funsec mailing list archives
Re: ? - I don't know where to send this one, so I'm sending i t here...
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 03 Nov 2005 13:20:04 +1300
Valdis Kletnieks to me:
Why are our "protection" systems based on the obviously absurd notion that it is somehow more useful/efficient/whatever to detect more known bad stuff (which is a form of default allow) than simply to detect and allow only the known good stuff (default deny)?Because Willy Wonka never *did* figure out how to sell somebody a second Ever-Lasting Gobstopper.
Of course I know that, but you are absolutely correct to focus on the _suppliers'_ needs. The supplier wants an income stream. Long ago MS realized that the way to achieve the best income stream was to regularly update the software. The contemporary anti-virus (and then "anti-Trojan and now anti-spyware) industry recognized it could achieve this even better than MS with an enduring avalanche of VERY regular updates. Of course, why this has NEVER changed through force of pressure from intelligent, informed, diligent system admins at large corporate and government clients is actually the important question. The answer is, in short, there are actually incredibly few intelligent, informed and diligent sys-admins able to (or at least willing to try to) wield any useful amount of economic pressure. The reasons for that are multitudinous, with some intelligent, informed and diligent sys-admins being ham-strung by ludicrous policies and other entirely internally developed and enforced (within their employing organizations) mechanisms, but it's not entirely incorrect to say that a large part of the problem is that there are actually very few intelligent and informed sys-admins, due to the dominant IT culture being one of "it's right if it works" rather than one of "make this work right". The latter means businessmen like Dr Solly get rich supporting the "need" of others to keep their systems stupid and ill-run... Of course, SOHO is an entirely different kettle of fish, with "stupid and ill-run" being a given and requiring a different approach. In fact, current AV practices probably are the best approach for such users, but that is no reason to adopt it or even _allow_ it in properly designed and run corporate IT systems... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: ? - I don't know where to send this one, so I'm sending i t here... Fergie (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Blue Boar (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Valdis . Kletnieks (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Drsolly (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Blue Boar (Nov 03)
- RE: ? - I don't know where to send this one, so I'm sendingi t here... Larry Seltzer (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Valdis . Kletnieks (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Drsolly (Nov 03)
- <Possible follow-ups>
- Re: ? - I don't know where to send this one, so I'm sending i t here... Fergie (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Gadi Evron (Nov 02)