[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000801c34921$fe016ac0$0100000a@sanctuary>
From: aldr1c at nildram.co.uk (Scott)
Subject: Microsoft Cries Wolf ( again )
All,
Maybe I am just a bit paranoid, but how many people would trust a
vendor to harden a box prior to shipping? I for one always reinstall from
clean/trusted media when a new/used box comes through the door.
If the hardened box from a vendor (kudos to Dell for trying this
anyway) and it gets cracked, is there a cause for blame or legal action
against the vendor for false advertising, repair costs etc? Would something
like this be possible?
I would be interested in knowing what riders or caveats vendors
would ship with the hardened product.
It all comes down to trust in the end, however there are few people in this
life that I trust that much (sad isn't it!).
All the best..
And remember, "there's only one 'um"
Doc
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ron DuFresne
Sent: Sunday, July 13, 2003 6:31 AM
To: Peter Busser
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Microsoft Cries Wolf ( again )
On Fri, 4 Jul 2003, Peter Busser wrote:
> Hi!
>
> > My impression is that until the
> > vendors stepup up to the plate with a better commitment to responsible
> > reselase of products, they will find that the research community
continues
> > to eye them with focused suspicion and outrght cynical spite.
>
> Well, why should vendors do that? In fact, if you look at Microsoft's
profit,
> I would say it is rewarded for not doing this. Vendors simply supply the
kind
> of products people want. Aparently people love insecure programs. So that
is
> what they get.
>
> The only way to change that is either vote with your dollars and euros or
to
> take the vendor to court and demand compensation for the damanges caused
by
> badly designed or buggy software. Neither really happens, so what
incentive is
> there for companies to change?
>
But, then just the week following my posting, Dell comes out stating they
are stepping up to the call and committing to locking down the major OS
shipped on their boxes:
<quote>
Subject: SANS NewsBites Vol. 5 Num. 27
Dell's announcement this morning that it has begun delivering a new
hardened configuration of Windows 2000 is a defining moment in the
ongoing quest to make security less expensive and more effective. Dell
has proven that vendors can take the initial security configuration load
off of users and that there are standards that vendors can use (from
the Center for Internet Security -www.cisecurity.org) if they want to
deliver safer systems. Users no longer have to settle for wide-open,
unsafe configurations. It may soon be perceived as unwise to order a
system configured unsafely when vendors are delivering safe
configurations. If you want to buy systems from other vendors, it is
now acceptable to require in your specifications that they deliver those
systems configured safely. You'll find the Dell announcement at end of
this issue.
Alan
...
--The Dell Announcement
DELL OFFERS MORE SECURE DESKTOP AND NOTEBOOK COMPUTERS
ROUND ROCK, Texas, July 9, 2003-Dell is helping customers better protect
their information assets from unauthorized access, control or damage by
giving them the option of a more secure or "hardened" configuration.
The new security service, in which Dell activates more than 50 security
settings on Microsoft Windows 2000, helps customers better secure their
systems without adding time nor complexity to their system
installations.
This service, available on desktops and notebooks, helps public and
private organizations meet a security benchmark established by the
Center for Internet Security (CIS), whose mission is to help
organizations around the world effectively manage risks related to
information security. CIS is made up of leading companies, universities,
auditing organizations and government agencies.
"Dell is taking a leadership position in providing secure systems to
its customers," said Clint Kreitner, president of CIS. "We hope other
vendors will follow Dell's lead." Dell intends to develop a similar
offering for Windows XP after the benchmark is released by CIS later
this year.
"Protecting data from dangers such as hackers and computer viruses is
a challenge for today's organizations," said Tom Buchsbaum, sales vice
president of Dell's federal sector. "Dell is committed to providing our
customers with technology products that provide a high level of
security, and our work with CIS builds on that commitment."
For more information on Dell's security-enabled hardware and security
services, visit www.dell.com/security.
</quote>
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists