Dave Dyer wrote:
It's really not realistic or reasonable to expect every PC user to be
their own ever-vigilant security expert. I try to keep up on these things,
and I had barely noticed. I doubt that 10% of VNC users read either
slashdot or vnc-list, much less never miss anything important there.
I see it as their fault for being ignorant, on two points. A) They
expect to be completely safe when exposed to the Internet, especially in
consideration of how powerful VNC is. If you don't like the fact that
you're always going to be, to some degree, vulnerable, unplug. B) They
expect that a program is going to be one hundred percent perfect from
the get-go. I'm not knocking on RealVNC's developers, but nothing is
perfect. It's a good goal, but you could test something forever and
forever and not find every possible bug. It's in the hands of the user
to be vigilant in protecting themselves. The company should be held
responsible if the users aren't willing to help themselves.
1) vnc should maintain it's own list, reserved for security flash
alerts only, and strongly encourage anyone who installs vnc
to sign up.
If people actually care, how about they sign up on the list already
provided and take, I don't know, 60 seconds out of their day to scan the
list for anything important or interesting?
2) word should have been passed to norton, mcaffee, etc so they
could target vulnerable versions of vnc on behalf of their customers.
I don't know if this mechanism exists, but it ought to.
You want unrealistic? Bingo. That sort of thing take time, money, and
resources. Not something that a string of companies are going to throw
out so that customers for a different product are protected. Ideally,
yeah, something like this would be in place, but in the real world, it's
but a pipe dream.
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
