Re: botnets: web servers, end-systems and Vint Cerf

[Roland Dobbins <rdobbins () cisco com>]

On Feb 19, 2007, at 8:06 AM, <michael.dillon () bt com>  
<michael.dillon () bt com> wrote:

> And if the system designer is creative enough, then
> this firewall thingy which is reputed to protect you from bad stuff,
> would also download and install the latest patches to protect against
> browser exploits. If this is all run on a separate CPU it can also do
> some pretty in-depth inspection and do things like block .exe
> attachements in email.

If we had some cheese, we could make a ham-and-cheese sandwich, if we  
had some ham.

;>

This discussion started out with an assertion that that security  
problem for general-purpose OS endpoints had been 'solved'.  It in  
fact has not been solved for any reasonable degree of solved - there  
are basic layer-7 problems with the fundamentals such as HTTP (which  
to most users is 'the Internet), and while there are various efforts  
to attempt to mitigate these problems via the insertion of inspection/ 
removal by network devices, these efforts are in their infancy and  
also introduce other complexities which are corollaries of the  
canonical end-to-end principle (vs. the common misperception of what  
the end-to-end principle actually encompasses).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

          The telephone demands complete participation.

                      -- Marshall McLuhan