On Fri, 09 Jul 2004 10:57:55 -0700, Nathan McNulty
The less problems like the recent MSBlast worm the better
(and that was caused because people don't keep their machine updated).
Er, no. MSBlast took the opportunity offered by an OS that:
- waves services to the Internet for whatever to poke at
- had broken code that allows raw code attack
- provides no way to amputate this ?unwanted functionality
Those defects were present in NT since NT 4.0 through multiple service
packs, through the Win2000 re-write and service packs, right up to XP
and XP Service Pack 1. We are told this defect was not exploited
until after MS documented and patched it in July 2003; MSBlast
followed one month later, and the month after that, MS re-did the July
patch as new holes had been found in it.
Consider: If various slick operators such as corporations, governments
and other spooks had been exploiting that defect all those years
without giving themselves away, how would you know?
But according to the party line, this problem wasn't because of a
barnacle of bad code on a volcano of bad design. It was because users
didn't scrape off that barnacle when told to do so by Microsoft.
Besides those mentioned above, I wanted to focus on the performance
increase. Service Pack 1 and prior releases were compiled with an older
version of Visual Studio (6), but this release will be compiled by
Visual Studio 2005. This generates more optimized code and more
efficient software
That's cool
I think that defence in depth means the basic clue that:
- no safety measure is 100% effective
- therefore every safety measure is useful...
- ...unless outweighed by negative side-effects
Anti-virus and anti-commercial-malware tools are orientated towards
particular malware, largely based on the ability to recognise these
specifically. Think of a doorman with a set of mugshots for all known
criminals. Not caught yet? Walk straight through. So these measures
can catch only a proportion of what can arrive, but will do so
irrespective of how they get in i.e. what holes (if any) they exploit.
Patches fix particular holes, and block every malware that relies on
those holes to enter the system. See the synergy with av?
You can also go further than patching barnacles of bad code, and
risk-manage the underlying bad design. Like patching, that will wall
out every malware that relies on that weakness to get in, and once
again there's excellent synergy with antivirus etc.
-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"