Full Disclosure mailing list archives
Counseling not to use Windows (was Re: Ano
From: full-disclosure () lists netsys com (Nick FitzGerald)
Date: Mon, 15 Jul 2002 10:19:30 +1200
"David F. Skoll" <dfs () roaringpenguin com> wrote:
throwing out a blanket "don't use Windows" or "don't use <pet peeve network client software>" is not a constructive response.I disagree. I consider myself a security professional, and I tell all of my clients not to use Microsoft Outlook. I would consider it a dereliction of duty _not_ to tell them that. I also tell them they should switch away from Windows to Linux or some other free UNIX, and again, I think it's my duty to tell them that. They are free to take my advice or not, but they understand that if they do not take my advice with regards to Outlook, I am absolved of responsibility for any e-mail borne malware. I think it's important for security professionals to tell people not to use Windows, if only to open their eyes to the risk they put themselves at, and also to the fact that there are alternatives out there.
I agree with all of the above. My point was, on lists like this, if someone is using Windows or some especially distasteful Windows network client software they are most likely doing so either because, as in my case, they have chosen to after weighing the various pros and cons of that decision or because "they have to" (being under one of those aforementioned "stupid" policy restrictions that requires all desktops to conform to a limited sense of "corporate normality"). Telling such people to drop their carefully chosen or enforced environment means you are more likely to be ignored as being "out of touch" or some such. That does not mean it is necessarily a waste of breath to advise a paying customer, but doing it among a group of security aware professional peers is likely to make one look bigoted and thus more likely to get you ignored. My comment about unprofessionalism was limited to a specific setting. Suggesting a "spot fix" that a nanosecond's consideration shows is likely to be policy violating in many corporate IT environments will have one branded "unthinking" at best and quite likely "unprofessional". Making the same suggestion when asked for professional advice is not unprofessional (at least, so long as the rest of the "structural chenges" such as altering local security policies to accomodate the suggested changes, etc are also covered in that advice). Regards, Nick FitzGerald
Current thread:
- Anonymous surfing my ass! Berend-Jan Wever (Jul 13)
- Anonymous surfing my ass! (goproxy too) Berend-Jan Wever (Jul 13)
- Anonymous surfing my ass! hellNbak (Jul 13)
- Anonymous surfing my ass! Roland Postle (Jul 14)
- Anonymous surfing my ass! Steve (Jul 14)
- Anonymous surfing my ass! Chris L. Mason (Jul 14)
- Anonymous surfing my ass! Nick FitzGerald (Jul 14)
- Counseling not to use Windows (was Re: Anonymous surfing my ass!) David F. Skoll (Jul 14)
- Counseling not to use Windows (was Re: Ano Nick FitzGerald (Jul 14)
- Counseling not to use Windows (was Re: Ano Ron DuFresne (Jul 14)
- Counseling not to use Windows (was Re: Ano Chris L. Mason (Jul 15)
- Counseling not to use Windows (was Re: Ano David F. Skoll (Jul 15)
- w32.frethem.k@mm and good reading Mark J. Walborn (Jul 15)
- security through obsolescence??!@?! KF (Jul 15)
- security through obsolescence??!@?! Charles 'core' Stevenson (Jul 15)
- security through obsolescence??!@?! martin f krafft (Jul 15)
- Anonymous surfing my ass! Roland Postle (Jul 14)
- w32.frethem.k@mm and good reading Ron DuFresne (Jul 15)
- w32.frethem.k@mm and good reading Nathan Fain (Jul 16)
- Anonymous surfing my ass! Ron DuFresne (Jul 14)