Re: Intel developing security 'game-changer'
NIST has downloadable ISOs of hashes for whitelists: http://www.nsrl.nist.gov/ That ought to help a great deal... On Mon, Feb 7, 2011 at 18:01, Marc Maiffret mmaiff...@eeye.com wrote: Apologies in advanced for the stream of conscious flow of this email as I am pressed for time. The way systems are being compromised right now really comes from one of two main ways: 1. The “fake av” problem – This is along the lines of what you described below. A user is convinced to run code in a way that is completely legitimate. I.E. The user runs an executable from their web browser without the attacker leveraging a software based vulnerability. This is a common problem especially as it relates to the various fake anti-virus software out there. In this case whitelisting would help as the only thing going on here, typically, is a malicious executable being launched via a web browser. 2. Software vulnerabilities – This is different and a much bigger problem than the first. In this case, which I believe to be more common, users do not have to do anything but simply view a website and once viewing a website there is attack code which will leverage an unpatched/unknown vulnerability within some software on that machine (IE,FireFox,Reader,Java,Flash,Quicktime,etc…). A lot of these attacks are being delivered through completely legitimate websites through malicious advertisements or hackers using SEO methods to have their malicious website show up in “legitimate” Google search results. We see the second case happening even more often because it is so simple and reliable. In the second case since your leveraging a vulnerability in a known good application it means your now executing code (in the case of a buffer overflow) within that known good applications process space which means your part of the good white list and can do what you please. So unlike today where typically you would start executing code within Adobe Reader just enough to download somemalware.exe and execute it. You would have an intermediary step to either a) Have your malicious code that executes within Adobe Reader kill what process control security software is running (i.e. kill bit9) and then execute your malware just as normal b) Make yourself persistent on the system in one of a number of ways that do not actually require an executable. Think Operation Aurora and it using a services.dll style to backdoor the system which means your now just a .dll running within svchost.exe which is a process that has to be white listed. Or you’re a .dll running within rundll32.exe which is also white listed. Now the good guys become required to also white list control all .dll’s and if you thought trying to manage what processes you should or should not be running was hard with just executables it becomes a nightmare, i.e. an IT time sink, to do it for every .dll. And then of course the .dll example I gave is just the simple bypass, there are more sophisticated things that again raise the bar to make whitelisting worthless pretty fast. So is whitelisting not worth it at all? I.E. Should you not look into a whitelisting solution or an endpoint security solution that has whitelisting as a component? No, I would not go that far, I think some level of process control can be helpful but as a feature of a good endpoint solution rather than an entire solution itself. For example in the endpoint security product I help create we use process execution control but rather than trying to figure out all that you should and should not be white listing we are controlling known good behavior around the more commonly attacked applications (web browser, office, adobe, etc…) Then we fill in the white listing gaps by doing in process memory monitoring to more generically prevent exploits that are actually leveraging the more common classes of application vulnerabilities such as buffer overflow attacks etc so that when an attacker goes to initially execute malicious code within Adobe we deny that from happening in the first place which means we don’t have to worry about the after fact of trying to control processes and other things that become a losing battle. I forget if it is this week’s VEF or the next one that one of my researchers is covering some data we dug up on most common locations for malware to reside on a system etc… http://www.eeye.com/VEF -Marc From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, February 07, 2011 1:54 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well stated. Do you have any opinion on the volume of malware we’d see in a strictly white-list environment as opposed to a strictly black-list environment? Right now, the “vulnerability” is predominately the user who can be convinced to run code to see the dancing pigs. It seems that white-listing effectively plugs that hole, but then we’d move
RE: Intel developing security 'game-changer'
I don't think you understand what I'm saying because I mostly agree with everything you've said here as well as most of Andrew's points. I also agree with Marcus's dumb ideas. I'm not saying that whitelisting is bad or pointless. I'm not saying that blacklisting is better. Nor am I saying that whitelisting is ineffective. My main and original point has always been that whitelisting is a piece of the solution, but not a panacea against malware and will not stop all malware from being executed. This was in direct response to Michael B. Smith's statement - I’m still of the opinion that the only real solution is white-listing. The link you sent, (which I largely agree with and have read a few times over the years) seems to assume the same thing: In fact, if I were to simply track the 30 pieces of Goodness on my machine, and allow nothing else to run, I would have simultaneously solved the following problems: Spyware Viruses Remote Control Trojans Exploits that involve executing pre-installed code that you don't use regularly and The cure for Enumerating Badness is, of course, Enumerating Goodness. When you say things like SOLVED the following problems and the CURE and real SOLUTION, it implies eradication and a panacea. Again, maybe I'm misunderstanding them, but it seems to be a common misperception that whitelisting will block all malware because now you only specify what you want to run and since nobody wants to execute malware, it will be stopped. This simply isn't true UNLESS you also whitelist all data files as well. If we flipped a magic switch and changed to a predominately whilte-list environment, would malware be less prevalent? I don't know. Probably less overall, but there would still be a significant amount. It would just have morphed into exploiting a different vector - namely flaws in the whitelisted .exe