Re[5]: www.hexblog.com down?

[Sean Donelan <sean () donelan com>]

On Wed, 4 Jan 2006, Pierre Vandevenne wrote:
> I hate overloaded analogies but: if you see a dying homeless child on
> the side of the road, will you just walk by thinking "giving to
> charity is a better fundamental solution"? Maybe, but then you have
> the problem of dealing of corruption at the level of charity
> administration...

I would contact my local emergency services.  I wouldn't use the possibility
the ambulance MIGHT be delayed as justification to attempt to perform
surgery on the child before medical professionals arrived. If the
ambulance didn't arrive in time and death was imminent without immediate
action, the situation changes.  Then, hopefully in consultation with
emergency professionals on the phone, I would perform whatever life saving
procedures I reasonably could until help did arrive.  The problem for
emergency professionals is people making the situation worse by
attempting to do something incorrectly instead of waiting for help.  "Go
boil some water" probably won't help, but it gives people something to do
in the mean time.

But overloaded analogies aren't great.

> You are invoking the "unknown thing" argument to attack my position.
> Fair enough. But the "unknown thing" argument applies to all
> positions. That's why it is useless imho.

No, I'm attacking the "bad stuff MIGHT happen, therefore you MUST do
something" (aka "sitting duck") argument.  Yes, there are times when
bad stuff DOES happen and therefor you MUST do something.  But too often
bad stuff possibilities, versus bad stuff that happens, turn into a big
infinity in the risk equation to justify all sorts of things.  You can
always think up more bad stuff that might happen.

There are several good reasons to implement Guilfanov's patch and several
good reasons not to implement it, similar to other third-party security
fixes you may add to your Windows machine such as an third-party
anti-virus programs.

Guilfanov's patch appears generally safe (not just non-malicious, but only
a few interopability problems have been found with other applications) and
generally effective (it does what it claims).  Its "total cost of
ownership" is improving for more organizations as people improve its
installer/uninstaller.  Organizations with the expertise to evaluate
Guilfanov's product should consider it for their organizations. Just
because its free doesn't make it any worse (or better) than other security
products you can buy.

That's different than saying use it or else something bad might happen.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.