-
April 11th, 2005, 11:09 PM
#21
His argument seems to be that the bad guys will "reverse engineer"
the patch in order to "discover" the vulnerability it was written to fix.
I saw it differently.. Just because a patch has been released dosent mean that there isnt a hole still in the system.. The Coder will be looking for a weakness, or an overlooked weakness, that still exists or an extra weakness introduced by the modified code. Isnt this among the reasons that Sys Admins will test patches and updates before rolling out on a network?
I regularly encounter systems with Virus infestations, the clients first complaint is "BUT!! I HAVE ANTI VIRUS", that is like "BUT I HAVE PATCHED MY SYSTEM", If your expecting one or 2 of the safe methods to protect the integrity of your network your a bloody fool.. And even when you follow all the steps, you cover all the bases.. IF YOUR NOT VIGILENT YOUR NOT SECURE.. the best , IMHO, you can expect is 99%.. (and that is with an excellent staff training and policies in place)..
Here is a Question.. Knowing where your weakness lie, the best guide to securing your network.. Myth or a good fact?
And: What would you consider the top Ten USer Myths for PC or Personal information Security? (yes that can be seen as a double question..2 lists?)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 12th, 2005, 07:37 PM
#22
tools and patches help to some degree but maybe their effectiveness is, like beauty, in the eye of the beholder.
Trappedagainbyperfectlogic.
-
April 12th, 2005, 09:40 PM
#23
I saw it differently.. Just because a patch has been released dosent mean that there isnt a hole still in the system.. The Coder will be looking for a weakness, or an overlooked weakness
Indeed Undertaker ,,, Indeed ...
Kernel Level Vulnerabilities, Behind the Scenes of 5th Argus Haking Challenge
-
April 12th, 2005, 11:06 PM
#24
A seperate discussion.. a windows security check list..
http://www.antionline.com/showthread...hreadid=267554
Here is a Question.. Knowing where your weakness lie, the best guide to securing your network.. Myth or a good fact?
And: What would you consider the top Ten USer Myths for PC or Personal information Security? (yes that can be seen as a double question..2 lists?)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 12th, 2005, 11:19 PM
#25
There is no, and proably will never be, an install and forget method.
Errr...
format %systemdrive%
and follow the prompts... You can then be _absolutely_ assured that you have an operating system that has no vulnerabilities except physical access.
Specious argument? Yeah, probably...
The point is that there are mitigation techniques to all vulnerabilities. You presented an extreme scenario.... As did I. If you don't want to be vulnerable don't run any software. Of course, that would make your PC a doorstop but it works... If you want the doorstop to be somewhat functional then you need that "software" stuff which brings "risk" into the equation.
It's all relative....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|