[4764] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)
daemon@ATHENA.MIT.EDU (Bob Denny)
Tue Mar 11 13:37:47 1997
From: "Bob Denny" <rdenny@dc3.com>
Date: Tue, 11 Mar 1997 09:40:49 -0800
In-Reply-To: Jacob Rose <jacob@whiteshell.com>
"Re: Why do you think you can trust PC software? (was Re: Latest Java hole is Netscape/Sun only)" (Mar 11, 7:59)
To: Jacob Rose <jacob@whiteshell.com>, Jay Heiser <Jay@homecom.com>
Cc: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> > Of course there is risk, but worthwhile activity lacks that?
> > Show me an example of PC software that you would consider
> > 'trustworthy'.
>
> That being the case, doesn't it just turn the issue around and scream,
> "Hey! *All* programs should be running in appropriately sized sandboxes,
> with access only to that functionality which they should rightfully need."
They do. It's called an operating system. The assertion is your login, the
capabilities you get depend on who you are and what the system admins grant
you.
It amazes me to no end how people (not you guys, the press and joe average
computer person) can get anesthetized by FUD in this day and age.
== Bob
