Re: Inviting malware

bz wrote:

"Sebastian G." <seppi@xxxxxxxxx> wrote in

bz wrote:

NEVER hook a vulnerable machine to the network. Download the latest AV program and definitions on another machine and transport via CD or
thumb drive.

How should that stop the compromise? Exactly not at all.
And why are you ignoring obvious things like
- downloading *patches* on another machine
- configuring the host properly
- using a host-based packet filter

Downloading a good AV and installing OFF LINE is always my first step.
It will help 'detect and defend' during the next step.

It will help "detect" at best. It can't do anything to defend, by design.

Each of those would do the job. A virus scanner surely doesn't.

It usually does for us, long enough to make sure patches are up to date.

Bullshit. Since the exploit takes place in RAM, it fails to close any relevant attack vector.

Once again total nonsense. OE is well-documented to not being intended
to be secure in a untrusted environment

Well documented for the Illuminati. Not for the average user or even corporate decision maker.

So then the complete documentation on IE/OE group policies and their effective security design criteria are imagination? I read it, and i'm quite fond that even a technical illiterate can understand the wordening clearly.

If it were 'well KNOWN' rather than 'well documented', no one would buy the stuff.

The lack of willingness to RTFM is a social problem, though it doesn't change the fact that RTFM is the only reasonable way to act. It just proves that most computer users are unreasonable, at least with respect to computer usage.

Even more nonsense. Windows Vista is well-documented to be insecure in
an untrusted environment.

And you think that a hasp spot welded to the door of a car with no other protection would actually protect it from theft?

Almost. The shell security issue can be worked around, albeit this implies a lot of unintended inconvience.

> My point was that Vista is NOT secure, it just 'looks a little better'.
My point was that ms products are not secure.

Which is wrong as well. I'd consider Windows XP and Windows Server 2003 as well as all their server stuff as quite secure and reliable.

So we agree to agree on ms being insecure and disagree on the best way to say that.

I know only exactly two supported Microsoft product which are considered as insecure, but are not documented to be insecure in untrusted environments: Windows 2000 and IIS (any version). All others are either considered insecure without actually being insecure (but only grossly misunderstoof), or are documented to not be secure anyway (so the violation of security is only against hypothesized specifications).