funsec mailing list archives
Re: standards status in the industry - opinion?
From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 08 Jan 2006 10:40:28 -0800
Drsolly wrote:
The way you do that, is you sell them an additional feature, that consists of a disabling of the insecure feature.
I don't think it works that way. I think they get sold a product that purports to still let them have the insecure feature while futilely attempting to block bad things. At least, if it's a feature that the user cares about. You can sell a firewall that blocks all the RPC functions the user doesn't care about, but they won't be happy if you break all their web sites.
I believe you can simply string together whitelisted programs to do what you like. Things like tftp.exe and format.exe.
>
I really doubt if many users need either of those.
I picked a couple of obviously harmful examples. How about ping.exe, outlook.exe or aim.exe?
Maybe we have to think the unthinkable, and aim for an OS that isn't general-purpose.
Maybe. Again, I think you're in for an exraordinarily hard sell.I tried to think of examples of OSes that aren't very general purpose... Cisco IOS? Other embedded things? WebTV? WebTV is an interesting example... it still lets the user do a bunch of things. Now, WebTV doesn't go far enough, they have still had malware as I recall. But it's an interesting starting point.
You can move the problem around, perhaps... Give users something closer to dumb terminals, and have Smart People running the central machine.
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: standards status in the industry - opinion?, (continued)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Valdis . Kletnieks (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)
- Re: standards status in the industry - opinion? James Kehl (Jan 09)