Doug White writes:
It would be nearly impossible for computer software makers to provide
against any type of attack by those so inclined. The result is that
they are reactive rather than pro-active.
That's not the point. The difference in degree of security between
Windows and Mac OS X is
Think globally. Even though this forum has NA as its heading, we need to
think globally when suggesting solutions. You'll never get any sort of
licensing globally nor will you EVER get end users (globally) educated
enough to stop doing the things that they do which allow these events to
On Tue, 20 Apr 2004 09:21:02 -0500 (CDT), Adi Linden wrote:
Since many gateway service providers will not prevent insufficiently
skilled users from connecting to the internet and injuring others, the
only remaining solution, as far as I can see, is cutting connectivity
with those enablers.
As for the specifics of your comments, I could not disagree more, but it
is a philosophy of life that distinguishes our views, not the analysis of
the problem. I believe (like a lot of other New Englanders and even
some from California) that people must assume responsibility for their
[snip]
:
: My argument is that a computer needs to be in a safe state by default. I
: firmly believe that if I buy a brand new box from any reputable vendor
: with a premium operating system of choice I should be able to connect this
: device to a local broadband connection indefinitely. It
Operating systems bundled with a retail computer _should_ be reasonably
secure out of the box.
OS X can be placed on a unprotected internet connection in a unpatched
state and it's default configuration allows it to be patched to current
levels without it being compromised.
On the other hand
On Mon, Apr 19, 2004 at 08:50:34AM +0300, Petri Helenius wrote:
Let's face it -- this shouldn't have to be the ISP's problem.
Microsoft needs to quit rushing out new OS releases without properly
straining them and stress testing to find as many holes as they can.
They need to start
Henry Yen wrote:
s/most profitable company/convicted (and continuing) OS\browser
monopolist/
Sadly the two are not incompatible it appears. If the rewards of breaking
the law were normally so good, then most of us would be down at the
localbank with a shotgun... actually, given the audience,
First time user of the net in '87 when CompuServe announced it to its denizens.
Thank [deity] for Micro$oft or we'd have to get a real job.
- Original Message -
From: Henry Yen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, April 18, 2004 8:14 PM
Subject: Re: Microsoft XP SP2
On Sun, 2004-04-18 at 23:16, Sean Donelan wrote:
When the Morris worm was release, there wasn't a patch available. Since
then essentially every compromised computer has been via a vulnerability
with a patch available or misconfiguration (or usually lack of
configuration).
Key word here is
At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote:
Key word here is essentially. I've been involved with about a half
dozen compromises that have been true zero days. Granted that's less
than ground noise compared to what we are seeing today.
There're a lot more 0-days than that.
On Mon, 2004-04-19 at 06:27, Brian Russo wrote:
There're a lot more 0-days than that.
Agreed. My ego has not grown so large as to think I've seen every 0-day.
;-) As I said however, the true number of 0-day is less than ground
noise compared to the number of systems that *could* have remained
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated
end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there
are no technical solutions to this problem. (Though
technical measures to enhance traceability are a big
- Original Message -
From: Dr. Jeffrey Race [EMAIL PROTECTED]
To: Jeffrey Race [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 11:10 PM
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote
At Mon, Apr 19, 2004 at 08:22:48AM -0400, Chris Brenton wrote:
Agreed. I think part of what makes 0-day easier to hide *is* the raw
quantity of preventable exploits that are taking place. In many ways we
have become numb to compromises so that the first response ends up being
format and
At Mon, Apr 19, 2004 at 11:22:17PM +1000, Gregh wrote:
I would love to know the average age of the list inhabitants.
22
It has been my observation that things which are new become better known
when a generation has grown up, completely, with it and is teaching the next
generation.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dr. Jeffrey Race
Sent: April 19, 2004 9:11 AM
To: Jeffrey Race
Cc: [EMAIL PROTECTED]
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, 19 Apr 2004 06:12:16 -0400
On Apr 19, 2004, at 4:10 AM, Michael Painter wrote:
First time user of the net in '87 when CompuServe announced it to
its denizens.
Thank [deity] for Micro$oft or we'd have to get a real job.
I hear this a lot and it is such BS. Does anyone here HONESTLY believe
the computer revolution was
** Reply to message from Brian Russo [EMAIL PROTECTED] on Mon, 19 Apr
2004 10:51:18 -0400
As far as mainstream users..
* Software needs to patch itself, users aren't going to do it.
