From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5852 invoked by alias); 18 Apr 2009 17:27:48 -0000 Received: (qmail 5845 invoked by uid 22791); 18 Apr 2009 17:27:48 -0000 X-SWARE-Spam-Status: No, hits=-2.2 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from etr-usa.com (HELO etr-usa.com) (130.94.180.135) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sat, 18 Apr 2009 17:27:43 +0000 Received: (qmail 68971 invoked by uid 13447); 18 Apr 2009 17:27:41 -0000 Received: from unknown (HELO [172.20.0.42]) ([71.213.128.103]) (envelope-sender ) by 130.94.180.135 (qmail-ldap-1.03) with SMTP for ; 18 Apr 2009 17:27:41 -0000 Message-ID: <49EA0D85.1020102@etr-usa.com> Date: Sat, 18 Apr 2009 17:27:00 -0000 From: Warren Young User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: The Vulgar and Unprofessional Cygwin-Talk List Subject: Re: 1.7: Problem with Vista64b ACLs and sockets References: <49E7764B.7080700@veritech.com> <20090417094415.GC5200@calimero.vinschen.de> <49E99B99.9030103@gmail.com> In-Reply-To: <49E99B99.9030103@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-talk-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cygwin-talk-owner@cygwin.com Reply-To: The Vulgar and Unprofessional Cygwin-Talk List Mail-Followup-To: cygwin-talk@cygwin.com X-SW-Source: 2009-q2/txt/msg00017.txt.bz2 Dave Korn wrote: > > FUDmonger Gibson He does go to extremes sometimes, but that's his (self-appointed) job. In any sort of advocacy, it takes extremists on both sides to help the rest of us find the middle. The main criticism I have of Steve Gibson is that he frequently forgets that security is a people problem, not a technical problem. The software has to do the right thing, of course, but ultimately, if people want to roach their systems through negligence, no technology is going to help much. Tricking ignorant users into running malware has to be either the #1 or #2 way worms get on PCs. (It's a toss-up between that and all the remote code execution and privilege escalation holes.) > We now have the benefit of hindsight, and it's made exactly _how much_ > difference to the usability of XP machines as botnet drones sending spoofed > packets in DDoS attacks? Err...disallowing raw socket access to all users doesn't fix the people problems and the remote root exploits, so it's a bust? How about, instead, we educate the users and arm-twist Microsoft to fix all those holes so that it actually matters that raw sockets are restricted? If more people listened to Security Now, there'd be a lot fewer bots. I'm not saying that people should follow 100% of Steve's advice. Just getting cluebies to stop clicking on links in spam and "NAV2009" popups would help loads. Don't forget, what Microsoft did here is finally follow the standard behavior on Unix-like systems, which we're all supposed to really like here, right? /bin/ping on Linux is setuid, no doubt for this very reason. Does Windows not have something like setuid? If not, there's another legitimate reason to criticize Microsoft.