that allow code hidden in data files to execute. Ideally, we'd have BOTH white and black lists. Whitelists for executables and blacklists for data files. The presupposition is that there are more bad files than good, therefore we need whitelists. This is true. BUT, there are more good DATA files than bad, so in that case, we need blacklists. In the current environment? Absolutely, white-list is more effective than black-list. But, let's be careful with our assumptions so that we don't get caught with a false sense of security. You seem to dismiss the .WMF and .JPG vulnerabilities based on how the malware executed in today's environment. Absolutely, whitelisting would have made it ineffective. You said, What I mean by isn't such a big deal is that (almost always) the reason for an elevated prompt is to run a malicious app. If your system won't run any but whitelisted apps, you've mitigated the impact of the 0-day, even if you haven't completely negated it. Ahh, but this is the point you're missing - Whitelisting is ignoring .jpg files because they're not supposed to be executable. If my malware IS a jpg and that jpg is executed by a whitelisted .exe WITH a 0-day, whitelisting does nothing to help. So, to sum up 1. Whitelist is a definite improvement. 2. Malware will still exist in a whitelist environment. 3a. Blacklists will still be needed. 3b. OR all data files will need to be whitelisted as well. Really, those are my only 3 points. Everything else simply serves to illustrate these. From: Kurt Buff [kurt.b...@gmail.com] Sent: Monday, January 31, 2011 6:37 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' I'm going to agree very strongly with Andrew here. To bolster the case, I'll point you to some words of wisdom from the man who write the first firewall implemented at the White House: http://www.ranum.com/security/computer_security/editorials/dumb/ Dumb ideas one and two, specifically... While what you say is true, Andrew (and I, of course) also understand that risk, and that risk is not something covered by blacklists, at least initially. It takes time to get the signatures out for a blacklist, just as it takes time to get patches out for your AV/IDS/IPS/HIDS/Whatever. What's worse is that the signature writers simply can't keep up. However, the universe of 0-days for whitelisted apps is far smaller than the universe of stupid/malicious apps. And, in most cases, just because a 0-day hits you, it doesn't mean that your machine is compromised. Why? Because all that usually gets you is an elevated command prompt - and that in and of itself isn't such a big deal. Wait for it.. What I mean by isn't such a big deal is that (almost always) the reason for an elevated prompt is to run a malicious app. If your system won't run any but whitelisted apps, you've mitigated the impact of the 0-day, even if you haven't completely negated it. It's rare that a machine gets hit by a 0-day with a live human being on the other end
Re: Intel developing security 'game-changer'
Scott, Your response points out things that I already pointed out in my response. Yes, there are specific scenarios where whitelisting does not prevent an attack. Even then, it still affords additional opportunities to mitigate exploitation of the vulnerability. Additionally, there are many other scenarios where whitelisting addresses a weakness of blacklisting. So you still come out ahead.Please note my comments about vendor facilitation of granular feature control to mitigate the types of problems that you are focusing on. Now, let's look at how the vulnerabilities you mention are actually exploited. - http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability - http://isc.sans.edu/diary.html?storyid=992 - http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx By getting someone to open up a specially crafted data file (via web, email, file share, etc), you can cause the primary application to spawn your executable (which is hidden in the data file) -- typically with all the rights of the spawning app. Now, depending on how such an application is initiated, it may not spawn as a child process, but as its own process. If it spawns as a child process, then whitelisting may or may not help. But, as its own process, it would fail to be initiated -- even in a zero day scenario for which no signatures exist. Even if this is only in 50% of the zero-day situations, you're still protected to a much greater degree than via signatures alone. *Antimalware signatures are generally produced much more rapidly than an application patch. So, while a zero day flaw may take a week (optimistic) to patch, the AV vendors could be blocking all .txt files containing the offending string of bits.* Which doesn't take into account all the effort that malware writers put into their work to ensure that offending string of bits is obfuscated. Even if it takes the signature writers a mere 24 hours to: - figure out all the combinations of bad bits - test and validate the fix - make the fix available to their distribution mechanisms - get your systems to pick them up That's still a long time for a zero-day infection to do its work. And, having worked with a number of AV vendors on zero-day scenarios, 2-3 days is not unreasonable for reverse engineering a good exploit. Where does that leave your systems which are only relying on a list of bad things to block? *Agreed…for the time being. But, if we were to flip a magic switch and swap to a predominantly white-list based environment, the most common exploitation vectors would switch to exploiting white-listed .exes through buffer overflows or other methods of tricking an .exe to doing more than displaying data in a data file.* I'm not sure where you have gotten this idea that buffer overflow and executable data exploits involve making the parent application do new tricks. All they do is get the parent application to run new code of the attackers choice, and in many cases, that code is subject to running in its own environment -- thus, blockable in a whitelisting scenario. I've experienced several examples of this during my testing of what later became Cisco's CSA product, and eEye's Blink! Here's a good article to read: http://www.intelligentwhitelisting.com/blog/problem-vulnerable-whitelisted-application-part-ii *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Mon, Jan 31, 2011 at 7:12 PM, Crawford, Scott crawfo...@evangel.eduwrote: Inline, but here’s some opening comments J White-listing .exes does nothing to stop attacks like .wmf and .jpg vulnerabilities below. http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21526 http://www.symantec.com/security_response/writeup.jsp?docid=2004-091516-5119-99tabid=2 While these may be currently patched and/or low risk, I think they server to illustrate my point. Note that AV signatures detect the badness in them before Microsoft patched the offending executable. Also note that under all but the most restrictive white-listing campaign, the code that processes .wmf and .jpg would be allowed. Again, please don’t misunderstand me. I’m not saying white-listing is without its advantages. I’m simply saying that it’s not a solution to stop malware. Impair it? Yes. Stop some of it? Yes. But, the primary reason it stops some and even most current malware is because it’s not very popular yet. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, January 31, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' *There are MORE good files that I want to use than bad that I want to block. * Except that most of those good files won't get executed if you stop a more limited number of other executables from launching. My concern is infected data files that are associated
