[Dshield] What's wrong with this picture?

Johannes Ullrich jullrich at euclidian.com
Mon Jan 27 14:52:35 GMT 2003


> So Micro$oft wants to automatically scan for "known vulnerabilities"?

yes. And I am having no problems with that. They are already offering a
number of tools like this ("Security Baseline Evaluator" I think is one).

Automatic tools to assess and fix vulnerabilities are very much necessary.
You may think that you know better how to patch your system. But you are
subscribed to a security mailing list! Think about the millions of users
out there that never bothered to think about what a "packet" or a "port"
is. 

Software without bugs is a distant illusion. Think about that they still
have problems making bug-free cars, or jello cups that are not a choking
hazard.... widely distributed complex products will always show bugs once
they have to interact in the real world. The real problem with software
is the 'recall' procedure. Auto-update was a good first step. If you 
don't like it, don't use it, but be sure you understand what you are doing.




-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org



More information about the list mailing list