Re: Atguard?
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Sun, 12 Aug 2007 16:51:20 +0200
Bogwitch wrote:
Sure you won't, since you'd find that this class is empty.
Really? You're a fool.
Strange enough, no one, including you, could even state an example.
Yes, always. Would also be quite non-plausible how domain-specific software with no alternatives could be ad-ware supported. Doesn't this sound stupid even to you?
You said *FREE* alternatives. Not always.
I proclaim that every software for which no free alternative exists is not ad-ware supported.
Or they're just idiots. Best example so far: Skype.
Once again, anyone not agreeing with you is an idiot?
No. It's simply a fact that ~90 % of all computer users are idiots wrt computers. And those idiots typically install software without seeing any need for it, without any reasonable evaluation of their problem and without considering alternatives.
Or have you written all your own OS and apps?
Hm? Missing the logic in there...
Without authors, no apps. *You* don't care for authors.
Who said that I don't care for authors? I just don't care for specific authors. The authors of ad-ware supported software particularly I don't care for, for the authors of free alternatives I do.
No, I have cited an example of a *group* of software.Without any (meaningful) definition.
It is clear to all must the most narrow-minded among us.
No. You're yourself confusing the subject. How do you define legitimacy of software? Even though 90% of users think that software is illegitimate if it sends data due to the user being too stupid to configure it correctly, this definition wouldn't be reasonable at all (since the software behaves as documented).
Remotely exploitable?
I didn't claim that this is remotely exploitable. As if locally exploitable wasn't worse enough, there are many other remotely exploitable security vulnerabilities including DoS with SYN, UDP and ICMP flooding or bypassing the filtering with overlapping IP fragments.
I do agree however that the use to which the OP puts AtGuard is legitimate.Unless you actually think about it.
It is you that needs to considerthe OPs situation, not just the generic best practice as put forward by yourself.
Could it be that your argument makes no sense? The OPs situation is that his software doesn't work as he wants due to misconfiguration. Reasonable solution would be configuring the software correctly or simply replacing the software with alternatives.
Trying to filter at the network stack is a rather stupid approach.
AtGuard is not so broken.Is that political correctness for "horribly broken"?
No, it's not so broken as to make it insecure for relevant applications.
Hm? Local privilege escalation and trivial bypassing is not exactly irrelevant.
as part of a layered security approach.Ah, the "layered security" buzzword. Of c'mon, you can do better.
Again, we have had this discussion before. A layered securty approach is not a broken approach.
It is. Introducing superfluos layers to address misunderstood problems doesn't increase security, but just increases complexity. You're twisting it with "defense in depth", which works quite differently.
.
- Follow-Ups:
- Re: Atguard?
- From: Dana
- Re: Atguard?
- From: Bogwitch
- Re: Atguard?
- References:
- Atguard?
- From: haha
- Re: Atguard?
- From: Kayman
- Re: Atguard?
- From: haha
- Re: Atguard?
- From: Sebastian G.
- Re: Atguard?
- From: Bogwitch
- Re: Atguard?
- From: Sebastian G.
- Re: Atguard?
- From: Bogwitch
- Re: Atguard?
- From: Sebastian G.
- Re: Atguard?
- From: Bogwitch
- Re: Atguard?
- From: Sebastian G.
- Re: Atguard?
- From: Bogwitch
- Re: Atguard?
- From: Sebastian G.
- Re: Atguard?
- From: Bogwitch
- Atguard?
- Prev by Date: Re: Atguard?
- Next by Date: Re: Atguard?
- Previous by thread: Re: Atguard?
- Next by thread: Re: Atguard?
- Index(es):
Relevant Pages
|
