[13999] in bugtraq
Re: MS signed softwrare privileges
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Feb 24 14:11:16 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000224011514.536A541F16@SIGABA.research.att.com>
Date: Wed, 23 Feb 2000 20:15:09 -0500
Reply-To: smb@RESEARCH.ATT.COM
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To: Dax Kelson <Dax@gurulabs.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In message <Pine.GSO.4.20.0002221939500.8993-100000@ultra1.inconnect.com>, Dax
Kelson writes:
> However (playing devil's advocate), you've trusted Microsoft to silently
> execute "any code" on your machine at least once before by installing
> their closed-source operating system, and that is a massive amount of
> unaudited code.
Yes and no. First, as Juan's original note pointed out, this creates risks
from MS software you didn't install. Second, and perhaps more important,
anyone who has ever administered a production system knows that you *don't* do
updates, even "harmless" ones, on production systems without testing *in your
environment*, and you *never* do them at critical periods. The ability for
someone else to update my system is completely unacceptable, even without any
security issues whatsoever.
--Steve Bellovin
