Re: on-line Messenger Service exploitation in Windows XP
From: George Hester (hesterloli@hotmail.com)
Date: 12/13/02
- Next message: George Hester: "Re: Is it really true that NTFS is secure?"
- Previous message: |{evin: "Re: Two firewalls better than one ?"
- In reply to: Robert Moir: "Re: on-line Messenger Service exploitation in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Hester" <hesterloli@hotmail.com> Date: Fri, 13 Dec 2002 00:02:59 -0500
I'm just trying to come from the perspective of the average user. And the average user "feels" it is a security breach. You know no matter what the evidence of something some people are just not going to change their ways. It is our responsibility to address their concerns (which we do admirably) not try to win them over to our way of looking at things. The reason why that will never work is easy. It's just too hard to teach an old dog new tricks. How many times have you had to teach the same user how to turn off their machine? And this user is going to be scared out of their gord when things like this happen. That's a security breach in reality or essence.
But I hear what your saying I agree.
-- George Hester __________________________________ "Robert Moir" <robert.moir@ntlworld.com> wrote in message news:eAqbSvhoCHA.1592@TK2MSFTNGP11... > George Hester wrote: > > Well let's put it this way. If you woke up and found a stranger > > standing over your bed would you feel secure? > > Thats a straw man analogy. Totally doesn't work for this problem. To > continue to use the analogy of people sleeping in bed at night, this isn't > someone breaking in and standing over your bed, its someone running down the > street shouting at the top of their voice. Some of us have double glazing > with it's nice sound proofing properties and would never hear it. People are > not targetting those messages, most certainly are not breaking into > someone's computer to display them, they are simply broadcasting randomly to > certain blocks of addresses. > > Which isn't to say I like it, I find what they are doing to be wholly > disgusting. I've personally never understood why spammers thing you'll give > them money if they piss you off, but thats a whole other discussion. > > > If you were working at > > your computer and something popped up for no discernable reason on > > your screen would you feel secure? Granted in the sense that > > unsecure means possible and probable damage it's not (so far). > > It's not unsecure period, not "so far". The messenger service is like a > radio receiver. That's all it is. I think it's amazingly stupid of Microsoft > to have it bound to the internet facing adapter, relying on people not > switching off their firewall, and it's certainly bad practice to run > un-needed services, and maybe a buffer over run will be discovered tomorrow > that makes it dangerous, but it's not on the same planet as a security > vulnerability in and of itself. > > > In > > the sense of how we "feel" it is a security issue. I understand you > > may think I am trivializing this although to the average computer > > user they don't feel too secure aftrerwards. > > That's true enough, but then people offering security advice should correct > this and stop people from feeling scared to use a computer when they've no > reason to be, instead of nurturing it. That is what I'm trying to do, to > keep it in perspective. > > Regards > Rob > MS MVP > >
- Next message: George Hester: "Re: Is it really true that NTFS is secure?"
- Previous message: |{evin: "Re: Two firewalls better than one ?"
- In reply to: Robert Moir: "Re: on-line Messenger Service exploitation in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
