Re: 1.7: Problem with Vista64b ACLs and sockets

public inbox for cygwin-talk@cygwin.com
 help / color / mirror / Atom feed

From: Warren Young <warren@etr-usa.com>
To: The Vulgar and Unprofessional Cygwin-Talk List <cygwin-talk@cygwin.com>
Subject: Re: 1.7: Problem with Vista64b ACLs and sockets
Date: Sat, 18 Apr 2009 17:27:00 -0000	[thread overview]
Message-ID: <49EA0D85.1020102@etr-usa.com> (raw)
In-Reply-To: <49E99B99.9030103@gmail.com>

Dave Korn wrote:
> 
> FUDmonger Gibson 

He does go to extremes sometimes, but that's his (self-appointed) job. 
In any sort of advocacy, it takes extremists on both sides to help the 
rest of us find the middle.

The main criticism I have of Steve Gibson is that he frequently forgets 
that security is a people problem, not a technical problem.  The 
software has to do the right thing, of course, but ultimately, if people 
want to roach their systems through negligence, no technology is going 
to help much.  Tricking ignorant users into running malware has to be 
either the #1 or #2 way worms get on PCs.  (It's a toss-up between that 
and all the remote code execution and privilege escalation holes.)

> We now have the benefit of hindsight, and it's made exactly _how much_
> difference to the usability of XP machines as botnet drones sending spoofed
> packets in DDoS attacks?

Err...disallowing raw socket access to all users doesn't fix the people 
problems and the remote root exploits, so it's a bust?

How about, instead, we educate the users and arm-twist Microsoft to fix 
all those holes so that it actually matters that raw sockets are 
restricted?  If more people listened to Security Now, there'd be a lot 
fewer bots.  I'm not saying that people should follow 100% of Steve's 
advice.  Just getting cluebies to stop clicking on links in spam and 
"NAV2009" popups would help loads.

Don't forget, what Microsoft did here is finally follow the standard 
behavior on Unix-like systems, which we're all supposed to really like 
here, right?  /bin/ping on Linux is setuid, no doubt for this very 
reason.  Does Windows not have something like setuid?  If not, there's 
another legitimate reason to criticize Microsoft.

     prev parent reply	other threads:[~2009-04-18 17:27 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <49E7764B.7080700@veritech.com>
     [not found] ` <20090417094415.GC5200@calimero.vinschen.de>
2009-04-18  9:10   ` Dave Korn
2009-04-18 17:27     ` Warren Young [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49EA0D85.1020102@etr-usa.com \
    --to=warren@etr-usa.com \
    --cc=cygwin-talk@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).