RE: Intel developing security 'game-changer'
No one here has suggested panacea Perhaps not, but that's not my perception. I see lots of statements like I'm still of the opinion that the only real solution is white-listing. - MBS Maybe I'm misreading that, but that hints at a panacea and I'm simply saying that it's not. All of your other points - I agree. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 4:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment. It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: My point is that neither signatures, nor white-listing are a panacea. The fact that we've been sig based for so long while malware continues to be effective leads many to think that white-listing would solve all our woes. I'm simply saying that many *current* vulnerabilities circumvent a white-list so it can't be a panacea...unless of course you white-list each individual data file. From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 1:55 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, that's not a panacea either. Documents = 1's and 0's = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 2:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog
Re: Intel developing security 'game-changer'
Here are my full thoughts on the subject, as a security mechanism: http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspxNo, it is not a panacea, because no security mechanism ever is. Yes, there are drawbacks, but focusing on these technologies will provide a bigger bang for the buck and allow us to mitigate the weaknesses sooner. Either way, your ROI is greater in most scenarios which use whitelisting vs blacklisting. Also, check out the following: http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html *ASB *(Find me online via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott crawfo...@evangel.eduwrote: “No one here has suggested panacea” Perhaps not, but that’s not my perception. I see lots of statements like “I’m still of the opinion that the only real solution is white-listing. - MBS” Maybe I’m misreading that, but that hints at a panacea and I’m simply saying that it’s not. All of your other points – I agree. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 4:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment. It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott crawfo...@evangel.edu wrote: My point is that neither signatures, nor white-listing are a panacea. The fact that we’ve been sig based for so long while malware continues to be effective leads many to think that white-listing would solve all our woes. I’m simply saying that many **current** vulnerabilities circumvent a white-list so it can’t be a panacea…unless of course you white-list each individual data file. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 1:55 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.edu wrote: Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com
RE: Intel developing security 'game-changer'
Application whitelisting is a good idea, because for every environment, there are less items that fall into the known good category than bad code that you don't want to run. This assumption simply isn't true. Data = 1's and 0's = code. There are MORE good files that I want to use than bad that I want to block. If there was some magic bullet that ensured data files could never contain executable bits, then I would agree whole heartedly. But, I don't believe such bullet will ever exist. Therefore data = 1's and 0's = code and its up to the whitelisted .exe to interpret them correctly. If there's a chance that said application will make a mistake, then we also need something signature based to block the bad bits. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 31, 2011 12:25 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Here are my full thoughts on the subject, as a security mechanism: http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx No, it is not a panacea, because no security mechanism ever is. Yes, there are drawbacks, but focusing on these technologies will provide a bigger bang for the buck and allow us to mitigate the weaknesses sooner. Either way, your ROI is greater in most scenarios which use whitelisting vs blacklisting. Also, check out the following: http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html ASB (Find me online via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: No one here has suggested panacea Perhaps not, but that's not my perception. I see lots of statements like I'm still of the opinion that the only real solution is white-listing. - MBS Maybe I'm misreading that, but that hints at a panacea and I'm simply saying that it's not. All of your other points - I agree. From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 4:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment. It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: My point is that neither signatures, nor white-listing are a panacea. The fact that we've been sig based for so long while malware continues to be effective leads many to think that white-listing would solve all our woes. I'm simply saying that many *current* vulnerabilities circumvent a white-list so it can't be a panacea...unless of course you white-list each individual data file. From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 1:55 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, that's not a panacea either. Documents = 1's and 0's = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From
Re: Intel developing security 'game-changer'
