Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "Thor (Hammer of God)" <Thor () hammerofgod com>
Date: Sun, 16 May 2010 19:08:26 +0000

The error in your overall thesis is your failure to identify the difference between threat and risk.  You are 
interacting with Symantec's report of "x new threats" as if it actually means something, or more specifically, that 
these new threats somehow translate into some new level of risk.  They don't.

According to Stephen Hawking, there are new threats emerging based on the statistical probability of the existence of 
aliens.  Therefore, a "threat" exists where I may be struck in the head by a falling block of green alien poo, frozen 
in the atmosphere after being flushed out by a passing pan-galactic alien survey ship.  However, the actual *risk* of 
me being hit in the head while walking to a matinée of The Rocky Horror Picture Show doesn't dictate that I apply a 
small mixture of Purell and Teflon to my umbrella and fill my squirt gun with alien repellent.

The risk of me personally being struck by falling alien poo is *far* lower than the risk of any one of the almost 7 
billion people on the planet being struck by falling alien poo.  You may be able to calculate the risk of my being 
poo'd in relation to any given human being poo'd, but no level of math will allow you to determine what my or any other 
person's individual chance of being poo'd is.

Your argument would call everyone to change the way they protect themselves from falling alien poo out of the mere 
existence of a threat without really qualifying the associated risk.  That does nothing for anyone, and would only 
cause a rise in the cost of umbrellas and squirt guns and would probably result in the theater putting the kibosh on 
Rock Horror completely and charging people to watch Born Free.  (Insert clever association of "Born Free" with "free" 
open source products here.  See what I did there?)

Further, the basis of this "threat" is that you would actually have to trust what Stephen Hawking is saying in the 
first place.  In his case, there really isn't any way to know that he's the one saying it, is there?  For all we know, 
the ghost of Carl Sagan could have hacked into his computer and has made Mr. Hawking's requests to have his Depends 
changed translated into "run for your lives, the aliens are coming, the aliens are coming"  when his computer talks.

My point is that you are taking threat statistics from Symantec that don't mean anything on their own, as there is no 
definition of how those threats would apply to any given system, and directly converting them into some global level of 
risk - and you are doing so to such extremes that you actually conclude that the solution is to do away with Microsoft 
products based on some unproven and imagined postulate that closed source is somehow at the core of the issue while at 
the same time admitting you don't know anything about the platform.   The fact that you are actually using Windows and 
programs written with Visual Studio out of convenience to you critically damages your argument.  If you as the author 
of this idea refuse to migrate from Windows or applications written with Windows development products and frameworks 
just because it is *not convenient* for you, how could you possibly expect anyone supporting any infrastructure of 
consequence to take your advice or even consider your ideas as anything other than hysteria when they would have to 
engage in unfathomable expense, effort and time to create a total and complete paradigm change in their business simply 
to try to defend against being hit by falling alien poo?


An interesting point - Unicode?

I don't think 5Mb files are infeasible, especially as time passes,
that'll be just a blip before long.


On 15 May 2010 at 14:59, Christian Sciberras wrote:

Date sent:      Sat, 15 May 2010 14:59:46 +0100
Subject:        Re: [Full-disclosure] Windows' future (reprise)
From:   Christian Sciberras <uuf6429 () gmail com>
To:     stuart () cyberdelix net

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]