Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)

From: James Tucker (jftucker_at_gmail.com)
Date: 05/11/05

  • Next message: Mandriva Security Team: "[Full-disclosure] MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities"
    Date: Wed, 11 May 2005 02:58:14 +0100
    To: nick@virus-l.demon.co.uk
    
    

    May I ask what web browser you use, if any?
    What about mail client?
    Do you read rich text and html mails in code?
    Do you never have to update your software?
    Can you reliably justify rolling out new software versions to
    massively time-dependant and business critical systems potentially
    causing as much damage as an infection?

    These are the issues from the other side.

    On 5/11/05, Nick FitzGerald <nick@virus-l.demon.co.uk> wrote:
    > Steven Rakick wrote:
    >
    > > Interesting. Has this always been that way? While it's not a huge gaping
    > > hole, it's definitely concerning. At least to me.
    >
    > Well, yes, of course it's concerning...
    >
    > If you have some unknown/unwanted/etc program running on one of your
    > machines you darn well should be concerned, regardless of whether its
    > called program.exe and located in the root directory of your Windows
    > install drive or not.
    >
    > Of course, (assuming you are an IT admin) your boss should be even more
    > concerned in how in the heck you've allowed your IT system to be rolled
    > out such that arbitrary executables can actually get onto the machines
    > and be run so easily.
    >
    > _THAT_ is a far larger problem you should have considered long before
    > you discovered that one (or more) of the many "band-aid" programs (like
    > MS AntiSpyware, most other anti-spywares, known virus scanning
    > "antivirus" programs, software firewalls, and so on) so commonly
    > advocated by lame (or hamstrung) system admins has this (and dozens of
    > other) trivial, stupid holes.
    >
    > Regards,
    >
    > Nick FitzGerald
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia - http://secunia.com/
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Mandriva Security Team: "[Full-disclosure] MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities"

    Relevant Pages

    • True IMAP Trash Folder
      ... Does anyone know of a mail client that supports a true IMAP trash ... Evolution doesn't, and so I use evolution on three different ... machines sometimes to find it. ...
      (freebsd-questions)
    • RE: [SLE] New Kernel compilation on 8.2 Pro
      ... In my mail client ... That is exactly how a thread hijack is done, regardless of the email ... command. ...
      (SuSE)