Robert S. Jacobsen wrote: >Microsoft is not the only company making the assumption that every computer >is connected to the Internet. Symantec leaps to mind with its Live Update. >Don't get me wrong, its a nice feature, but is totally useless unless you >are connected to the Internet. > But at least Symantec does not actually *assume* that you are net-connected. Last time I used Norton AV, it had an alternate update mechanism that let you download the signature file using FTP, and then sneakernet the update to the PC in question. On the other hand, it is actually constructive to assume that all machines are net-connected from the perspective of threat models. ALWAYS assume that there is a bad guy vampire-clamped directly to the ethernet cable going into your workstation, and you will be ok. That means refusing to enter passwords unless they are going via SSH or SSL The alternative is to assume that the firewall is working perfectly, and that there are no bad guys on the network. This is a manifestly dangerous thing to do. <greybeard>Several years ago, someone broke into the OGI network, hacked a machine, and installed a password sniffer. When we found it, it had collected hundreds of passwords, including some senior CS professors. It had not collected mine, because I ALWAYS use SSH or SSL for all remote access.</greybeard> Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:40:01 PDT