lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: full-disclosure at ols.inorganic.org (Roy S. Rapoport)
Subject: Microsoft Cries Wolf ( again )

On Sun, Jul 13, 2003 at 10:34:43AM +0100, Scott wrote:
> 	Maybe I am just a bit paranoid, but how many people would trust a
> vendor to harden a box prior to shipping?

The vast, vast, vast majority of computer users.

> I for one always reinstall from
> clean/trusted media when a new/used box comes through the door.

> 	If the hardened box from a vendor (kudos to Dell for trying this
> anyway) and it gets cracked, is there a cause for blame or legal action
> against the vendor for false advertising, repair costs etc?  Would something
> like this be possible?
> 
> 	I would be interested in knowing what riders or caveats vendors
> would ship with the hardened product.
> 
> It all comes down to trust in the end, however there are few people in this
> life that I trust that much (sad isn't it!).

It sometimes feels as though this mailing list is populated by
slashdotters, quick to shoot down ideas that are improvements over the
current situation if they're not perfect.

Is it better to do your own installation? Certainly.  Is it better to do
your own hardening? Again, obviously yes.  But the vast majority of people
out there don't do either of these.  The vast number of systems out there,
at least in the home environment, come pre-installed from the factory.  It
may not be how *I* do things, but then I'm not the typical MS user.  Given
that the vast majority of systems out there are set (and forgotten) at
factory defaults, it's laudable of Dell to raise the bar as to what
'factory defaults' really are.  It's almost as good as Microsoft saying
"factory defaults from now on of all our OSes will be secure," and actually
doing it.

-roy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