*There are MORE good files that I want to use than bad that I want to block. * Except that most of those good files won't get executed if you stop a more limited number of other executables from launching. You don't necessarily have to track every version of every known DLL that might ever get executed, if you can simply track the far more limited number of executables that would spawn them. It would appear that you're looking at whitelisting in a very different way than is typically implemented. What is your understanding of how a whitelisting solution would need to work? *If there’s a chance that said application will make a mistake, then we also need something signature based to block the bad bits.* Except that the scenario you're presenting is exactly what we call Zero Day attacks. Vulnerability is discovered in an approved app (no matter how you chose to identify approved app) and it gets exploited. How is a signature helping there when the attack is new? If the vulnerability is one that requires no new executables, then a zero-day attack is equally damaging to a whitelist or blacklist approach. If the vulnerability is one that spawns a new executable, then a zero-day attack is not effective in a whitelist scenario, but just as damaging as always in a blacklist scenario. I address the need for vendors to allow features and functionality to be enabled or disabled independently (in the very next paragraph), which would provide even more security. In the meantime, blacklisting at the host level as the primary means of protection is a game of increasing risk with diminishing returns... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Mon, Jan 31, 2011 at 2:36 PM, Crawford, Scott crawfo...@evangel.eduwrote: “Application whitelisting is a good idea, because for every environment, there are less items that fall into the “*known good*” category than bad code that you don’t want to run.” This assumption simply isn’t true. Data = 1’s and 0’s = code. There are MORE good files that I want to use than bad that I want to block. If there was some magic bullet that ensured “data” files could never contain executable bits, then I would agree whole heartedly. But, I don’t believe such bullet will ever exist. Therefore data = 1’s and 0’s = code and its up to the whitelisted .exe to interpret them correctly. If there’s a chance that said application will make a mistake, then we also need something signature based to block the bad bits. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, January 31, 2011 12:25 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Here are my full thoughts on the subject, as a security mechanism: http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx No, it is not a panacea, because no security mechanism ever is. Yes, there are drawbacks, but focusing on these technologies will provide a bigger bang for the buck and allow us to mitigate the weaknesses sooner. Either way, your ROI is greater in most scenarios which use whitelisting vs blacklisting. Also, check out the following: http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html *ASB *(Find me online via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott crawfo...@evangel.edu wrote: “No one here has suggested panacea” Perhaps not, but that’s not my perception. I see lots of statements like “I’m still of the opinion that the only real solution is white-listing. - MBS” Maybe I’m misreading that, but that hints at a panacea and I’m simply saying that it’s not. All of your other points – I agree. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 4:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment. It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott crawfo...@evangel.edu wrote: My point is that neither signatures, nor white-listing are a panacea
RE: Intel developing security 'game-changer'
Inline, but here's some opening comments :) White-listing .exes does nothing to stop attacks like .wmf and .jpg vulnerabilities below. http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21526 http://www.symantec.com/security_response/writeup.jsp?docid=2004-091516-5119-99tabid=2 While these may be currently patched and/or low risk, I think they server to illustrate my point. Note that AV signatures detect the badness in them before Microsoft patched the offending executable. Also note that under all but the most restrictive white-listing campaign, the code that processes .wmf and .jpg would be allowed. Again, please don't misunderstand me. I'm not saying white-listing is without its advantages. I'm simply saying that it's not a solution to stop malware. Impair it? Yes. Stop some of it? Yes. But, the primary reason it stops some and even most current malware is because it's not very popular yet. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 31, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' There are MORE good files that I want to use than bad that I want to block. Except that most of those good files won't get executed if you stop a more limited number of other executables from launching. My concern is infected data files that are associated with a white-listed .exe. You don't necessarily have to track every version of every known DLL that might ever get executed, if you can simply track the far more limited number of executables that would spawn them. Understood It would appear that you're looking at whitelisting in a very different way than is typically implemented. What is your understanding of how a whitelisting solution would need to work? Yes, I am becoming aware that I'm looking at it very differently :). That is basically my point. The way it's typically implemented is to specify an allowed list of executables using multiple ways of compiling that list - publisher, path, hash, filename, etc. This is basically the only practical way it can work. However, to be *truly* stop all malware from executing, it would also have to include all documents/data files that a user would want to use. If there's a chance that said application will make a mistake, then we also need something signature based to block the bad bits. Except that the scenario you're presenting is exactly what we call Zero Day attacks. Vulnerability is discovered in an approved app (no matter how you chose to identify approved app) and it gets exploited. How is a signature helping there when the attack is new? Antimalware signatures are generally produced much more rapidly than an application patch. So, while a zero day flaw may take a week (optimistic) to patch, the AV vendors could be blocking all .txt files containing the offending string of bits. If the vulnerability is one that requires no new executables, then a zero-day attack is equally damaging to a whitelist or blacklist approach. If the vulnerability is one that spawns a new executable, then a zero-day attack is not effective in a whitelist scenario, but just as damaging as always in a blacklist scenario. I address the need for vendors to allow features and functionality to be enabled or disabled independently (in the very next paragraph) Right. The ability to turn off javascript/macros in Word, Reader, IE, etc. is certainly a beneficial addition, but it doesn't prevent other forms of malware that may be present in a .doc or .pdf, just the malware that exploits the built-in execution engine. , which would provide even more security. In the meantime, blacklisting at the host level as the primary means of protection is a game of increasing risk with diminishing returns... Agreed...for the time being. But, if we were to flip a magic switch and swap to a predominantly white-list based environment, the most common exploitation vectors would switch to exploiting white-listed .exes through buffer overflows or other methods of tricking an .exe to doing more than displaying data in a data file. ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Mon, Jan 31, 2011 at 2:36 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Application whitelisting is a good idea, because for every environment, there are less items that fall into the known good category than bad code that you don't want to run. This assumption simply isn't true. Data = 1's and 0's = code. There are MORE good files that I want to use than bad that I want to block. If there was some magic bullet that ensured data files could never contain executable bits, then I would agree whole heartedly. But, I don't believe such bullet will ever exist. Therefore data = 1's and 0's = code and its up to the whitelisted .exe to interpret them correctly. If there's a chance
Re: Intel developing security 'game-changer'
I'm going to agree very strongly with Andrew here. To bolster the case, I'll point you to some words of wisdom from the man who write the first firewall implemented at the White House: http://www.ranum.com/security/computer_security/editorials/dumb/ Dumb ideas one and two, specifically... While what you say is true, Andrew (and I, of course) also understand that risk, and that risk is not something covered by blacklists, at least initially. It takes time to get the signatures out for a blacklist, just as it takes time to get patches out for your AV/IDS/IPS/HIDS/Whatever. What's worse is that the signature writers simply can't keep up. However, the universe of 0-days for whitelisted apps is far smaller than the universe of stupid/malicious apps. And, in most cases, just because a 0-day hits you, it doesn't mean that your machine is compromised. Why? Because all that usually gets you is an elevated command prompt - and that in and of itself isn't such a big deal. *Wait for it..* What I mean by isn't such a big deal is that (almost always) the reason for an elevated prompt is to run a malicious app. If your system won't run any but whitelisted apps, you've mitigated the impact of the 0-day, even if you haven't completely negated it. It's rare that a machine gets hit by a 0-day with a live human being on the other end running native OS tools to exfiltrate data or do other malicious things. The one relatively recent bit of maliciousness that I can remember that did anything like that was the Slammer worm, and all that did was propagate itself. Is it 100%? Nope, and Andrew (nor anyone else taking this position) never said that. Is it easy to set up? Nope, and nobody ever said it was, either. But, if I had to choose, I'd take whitelisting over blacklisting every damned day. Kurt On Mon, Jan 31, 2011 at 16:12, Crawford, Scott crawfo...@evangel.eduwrote: Inline, but here’s some opening comments J White-listing .exes does nothing to stop attacks like .wmf and .jpg vulnerabilities below. http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21526 http://www.symantec.com/security_response/writeup.jsp?docid=2004-091516-5119-99tabid=2 While these may be currently patched and/or low risk, I think they server to illustrate my point. Note that AV signatures detect the badness in them before Microsoft patched the offending executable. Also note that under all but the most restrictive white-listing campaign, the code that processes .wmf and .jpg would be allowed. Again, please don’t misunderstand me. I’m not saying white-listing is without its advantages. I’m simply saying that it’s not a solution to stop malware. Impair it? Yes. Stop some of it? Yes. But, the primary reason it stops some and even most current malware is because it’s not very popular yet. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, January 31, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' *There are MORE good files that I want to use than bad that I want to block. * Except that most of those good files won't get executed if you stop a more limited number of other executables from launching. My concern is infected data files that are associated with a white-listed .exe. You don't necessarily have to track every version of every known DLL that might ever get executed, if you can simply track the far more limited number of executables that would spawn them. Understood It would appear that you're looking at whitelisting in a very different way than is typically implemented. What is your understanding of how a whitelisting solution would need to work? Yes, I am becoming aware that I’m looking at it very differently J. That is basically my point. The way it’s typically implemented is to specify an allowed list of executables using multiple ways of compiling that list – publisher, path, hash, filename, etc. This is basically the only practical way it can work. However, to be **truly* *stop all malware from executing, it would also have to include all documents/data files that a user would want to use. ***If there’s a chance that said application will make a mistake, then we also need something signature based to block the bad bits.* Except that the scenario you're presenting is exactly what we call Zero Day attacks. Vulnerability is discovered in an approved app (no matter how you chose to identify approved app) and it gets exploited. How is a signature helping there when the attack is new? Antimalware signatures are generally produced much more rapidly than an application patch. So, while a zero day flaw may take a week (optimistic) to patch, the AV vendors could be blocking all .txt files containing the offending string of bits. If the vulnerability is one that requires no new executables, then a zero-day attack is equally
RE: Intel developing security 'game-changer'
Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.comwrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, January 26, 2011 1:37 PM *To:* NT System Admin Issues *Subject:* Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -Original Message- From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.comwrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, January 26, 2011 1:37 PM *To:* NT System Admin Issues *Subject:* Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
