Nick FitzGerald wrote:So, you're saying that just because a bunch of morons designed something utterly brokenly (from a security perspective) from the outset _AND_ that much of the world "enjoys" the flexibility this approach has allowed (or is just too damned ill-informed or otherwise stupid to know any better), THAT informed security professionals (and others) should not try to get such gross stupidity fixed?I'm not saying that you shouldn't try, just that you probably won't succeed. In my experience, you "can't" take away some feature people like.
The way you do that, is you sell them an additional feature, that consists of a disabling of the insecure feature.
I believe you can simply string together whitelisted programs to do what you like. Things like tftp.exe and format.exe.
I really doubt if many users need either of those.
I wasn't even neccessarily talking about vulnerabilities per se. I don't consider enabling viruses to be a vulnerability, really. Just a side-effect of a general purpose OS.
Maybe we have to think the unthinkable, and aim for an OS that isn't general-purpose. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: standards status in the industry - opinion?, (continued)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Valdis . Kletnieks (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)