Yeah I fail to see where you are going with the comment that centralized lists of "good" software are bad. If you had a system that blocked everything that wasn't on a list of good software what would be the problem? Maybe you are worried like some of the posters about getting on the list. All virus scanners have an option to ignore a program. Why couldn't you add your own software to your private list. I am THE IT guy for my company and if I had a place I could go to check what the industry thinks of say Weather bug then I would have something concrete to give my supervisor when someone tries to go over my head cause I said they can't have weather bug. Of course I would need to be able to add my own software and make exceptions, that doesn't ruin the idea.
This is just another example of getting entrenched in a default permit world which has proven itself time and again not to work. We need to be enumerating the good programs and not the other way around.
Ok so let's use your condom analogy to illustrate the point. Just because you are smart enough to use a condom does not mean that condoms eliminate the problem of sexually transmitted infections. I work in a medical office and let me tell you condoms is not the answer. It's the best we have and so we use it and hand them out. But we have the power to make real changes in the computer world. We can redesign computer systems where we can't redesign human nature. There are no human emotions or confidentiality with computers. When a computer gets a virus it could tell every computer that it's had network traffic with that it was infected prior to being fixed on this date. If a computer tries to initiate network traffic with it, it could say I am running some code that I am not sure about are you sure you want to do this. We need to start thinking outside the box a little.
Why are you letting a user click yes or no at all. What he is saying is that users shouldn't be allowed to make these decisions. Instead of having a virus/maleware scanner tell you what you can't execute you have a scanner that only allows programs on the list of ok. So when the user downloads the stupid screensaver full of maleware there scanner says you can't run this program cause its crap. Then if the shut down the scanner and let it run anyway they deserve what they get.
2) Enumerating Badness
Again sit down and read the article again and this time stop being one of the stupid people that contribute to the problem.
3) Penetrate and Patch
"So you are saying we should write code without bugs and holes? What a great idea that is? why did no-one think of saying that before?"
Do you program? I doubt it. If you did you would know that most programmer know that they should focus on writing good code and document but instead they rush to get something that works and then never go back to fix things which wouldn't help anyway because you need to start with security in mind.
4) Hacking is cool
Again you miss his point but I will say that it is going to be hard to stop the notion that hacking is cool.
5) Educating Users
I didn't read this message in the article. I heard educate IT proffesionals. The point is "people" are dumb and can't be taught. A "person" can be taught on the other hand.
6) Action is better than Inaction
"Or are you saying "don't try something new without testing it first"? Well thats more than a little obvious."
You may thing that testing is obvious but people rarely test to the degere that you need to before pushing out the latest greatest thing.
Slashdot Mirror
Yeah I fail to see where you are going with the comment that centralized lists of "good" software are bad. If you had a system that blocked everything that wasn't on a list of good software what would be the problem? Maybe you are worried like some of the posters about getting on the list. All virus scanners have an option to ignore a program. Why couldn't you add your own software to your private list. I am THE IT guy for my company and if I had a place I could go to check what the industry thinks of say Weather bug then I would have something concrete to give my supervisor when someone tries to go over my head cause I said they can't have weather bug. Of course I would need to be able to add my own software and make exceptions, that doesn't ruin the idea.
This is just another example of getting entrenched in a default permit world which has proven itself time and again not to work. We need to be enumerating the good programs and not the other way around.
Ok so let's use your condom analogy to illustrate the point. Just because you are smart enough to use a condom does not mean that condoms eliminate the problem of sexually transmitted infections. I work in a medical office and let me tell you condoms is not the answer. It's the best we have and so we use it and hand them out. But we have the power to make real changes in the computer world. We can redesign computer systems where we can't redesign human nature. There are no human emotions or confidentiality with computers. When a computer gets a virus it could tell every computer that it's had network traffic with that it was infected prior to being fixed on this date. If a computer tries to initiate network traffic with it, it could say I am running some code that I am not sure about are you sure you want to do this. We need to start thinking outside the box a little.
You don't get it at all.
1) Default deny instead of default allow.
Why are you letting a user click yes or no at all. What he is saying is that users shouldn't be allowed to make these decisions. Instead of having a virus/maleware scanner tell you what you can't execute you have a scanner that only allows programs on the list of ok. So when the user downloads the stupid screensaver full of maleware there scanner says you can't run this program cause its crap. Then if the shut down the scanner and let it run anyway they deserve what they get.
2) Enumerating Badness
Again sit down and read the article again and this time stop being one of the stupid people that contribute to the problem.
3) Penetrate and Patch
"So you are saying we should write code without bugs and holes? What a great idea that is? why did no-one think of saying that before?"
Do you program? I doubt it. If you did you would know that most programmer know that they should focus on writing good code and document but instead they rush to get something that works and then never go back to fix things which wouldn't help anyway because you need to start with security in mind.
4) Hacking is cool
Again you miss his point but I will say that it is going to be hard to stop the notion that hacking is cool.
5) Educating Users
I didn't read this message in the article. I heard educate IT proffesionals. The point is "people" are dumb and can't be taught. A "person" can be taught on the other hand.
6) Action is better than Inaction
"Or are you saying "don't try something new without testing it first"? Well thats more than a little obvious."
You may thing that testing is obvious but people rarely test to the degere that you need to before pushing out the latest greatest thing.