Re: Intel developing security 'game-changer'
You are right...with cars, I am a special user. I expect that I am being slated on a mechanic's list somewhere :-) Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.comwrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, January 26, 2011 1:37 PM *To:* NT System Admin Issues *Subject:* Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally
Re: Intel developing security 'game-changer'
Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
RE: Intel developing security 'game-changer'
Did somebody lose their happy place? Thanks, Mathew From: Gary Slinger [mailto:gary.slin...@gmail.com] Sent: Thursday, January 27, 2011 3:25 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.commailto:kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry(r) wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: Intel developing security 'game-changer'
I am not sure anyone would remotely describe me as 'hippy'. Fairly good at my job yes. Not holding my customers in contempt. I guess in some scenarios that could make me a 'hippy'. My analogy wasn't about sensitivity, it was about awareness and respect. My point was to remember the audience. People are embarrassed when they make mistakes. They can be fearful about admitting to them, which can lead to further mistakes. Especially when they are in an environment that fosters contempt of mockery of such things. People can be acutely aware of when they are dealing with professionals who hold them in contempt and this can have long term consequences. Of course, many people go through life without ever seeing it that way. In the end, perhaps some people just aren't as good or clear with customer interaction as they may think they are and the price they pay is that users don't ask more questions when confused. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 3:31 PM, William Robbins dangerw...@gmail.comwrote: Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -- *From: * Steven Peck sep...@gmail.com *Date: *Thu, 27 Jan 2011 15:22:28 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto: al...@sunbelt-software.com al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex *From:* David Lum [mailto: david@nwea.orgdavid@nwea.org] *Sent:* Wednesday, January 26, 2011 1:37 PM *To:* NT System Admin Issues *Subject:* Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366
RE: Intel developing security 'game-changer'
I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless deviceFrom: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype?David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
Re: Intel developing security 'game-changer'
It's not not knowing the things I know, it's not following crystal clear directions in this particular instance. -Original Message- From: Shauna Hensala she...@msn.com Date: Thu, 27 Jan 2011 16:46:22 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless deviceFrom: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype?David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
Re: Intel developing security 'game-changer'
Do I /look/ like a people person? :) -Original Message- From: Mathew Shember mathew.shem...@synopsys.com Date: Thu, 27 Jan 2011 15:33:26 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' Did somebody lose their happy place? Thanks, Mathew From: Gary Slinger [mailto:gary.slin...@gmail.com] Sent: Thursday, January 27, 2011 3:25 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.commailto:kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry(r) wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana
Re: Intel developing security 'game-changer'
To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
On the advice of counsel, no comment. William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:53, Gary Slinger gary.slin...@gmail.com wrote: Do I /look/ like a people person? :) From: Mathew Shember mathew.shem...@synopsys.com Date: Thu, 27 Jan 2011 15:33:26 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' Did somebody lose their happy place? Thanks, Mathew From: Gary Slinger [mailto:gary.slin...@gmail.com] Sent: Thursday, January 27, 2011 3:25 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 26, 2011 1:37 PM To: NT System Admin Issues Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
RE: Intel developing security 'game-changer'
People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car - never smoked a cigarette - never failed to switch off your electronic devices whilst on an airborne plane after being directed - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people b) the regard in which we are held - we are not always seen as god c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: Intel developing security 'game-changer'
I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! -- Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -- *From: * Steven Peck sep...@gmail.com *Date: *Thu, 27 Jan 2011 15:22:28 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto: al...@sunbelt-software.com al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites online, while giving all of these places their credit card numbers. Alex *From:* David Lum [mailto: david@nwea.orgdavid@nwea.org] *Sent:* Wednesday, January 26, 2011 1:37 PM *To:* NT System Admin Issues *Subject:* Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog
Re: Intel developing security 'game-changer'
OK, you have a point there. :-) On Fri, Jan 28, 2011 at 3:52 AM, Ken Schaefer k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car - never smoked a cigarette - never failed to switch off your electronic devices whilst on an airborne plane after being directed - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people b) the regard in which we are held - we are not always seen as god c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device From: David Lum david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave ~ Finally
RE: Intel developing security 'game-changer'
