At 21:57 08/10/2004, you wrote:
Can we get consensus, even if just among the current group in this
discussion, that "user friendly" PoCs are bad?
Absolutely.
The Drugs locker lock can be easily picked like so.. It's much less likely
to be raided if we only tell the locker manufacturer how to pick it easily.
I think it is an "ego" thing this POC publishing, in some cases only one
step from being a malware writer. The PoC publish creates a temptation.
And indeed I find over last ten years of PC programming, planing networks
and IT admin that good firewall, mailserver with content filter, users not
admin rights etc and other best practices protect against most exploits.
I run no AV software or anti-spyware on my Home network connected to
internet, nor on the last IT Admin site, I find they don't get updated and
give users false sense of security. I find education of users more
effective than AV software.
I have to fix many sites setup by others always with AV and other "security
products" needing viruses, trojans, spyware etc removed!
Education, Education and only PoC / Full Disclosure to the offending
Vendor. By all means publicise the malise and workaround.
Michael Watterson
11 Laurel Park
Patrickswell
Co. Limerick
+353 61-215842
--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such
that just hitting reply is going to result in the message coming to the list,
not to the individual who sent the message. This was done to help reduce the
number of Out of Office messages posters received. So if you want to send a
reply just to the poster, you'll have to copy their email address out of the
message and place it in your TO: field.
--
