Full Disclosure mailing list archives

Re: Microsoft Cries Wolf ( again )


From: "Roy S. Rapoport" <full-disclosure () ols inorganic org>
Date: Mon, 14 Jul 2003 01:19:52 -0700

On Sun, Jul 13, 2003 at 10:34:43AM +0100, Scott wrote:
      Maybe I am just a bit paranoid, but how many people would trust a
vendor to harden a box prior to shipping?

The vast, vast, vast majority of computer users.

I for one always reinstall from
clean/trusted media when a new/used box comes through the door.

      If the hardened box from a vendor (kudos to Dell for trying this
anyway) and it gets cracked, is there a cause for blame or legal action
against the vendor for false advertising, repair costs etc?  Would something
like this be possible?

      I would be interested in knowing what riders or caveats vendors
would ship with the hardened product.

It all comes down to trust in the end, however there are few people in this
life that I trust that much (sad isn't it!).

It sometimes feels as though this mailing list is populated by
slashdotters, quick to shoot down ideas that are improvements over the
current situation if they're not perfect.

Is it better to do your own installation? Certainly.  Is it better to do
your own hardening? Again, obviously yes.  But the vast majority of people
out there don't do either of these.  The vast number of systems out there,
at least in the home environment, come pre-installed from the factory.  It
may not be how *I* do things, but then I'm not the typical MS user.  Given
that the vast majority of systems out there are set (and forgotten) at
factory defaults, it's laudable of Dell to raise the bar as to what
'factory defaults' really are.  It's almost as good as Microsoft saying
"factory defaults from now on of all our OSes will be secure," and actually
doing it.

-roy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: