funsec mailing list archives
Re[5]: www.hexblog.com down?
From: Sean Donelan <sean () donelan com>
Date: Wed, 4 Jan 2006 19:00:26 -0500 (EST)
On Wed, 4 Jan 2006, Pierre Vandevenne wrote:
I hate overloaded analogies but: if you see a dying homeless child on the side of the road, will you just walk by thinking "giving to charity is a better fundamental solution"? Maybe, but then you have the problem of dealing of corruption at the level of charity administration...
I would contact my local emergency services. I wouldn't use the possibility the ambulance MIGHT be delayed as justification to attempt to perform surgery on the child before medical professionals arrived. If the ambulance didn't arrive in time and death was imminent without immediate action, the situation changes. Then, hopefully in consultation with emergency professionals on the phone, I would perform whatever life saving procedures I reasonably could until help did arrive. The problem for emergency professionals is people making the situation worse by attempting to do something incorrectly instead of waiting for help. "Go boil some water" probably won't help, but it gives people something to do in the mean time. But overloaded analogies aren't great.
You are invoking the "unknown thing" argument to attack my position. Fair enough. But the "unknown thing" argument applies to all positions. That's why it is useless imho.
No, I'm attacking the "bad stuff MIGHT happen, therefore you MUST do something" (aka "sitting duck") argument. Yes, there are times when bad stuff DOES happen and therefor you MUST do something. But too often bad stuff possibilities, versus bad stuff that happens, turn into a big infinity in the risk equation to justify all sorts of things. You can always think up more bad stuff that might happen. There are several good reasons to implement Guilfanov's patch and several good reasons not to implement it, similar to other third-party security fixes you may add to your Windows machine such as an third-party anti-virus programs. Guilfanov's patch appears generally safe (not just non-malicious, but only a few interopability problems have been found with other applications) and generally effective (it does what it claims). Its "total cost of ownership" is improving for more organizations as people improve its installer/uninstaller. Organizations with the expertise to evaluate Guilfanov's product should consider it for their organizations. Just because its free doesn't make it any worse (or better) than other security products you can buy. That's different than saying use it or else something bad might happen. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re[2]: www.hexblog.com down?, (continued)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? nodialtone (Jan 03)
- Re[3]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[3]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[4]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[5]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[5]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[6]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? Gadi Evron (Jan 03)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? nodialtone (Jan 03)
- RE: www.hexblog.com down? Gary Funck (Jan 03)
- RE: www.hexblog.com down? Anthony Aykut (Jan 03)