Re: Editorial comment: Scary hackers

[Nathan Dorfman <ndorfman () SMALLWORLD COM>]

The hidden message is that Microsoft software is so bad, that reading
their code will immediately reveal multitudes of glaring holes on all
levels from the kernel to the application level.

Every one of those Toms, Dicks, and Harrys that uses the software and
implicitly trusts it must be saying right now: "Gee, am I glad that
source code wasn't released, all the insecurity in my software is left
in the dark, and I'm still safe!"

People *need* to stop and realize that the only thing that makes them
'safe' at the moment is the unknown black hole status of the software
they use.

If not, they're in for a nasty surprise when the inevitable comes and
someone malicious gains those couple of necessary insights to exploit
those dormant vulnerabilities that have always been present in their
systems.

You argue that for the very reason that a given piece of software is
used by almost everyone, it's important to keep its secrets in the
dark. I argue that for that very reason, it's imperative to expose it for
garbage when it is such.

If the lock on your home could be opened with a simple, yet obscure
technique, would you rather simply hope that no one would find out, or
would you rather be informed yourself and go buy another lock?

Software evolves. If this evolution is anything like the natural kind,
then software that simply pretends to work will become extinct. As
Microsoft will, when the curtain goes up, the game is over, and it's
time for the real thing.

--
Nathan Dorfman
nathan () rtfm net


> -----Original Message-----
> From: Dominick, David [mailto:David.Dominick () DELTA-AIR COM]
> Sent: Monday, October 30, 2000 10:14 AM
> To: ISN () SECURITYFOCUS COM
> Subject: Re: [ISN] Editorial comment: Scary hackers
>
>
> I totally disagree. Sorry to be so blunt, but this simply is
> not true. If
> the hackers would choose to flood the newsgroups with, say
> Office 2000 code,
> it would definitely hurt Microsoft. And after a the source
> code was altered
> with imbedded virus and trojan horses the public would be hurt too.
>
> This is not a Linux you are dealing with here. This is not a
> select group of
> highly skilled users that are driving the technology. This is
> Microsoft.
> Every Tom, Dick and Mary use this suite. They implicitly
> trust their code
> and have no way of verifying it is safe.
>
> Look at the recent virus that have come out just with people
> understanding
> the Windows APIs. Can you picture the havoc that will be
> reeked when people
> know the actually source code. Kernel level trojans and virus. No more
> macros virus; now there will be virus that call on the kernel itself.
>
> Wake up! Not everybody out there is a developer with pure
> motives. While it
> is true that many of us would love to see how the system
> works to try to
> improve it, there are still way too many who would be
> destructive to dare
> let the code become public.
>
> Just my opinion
> David Dominick
> "Did you get rid of all the voices in your head? Do you now
> miss them and
> the things that they said?"

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".