 Re: Inviting malware
"Sebastian G." <seppi@seppig.de> wrote in
news:60u896F1psmkgU1@mid.dfncis.de:
> bz wrote:
>
>
>> NEVER hook a vulnerable machine to the network. Download the latest AV
>> program and definitions on another machine and transport via CD or
>> thumb drive.
>
>
> How should that stop the compromise? Exactly not at all.
> And why are you ignoring obvious things like
> - downloading *patches* on another machine
> - configuring the host properly
> - using a host-based packet filter
Downloading a good AV and installing OFF LINE is always my first step.
It will help 'detect and defend' during the next step.
I was assuming that the install would be from at least an XP sp2 CD, then
the first step on line is to install the latest updates.
I would never walk away from a machine after just installing AV.
> Each of those would do the job. A virus scanner surely doesn't.
It usually does for us, long enough to make sure patches are up to date.
We usually have the patches and updates slipstreamed into the installation
CD.
But that just takes care of the vulnerabilities that microsoft has patched.
There are always other holes that they haven't patched.
>> As of OE as a news reader or mail client, do you leave your car with
>> the engine running and the doors unlocked?
>> Microsoft[in the head] software was designed, from the ground up, like
>> a car with no ignition key and no locks on the doors.
>> Over the years, they have drilled holes in the door and used self
>> tapping screws to tack on hasps and loops to allow you to hang a
>> padlock on the door,
>> but 15 seconds with a screwdriver and the hasp is undone. 1 second
>> with a pry bar and the hasp is popped off.
>
>
> Once again total nonsense. OE is well-documented to not being intended
> to be secure in a untrusted environment
Well documented for the Illuminati. Not for the average user or even
corporate decision maker.
If it were 'well KNOWN' rather than 'well documented', no one would buy the
stuff.
> , so the only problem is that
> Microsoft often creates the impression of the contrary.
Snake oil salesmen create an impression in the minds of the impressionable.
>> Vista has spot welded the hasp onto the door but requires you to unlock
>> 2 locks each time.
>
>
> Even more nonsense. Windows Vista is well-documented to be insecure in
> an untrusted environment.
And you think that a hasp spot welded to the door of a car with no other
protection would actually protect it from theft?
My point was that Vista is NOT secure, it just 'looks a little better'.
My point was that ms products are not secure.
You appear to be saying the same thing but disagreeing with how I said
things. That is your right.
So we agree to agree on ms being insecure and disagree on the best way to
say that.
--
bz
please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.
bz+acs@ch100-5.chem.lsu.edu
 |