Re: What I would like the MS IIS Lockdown tool todo

From: Thor@HammerofGod.com
Date: 08/29/01


From: Thor@HammerofGod.com
To: deji@prontomail.com
Message-ID: <056e01c130c0$dcb68dd0$af05a8c0@anchorsign.com>
Subject: Re: What I would like the MS IIS Lockdown tool todo
Date: Wed, 29 Aug 2001 12:28:42 -0700


>Thor, usually you are good, on-the-point, and well-respected (at least, by
>me).

Thanks for the ego boost! I'll elaborate a bit...

>
> That is my beef. Hope you understand.
>
> Deji

I absolutely understand, and agree! We get on a slipper slope here;
Hopefully I can accurately explain what I think the general issue is:
(Please note that this is from my observation and discussions with different
parties involved - it may be completely wrong.)

MS Dev and MS Security are two different entities. Though security issues
are taken into account during development, I don't think it is an integral
part of it. I think it is something that is considered after the
functionality goals are met... Sometimes, this means that the Security guys
don't even get to see stuff until after that fact. This makes it very
difficult (from a security perspective) because of the exact reasons you
state... Things must then be 'fixed' after the fact, and it is very
difficult to do sometimes. I think the security issues that exist now and
the general perception of MS products (in regard to security) attest to
that.

If I were to draw an analogy, I would probably state it like this: Honda
makes cars. People buy cars so that they can drive around. People buy new
cars because they want new cool things, gadgets, bells and whistles, so
Honda starts putting more stuff like that into the car.
People want to go fast,
and want to blast the stereo while going fast, so Honda makes all that
possible. This is great, and sells cars. However, the security guys at
Honda say, "Um, this car can go really fast... What happens if the driver
slams the car into reverse while going 100mph? And putting the shifter in
the middle like this means that the passenger can do it without the driver's
consent! And these locks suck... Any lockpicker worth his salt can get in
15 seconds. We should put safe-guards on the transmission, or put in a
control that only the driver can set, and get better locks.. " Honda
developers would probably say, "Oh, then they just need to drive slowly.
Besides, all the cars are already made and out there, so it is too late.
And stolen cars are part of the risk of owning one. Why don't you make some
fix for that so that the people who really care about it can apply the fix."
Of course, the only fix may be a big steel guard you have to put around the
shifter, which frustrates the people who indeed care about the issue and
really isn't a good way to do it anyway- it might also cause security issues
of its own. At the same time, the majority of people are out there drinking
and driving, indicating that they don't really give a damn in the first
place, making the road a dangerous place for the rest of us. {exhale}.

Some people would say the manufacturing is flawed. Some would say the
security people don't have enough power or don't have good solutions. Some
would say the driver is stupid for driving fast, and should always wear a
seatbelt anyway. Others say "take the bus." Personally, I don't think
anything will change until security becomes an integral, mandatory, baseline
component in the development of the products: provide secure functions- not
security solutions for insecure functions after the fact.

I know the analogy is not perfect (and I always get flamed in some way for
my analogies anyway...) but it does illustrate what I believe part of the
problem is...

That is why I say that this tool, like other security tools, is a good step
in the right direction, and that it does not exist solely for marketing and
that it does indeed make a difference to many people out there. I think we
should support its development in a positive way, and give MS incentive to
make it better. The same with HFNetCheck - the same with MPSA.

Some people say "too little too late," but that does not solve anything,
does it? It does not make our security problems go away. Commitment and
Action makes them go away.

(OK... That's about enough... I feel like I am running for office... Sorry
for the long response.)

Thanks, Deji...

AD



Relevant Pages

  • Risks Digest 27.74
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... EU has secret plan for police to 'remote stop' cars ... Bad Domain Registrar Security Leads to Loss of Valuable Twitter Handle ...
    (comp.risks)
  • Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
    ... I didn't say anything about marketing hype either. ... Of course, security is important, but Red Hat Secure Linux would be a very different product, wouldn't you think? ... Does the fact that GM sells big cars, small cars, cheap cars & expensive cars mean there's anrthing wrong with any of them? ... Installing a service would imply all appropriate support packages - sendmail+spamassassin+mimedefang, and guidance on getting them up and running securely. ...
    (Fedora)
  • Re: why do iceweasel et al have more frequent security issues?
    ... finding a security problem and reporting it. ... security alerts exist does _NOT_ mean that konq is more secure. ... the cars were about equally secure. ...
    (Debian-User)
  • Re: SOT: Tumbler stolen off doorstep. Can anyone identify make/model
    ... cars, I was wondering if anyone here might be able to identify the ... make and model of this car so I might get my tumbler back someday:( ... had a delivery receipt but we never got the package. ...  A video security ...
    (rec.games.pinball)
  • 2.6 upgrade left machine unbootable
    ... Non-maintainer upload by The Security Team. ... Fix buffer overflow in XCF parser, ... local users to escape chroot restrictions ... Fix local DoS vulnerability that allows local users to panic ...
    (Debian-User)