lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 03 Nov 2008 05:33:00 -0500
From: Valdis.Kletnieks@...edu
To: mcwidget <mcwidget@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Securing our computers?

On Mon, 03 Nov 2008 10:08:01 GMT, mcwidget said:

> This is the real problem.  There are *some* things that can be done, I'd
> like to see some form of NAP built into home routers that verifies your home
> PC against a baseline before allowing you to go online.  You want to go to
> Google?  Sure, but your AV's out of date and you've missed this week's
> patches, how about I only let you to norton.com and microsoft.com until
> you've updated?  Let users do what they want with their PCs and put some of
> the security logic in the 'other' machine they have at home.  What if they
> want to go online without updating though?

Given the number of things that simply aren't detected/removed by current
AV solutions, what makes you think that this would make any real measurable
difference?

For that matter, what makes you think that this hypothetical NAP would be
any more secure?  Hint 1: consider the security of most consumer-grade
cablemodems before you answer.  Hint 2: How does this NAP identify that
you're behind on AV updates?

> Therein is where most solutions will fall down.  Either end/home users are
> allowed full control of their machines to do with what they will or that
> control is completely taken away from them - there's no middle ground.

And somehow, I doubt people will buy an XBox 360 that happens to have IE, MS
Office, and an IM client installed on it (even if that's what they actually
*need*).


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