funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: standards status in the industry - opinion?

From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 08 Jan 2006 10:40:28 -0800
Drsolly wrote:
The way you do that, is you sell them an additional feature, that consists of a disabling of the insecure feature.
I don't think it works that way. I think they get sold a product that purports to still let them have the insecure feature while futilely attempting to block bad things. At least, if it's a feature that the user cares about. You can sell a firewall that blocks all the RPC functions the user doesn't care about, but they won't be happy if you break all their web sites.
I believe you can simply string together whitelisted programs to do what you like. Things like tftp.exe and format.exe. 
>

I really doubt if many users need either of those.
I picked a couple of obviously harmful examples. How about ping.exe, outlook.exe or aim.exe?
Maybe we have to think the unthinkable, and aim for an OS that isn't general-purpose. 

Maybe.  Again, I think you're in for an exraordinarily hard sell.
I tried to think of examples of OSes that aren't very general purpose... Cisco IOS? Other embedded things? WebTV? WebTV is an interesting example... it still lets the user do a bunch of things. Now, WebTV doesn't go far enough, they have still had malware as I recall. But it's an interesting starting point.
You can move the problem around, perhaps... Give users something closer to dumb terminals, and have Smart People running the central machine. 

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: