[153761] in North American Network Operators' Group
RE: EBAY and AMAZON
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Tue Jun 12 01:09:11 2012
Date: Mon, 11 Jun 2012 23:08:27 -0600
In-Reply-To: <20120612033136.9060C80003B@ip-64-139-1-69.sjc.megapath.net>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Cc: Hal Murray <hmurray@megapathdsl.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Windows security sucks.
The real problem with Windows is that there exist folks who believe that it=
is, or can be, secured. They believe the six-colour glossy, the Gartner R=
eports, and other (manufacturers') propaganda. As a consequence they do no=
t act in a fashion which will keep them safe.
> Most users will pick convenience over security. What fraction of users
> (customers) would be happy with your suggested settings?
More than you might think -- still a minority however. There's not 2.437 p=
ounds yet.
> My probably naive view is that this type of problem could easily be solve=
d by
> having the serious work done on a special class of well locked down machi=
nes
> and making a pool of more open systems available for checking mail or
> facebook or whatever.
You would be surprised at the number of Fortune 500 companies that lock-dow=
n their policies into deliberately insecure settings, and refuse to permit =
more secure settings. I can't quite figure this out, except to observe tha=
t there is a very severe shortage of security clue in the world and an appa=
lling over-abundance of ignorance and stupidity.
> I've heard stories of people filling USB slots with epoxy so idiots can't
> insert thumb drives found in the parking lot or brought from home. I for=
get
> the context.
This is, unfortunately, a typical reaction which arises from a failure to c=
arry out proper root-cause analysis. The root cause of the issue is not "t=
humb drives", "baby fingernail drives", or whatever removable media type. =
The root cause is the propensity of Windows to engage in "magical" behaviou=
r -- to put executable "data" everywhere and then to execute that "data", m=
agically. And a failure to provide a "Magic Off" setting that actually wor=
ks. Actually, there is -- it is called the power switch. Seriously though=
most of the magic can be turned off or bypassed, if you want to.
Companies that engage in such behaviour are signing their own "all our base=
are belong to you" death warrants. Rather that voting with their wallets =
and insisting on correction of the root-cause of the problem, they instead =
continue to pour money down the crapper investing in never-ending supplies =
of draino and roto-rooters while at the same time continuing to financially=
reward the paper-towel flushers so they can buy and flush yet more cloggin=
g crap which requires yet more draino and roto-rooters. Shampoo, Lather, R=
inse, Repeat. (Looking up the effects of adding those instructions to sham=
poo by Proctor & Gamble on their sales and profits is left as an exercize f=
or the reader).
Security does not require buying more draino and roto-rooters. It just req=
uires that you not do stupid things inimical to security. Stop flushing pa=
per towels down the toilet and you don't need draino and roto-rooters, nor =
will you need hazmat gear to clean the oozing excrement off the floor. Of =
course, it might be wise to keep a bottle of draino, a roto-rooter, and som=
e hazmat gear on hand just in case -- but to concentrate on the symptoms ra=
ther than the underlying cause is just plain stupidity. Deliberately encou=
raging and financing those working to ensure the toilet is always plugged u=
p and the crap is always running in the halls is sheer lunacy. Unfortunate=
ly, the lunatics are in charge of the asylum, and they have chosen the outc=
ome they shall suffer.
Now, back to our regularly scheduled programming, already in progress ...
---
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org