* Software needs to be intuitive, people interact with computers as if
they were doing 'real' things. Things
Firstly, who enforces it? The reason it works with cars is that
the state
(or province for those of us north of the border) effectively says you
can't drive a car without this lovely piece of paper/plastic that
we'll give
you and if we find you driving a car without the lovely piece of
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download, turn into CD's and
distribute as appropriate. Wouldn't that be nice for a dialup user -
getting Windows Update on a
-- Jeff said --
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download, turn into CD's and
distribute as appropriate. Wouldn't that be nice for a dialup user -
getting
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download, turn into CD's and
distribute as appropriate. Wouldn't that be nice for a dialup user -
getting Windows Update on a
** Reply to message from Drew Weaver [EMAIL PROTECTED] on Mon,
19 Apr 2004 13:42:53 -0400
-- Jeff said --
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download,
]
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
-Original Message-
From: Jeff Shultz, WIllamette Valley Internet [EMAIL PROTECTED]
Sent: Apr 19, 2004 1:39 PM
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
I
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of David Schwartz
Sent: April 19, 2004 12:57 PM
To: 'Dr. Jeffrey Race'
Cc: [EMAIL PROTECTED]
Subject: RE: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
Firstly, who enforces
XP SP2 (was Re: Lazy network operators - NOT)
I can burn a CD from ISO in about 5 minutes - how about you?
I'm talking about XP users who haven't even updated as far as SP1.
Win98 users who have never run an update in their life...
Win2k users are usually the most patched up that I've seen
On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote:
** Reply to message from Drew Weaver [EMAIL PROTECTED] on Mon,
19 Apr 2004 13:42:53 -0400
However, awhile ago we tried an idea of sending out E-Mail alerts to
our customers whenever a critical update of Remote execution
On Mon, Apr 19, 2004 at 12:03:32PM -0700, Dan Hollis wrote:
On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote:
** Reply to message from Drew Weaver [EMAIL PROTECTED] on Mon, 19 Apr 2004
13:42:53 -0400
[...notification of the...]
average home Dial-Up users who were
On Mon, 19 Apr 2004 09:10:32 EDT, Dr. Jeffrey Race said:
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated
end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there
are no technical solutions to this
At 02:27 PM 4/19/2004, you wrote:
I can burn a CD from ISO in about 5 minutes - how about you?
I'm talking about XP users who haven't even updated as far as SP1.
Win98 users who have never run an update in their life...
Win2k users are usually the most patched up that I've seen - because
that
Should ISPs start requiring their users to install Windows XP SP2?
nope. especially since, according to bill gates, linux would have the
same reputation if it was a popular a platform (and therefore a target
of more virii.) now, you could go further, and say if you emit streams
of wierd(*)
On 19 Apr 2004 22:16:58 +
Paul Vixie [EMAIL PROTECTED] wrote:
[(*) wierd could mean streams of tcp/syn or tcp/rst, or forged source
addresses, or streams of unanswered udp, or streams of ourbound tcp/25,
or udp/137..139, or who knows what it'll be by this time next month?]
Precisely.
On Mon, 19 Apr 2004, Dr. Jeffrey Race wrote:
: On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
:
: An uneducated
: end user is not something you can fix with a service pack.
:
: A profound point, again highlighting the fact that there
: are no technical solutions to this problem.
On Mon, 19 Apr 2004 17:07:45 -1000 (HST), Scott Weeks wrote:
Think globally. Even though this forum has NA as its heading, we need to
think globally when suggesting solutions. You'll never get any sort of
licensing globally nor will you EVER get end users (globally) educated
enough to stop
: Think globally. Even though this forum has NA as its heading, we need to
: think globally when suggesting solutions. You'll never get any sort of
: licensing globally nor will you EVER get end users (globally) educated
: enough to stop doing the things that they do which allow these events
- Original Message -
From: Scott Weeks [EMAIL PROTECTED]
To: Dr. Jeffrey Race [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, April 20, 2004 1:07 PM
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
Think globally. Even though this forum has NA as its
On Mon, 19 Apr 2004 17:53:45 -1000 (HST), Scott Weeks wrote:
Neither can happen. That's just another way of saying make
all your users
skilled or go out of business.
The SPs whose business model entails externalizing the
costs SHOULD go out of business
Yes.
Unfortunately, one day 1,000,000 users will find in their mail boxes fully
automated CD with 'Microsoft Update' on the label and 1,000 viruses /
trojans inside. -:)
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and
I agree.
90% users CAN NOT UPDATE. How?
- (1) updates are too big to be diownloaded by modem , which fail every 20 -
40 minutes (which is common in many countries);
- (2) if you connect to Internet for update, you are infected by virus much
faster than you install update.
I saw it. Home user
Sean Donelan
Should ISPs start requiring their users to install Windows XP SP2?
Most of those of us that work with m$ products on a daily basis are not
too hot about installing beta code in production. A week after m$
releases it, and after carefully listening to the volume of screams
coming
On Sun, 18 Apr 2004 23:16:36 -0400 (EDT)
Sean Donelan [EMAIL PROTECTED] wrote:
Should ISPs start requiring their users to install Windows XP SP2?
IMHO:
Not if they want to stay in business. Our customer base is probably
80%Win 9x users. I can't speak for everybody else, but I would be
Brandon Shiers wrote:
Let's face it -- this shouldn't have to be the ISP's problem.
Microsoft needs to quit rushing out new OS releases without properly
straining them and stress testing to find as many holes as they can.
They need to start cracking down on themselves and really start
43 matches
Mail list logo