Information Security News mailing list archives
Re: they should have used crypto...
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Tue, 7 Dec 1999 11:10:49 -0700
Reply From: Felix von Leitner <leitner () vim org> Thus spake mea culpa (jericho () DIMENSIONAL COM):
Actually, routine use of cryptography will result in huge security problems.
Why? Because the best place to stop computer viruses, trojans and other malicious code is at the email server - and you can' scan encrypted mail.
Excuse me? If you are using an "operating system" that allows viruses that is not a security problem but an incompetence issue. I have never, not once, _ever_ had a virus threaten any of my systems. Why? Because I reject Word documents. I don't use Windows. That's it. This is about the dumbest thing I have ever heard -- people trying to tell me that I should not encrypt my emails because of "security reasons". This term is a security risk in its own. How often have you heard someone reason something for security reasons and not giving any details? This is almost as stupid as "for technical reasons".
But viruses aren't really a security issue . . . Wrong, viruses such as Melissa varients take documents off your computer and email them to dozens or hundreds of people. Viruses such as Pretty Park take passwords off your machine and post them to IRC sites. And we all remember BO2K, NetBus, etc.
Melisse does not email anything anywhere on my machine. My computer does not have NetBus, BO or any other trojan.
What about desktop virus protection? 1. It has demonstrably failed - see damages mentioned above 2. It relies on end user compliance 3. We never will be able to update 100's of millions of desktops fast enough to stop the next Melissa virus.
Oh yeah, and you update your firewall virus scanner once every 30 minutes, do you? Yeah, right. Scanning is not the answer to viruses. Not running insecure operating systems is.
Finally, ISP such as US West and Sprint have started adding virus protection a part of their internet access offerings - which will be a very effective way to contain virus outbreaks - but only if email is not routinly encrypted.
That is a very good way to make yourself look like a complete idiot. People who have virus problems are obviously not computer literate. People who proclaim their anti virus policy openly might as well carry a large "please rob me, I am stupid" sign through the streets. Felix -- If you have problems, count 10, take a deep breath. Try it again. If it still doesn't work, hit the side of your computer or bend the CD a little bit to make sure it isn't crooked. Make sure you put it in the drive shiny side down, not up. --Microsoft "Knowledge Base" article Q131125 ISN is sponsored by Security-Focus.COM
Current thread:
- Re: they should have used crypto... mea culpa (Dec 06)
- <Possible follow-ups>
- Re: they should have used crypto... mea culpa (Dec 07)
- Re: they should have used crypto... mea culpa (Dec 07)
- Re: they should have used crypto... mea culpa (Dec 13)