Shawn McMahon smcmahon@eiv.com
Wed Jan 29 07:09:23 PST 2003

On Wed, Jan 29, 2003 at 10:00:12AM -0500, Aaron Sherman said:
> The problem is that some people who were doing things like what I do
> (not me, since I run non-MS software) were hosed because those that they
> trusted were compromised.
> In that case, there's not much you can do. You have to keep up-to-date

Sure there is.  Design your system to include what you want to
happen in case of a failure, as well.  Consider what happens if
the other guy gets compromised; give him only the access he
NEEDS, not the access he WANTS.  And yes, I realize that's a lot
of work, and requires overcoming bureaucratic inertia.  I'm
fighting the same fight, and not always winning.

> do deal with software bugs that lead to compromise. Automatic update is
> one way around it, but I would never trust MS EULA-viruses to update my
> box. :(

But you'll not only trust somebody else not to abuse the access you give
them, but also that they'll update their patches, AND that Microsoft
will have complete, timely patches?

Shawn McMahon         | Every time you walk out of the house
FedEx Services        | with clothes on, you give up freedom
DSS-MCO Security Lead | for temporary safety.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030129/e35d42f8/attachment.pgp 

More information about the linux-elitists mailing list