Sometimes people do things because they weigh risks (rightly or wrongly) and decide the risk is worth it. If someone told you not to use your PC, but someone was going to die unless you authorised something, would you do it? What if it was your company losing $100m dollars (and then hundreds of people getting fired?) What if it was $10m and dozens? What if it were you losing your own job? Etc. Sometimes people have to get things done, and being unaware of the risks, do it anyway. Cheers Ken From: Rene de Haas [mailto:rene.deh...@gmail.com] Sent: Friday, 28 January 2011 11:07 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.commailto:she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.commailto:dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.commailto:gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.commailto:sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.commailto:kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry(r) wireless device From: David Lum david@nwea.orgmailto:david@nwea.org Date: Thu, 27 Jan 2011 13:55:37 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' You mean I'm not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave From: Alex Eckelberry [mailto:al...@sunbelt-software.commailto:al...@sunbelt-software.com] Sent: Thursday, January 27, 2011 1:46 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don't think it will mean much at all. An analogy might be DEP, which did make some difference - that was something at the kernel. But not a huge difference. I would put
Re: Intel developing security 'game-changer'
My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice are two different things. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming
RE: Intel developing security 'game-changer'
That didn't sound like your point at all. You said : Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 11:12 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice are two different things. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.commailto:she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.commailto:dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.commailto:gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.commailto:sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food
Re: Intel developing security 'game-changer'
That wasn't even close to the situation presented. If someone's going to die because of something I have to do or not do, well, then something's gone horribly wrong. Same for losing $100m dollars Same for $10m dollars Same for losing my job... These scenarios don't have any basis in a rational discussion. If youre' going to argue at the extremes, then there isn't any point to the discussion. On Thu, Jan 27, 2011 at 10:11 PM, Ken Schaefer k...@adopenstatic.com wrote: Sometimes people do things because they weigh risks (rightly or wrongly) and decide the risk is worth it. If someone told you not to use your PC, but someone was going to die unless you authorised something, would you do it? What if it was your company losing $100m dollars (and then hundreds of people getting fired?) What if it was $10m and dozens? What if it were you losing your own job? Etc. Sometimes people have to get things done, and being unaware of the risks, do it anyway. Cheers Ken *From:* Rene de Haas [mailto:rene.deh...@gmail.com] *Sent:* Friday, 28 January 2011 11:07 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! -- Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -- *From: *Steven Peck sep...@gmail.com *Date: *Thu, 27 Jan 2011 15:22:28 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: *David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social
Re: Intel developing security 'game-changer'
Valid points as well. Thanks for enlightning me. On Fri, Jan 28, 2011 at 4:11 AM, Ken Schaefer k...@adopenstatic.com wrote: Sometimes people do things because they weigh risks (rightly or wrongly) and decide the risk is worth it. If someone told you not to use your PC, but someone was going to die unless you authorised something, would you do it? What if it was your company losing $100m dollars (and then hundreds of people getting fired?) What if it was $10m and dozens? What if it were you losing your own job? Etc. Sometimes people have to get things done, and being unaware of the risks, do it anyway. Cheers Ken *From:* Rene de Haas [mailto:rene.deh...@gmail.com] *Sent:* Friday, 28 January 2011 11:07 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! -- Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -- *From: *Steven Peck sep...@gmail.com *Date: *Thu, 27 Jan 2011 15:22:28 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.org On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: *David Lum david@nwea.org *Date: *Thu, 27 Jan 2011 13:55:37 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Intel developing security 'game-changer' You mean I’m not supposed to enter my Visa number at a site that will give me winning lottery numbers on an animated stripper card that includes a free registry and spyware scan and install AntiVirus 2069? Who knew? Dave *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Thursday, January 27, 2011 1:46 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' Well, since the vast majority of infections occur because of social engineering, I don’t think it will mean much at all. An analogy might be DEP, which did make some difference – that was something at the kernel. But not a huge difference. I would put this in the same pot. At the end of the day, your users will still demand downloading their favorite crapware, surf porn, and fill out lottery sites
Re: Intel developing security 'game-changer'
Beyond the pale of idiocy. Outside the ordinary decent bounds, it's a pretty easily understood phrase, such as the scenarios you present, they are beyond the pale. Say you go to the doctor, complaining of some symptom and he tells you to stop a behavior and that symptom will go away. Next year, same complaint, but you haven't given up the behavior, how do you think he's going to handle you? On Thu, Jan 27, 2011 at 10:14 PM, Ken Schaefer k...@adopenstatic.com wrote: That didn’t sound like your point at all. You said : Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Friday, 28 January 2011 11:12 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice are two different things. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories
RE: Intel developing security 'game-changer'
If it is House he will probably call you an idiot at both visits so you can't win in that particular case :-] From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, January 27, 2011 7:20 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Beyond the pale of idiocy. Outside the ordinary decent bounds, it's a pretty easily understood phrase, such as the scenarios you present, they are beyond the pale. Say you go to the doctor, complaining of some symptom and he tells you to stop a behavior and that symptom will go away. Next year, same complaint, but you haven't given up the behavior, how do you think he's going to handle you? On Thu, Jan 27, 2011 at 10:14 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: That didn't sound like your point at all. You said : Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 11:12 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice are two different things. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.commailto:she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.commailto:dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. RobbinsEnterprise Infrastructure OperationsOffice of Information ManagementDeloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.commailto:gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user
