> > Yeah, I agree with you, if I was "mht" I "wouldn't be sleeping as good at
> > night" as he/she seems to ;) HTTP is a problem, it just to flexible. And
> > I agree: self-updating software is not a good thing.
>
> Self-updating software removes costly distribution and support issues, I
> expect that we'll see a lot more of it in the future, irregardless of if
> we'd like to or not.
Yes, lot's of positive sides to self utdating too, I suppose :/ Also, I guess that one
could argue that redirection is possible regardless of wether the software update
process is automated or not. So the security implications of an automated process is
really just that: That it is automated and thus could work as a sort of backdoor. The
real security problem is how the internet works (limitations of TCP/IP, Bind, etc): No
way of guaranteing that when I request www.somewhere.com, that this is where I'll end
up. Correct?
They are addressing this in IP/NG, are they not?
> > But what if the security policy state that only the SysAdmin (or atleast
> > someone who knows about MD5, etc) is allowed to download & install new
> > software. Or new software should ONLY be dl from the intranet server. Is
> > there a way to enforce such a policy? (i.e. looks at what is beeing sent
> > via HTTP, filters out the desired MIME types, unless the person is
> > authorised) Might be possible depending on the size and requirements of
> > the organisation, but does it exist?
>
> The problem is that it's possible to write HTTP-enabled software that
> bypasses such controls. The end-user perhaps won't even be aware of the
> fact.
I C :/ Is it possible to explain why/how?
> > Virus scanning everything should help some, ofcoz it woun't prtotect you
> > against new stuff (but maybe your security policy allows you to settle
> > with this).
>
> Given the traffic/bandwidth requirements of the future, this is going to
> be a losing game with streaming media. I'd prefer to look at things that
> will work for the next several years, not just a few months.
Well, in that case: Has it ever occured to you that you might be in the wrong
business? ;) Just kidding, I see your point. Still think it is important to do what we
can to limit the threats.
Any ideas for a real solution?
> [snip]
> > I'd really like to see a (at least partially) solution here, since there
> > seems to be no end to this type of virus these days.
>
> The solution is office applications that don't execute foreign content.
Yes. Is that practical/possible in todays world?
The MS dominance a threat to security?
[....]
> > same region :) BTW: what region is that?
>
> Washington, D.C./Maryland/Northern Virginia.
Ok, I was just currious :)
Regards,
Per
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