RE: Intel developing security 'game-changer'
It's called degrees. There's some situations where obviously you would use the computer. And at the other end of the scale, situations where you shouldn't. And in between is some point at which the situation changes from one to the other. For each person that point is different. Cheers Ken From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 11:16 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' That wasn't even close to the situation presented. If someone's going to die because of something I have to do or not do, well, then something's gone horribly wrong. Same for losing $100m dollars Same for $10m dollars Same for losing my job... These scenarios don't have any basis in a rational discussion. If youre' going to argue at the extremes, then there isn't any point to the discussion. On Thu, Jan 27, 2011 at 10:11 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Sometimes people do things because they weigh risks (rightly or wrongly) and decide the risk is worth it. If someone told you not to use your PC, but someone was going to die unless you authorised something, would you do it? What if it was your company losing $100m dollars (and then hundreds of people getting fired?) What if it was $10m and dozens? What if it were you losing your own job? Etc. Sometimes people have to get things done, and being unaware of the risks, do it anyway. Cheers Ken From: Rene de Haas [mailto:rene.deh...@gmail.commailto:rene.deh...@gmail.com] Sent: Friday, 28 January 2011 11:07 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.commailto:she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.commailto:dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.commailto:gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. From: Steven Peck sep...@gmail.commailto:sep...@gmail.com Date: Thu, 27 Jan 2011 15:22:28 -0800 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social engineering is a rather time consuming task. Lot's to be learned from the advertising fields in how to present the same overall message in different formats for user consumption. Steven Peck http://www.blkmtn.orghttp://www.blkmtn.org/ On Thu, Jan 27, 2011 at 2:00 PM, Rankin, James R kz2...@googlemail.commailto:kz2...@googlemail.com wrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Typed frustratingly slowly on my BlackBerry(r) wireless device From: David Lum david@nwea.orgmailto:david@nwea.org Date: Thu, 27 Jan
RE: Intel developing security 'game-changer'
I tend to think less of my users for not recognizing what I deem to be blatantly obvious. I thought it was a good point that we should be more tolerant and respectful of our 'clients' as they provide our job security. In the extreme - the more issues they have (and directions they ignore) the more necessary it is to have people that can 'make it work.' I do like being the 'hero' even if all I do is plug in the power. I LIKE the problems I can fix. It is a reward for the problems I spend extensive time trying to solve. Just my perspective. Shauna From: r...@pge.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' Date: Fri, 28 Jan 2011 03:23:54 + If it is House he will probably call you an idiot at both visits so you can’t win in that particular case :-] From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, January 27, 2011 7:20 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Beyond the pale of idiocy. Outside the ordinary decent bounds, it's a pretty easily understood phrase, such as the scenarios you present, they are beyond the pale. Say you go to the doctor, complaining of some symptom and he tells you to stop a behavior and that symptom will go away. Next year, same complaint, but you haven't given up the behavior, how do you think he's going to handle you? On Thu, Jan 27, 2011 at 10:14 PM, Ken Schaefer k...@adopenstatic.com wrote: That didn’t sound like your point at all. You said : Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 11:12 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice are two different things. Cheers Ken -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, 28 January 2011 8:02 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' To ignore the advice of an expert you are relying on for advice/work to be done is idiocy. I don't consider my users idiots until they give me cause. Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. On Thursday, January 27, 2011, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know
Re: Intel developing security 'game-changer'
Yes, I understand that. You aren't arguing degrees, you're arguing an extreme that any reasonable individual would agree with. My comment was inline with this email On Thu, Jan 27, 2011 at 5:00 PM, Rankin, James R kz2...@googlemail.comwrote: I had a home user recently showing all the signs of malware. I told him not to use his pc till I could look at it. And he went and made a purchase with his debit card. Against that sort of idiocy, we admins are doomed to fail. Very few things are so important that a home user can't wait to buy[1]. And then theres the added idiocy that they are using a debit card. Ignoring adivce from multiple professionals. My rates for that user have just gone up. [1] Medicine might be the one example, but typically that is also availble in a number of easily accessible locations. On Thu, Jan 27, 2011 at 10:30 PM, Ken Schaefer k...@adopenstatic.com wrote: It’s called degrees. There’s some situations where obviously you would use the computer. And at the other end of the scale, situations where you shouldn’t. And in between is some point at which the situation changes from one to the other. For each person that point is different. Cheers Ken *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Friday, 28 January 2011 11:16 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' That wasn't even close to the situation presented. If someone's going to die because of something I have to do or not do, well, then something's gone horribly wrong. Same for losing $100m dollars Same for $10m dollars Same for losing my job... These scenarios don't have any basis in a rational discussion. If youre' going to argue at the extremes, then there isn't any point to the discussion. On Thu, Jan 27, 2011 at 10:11 PM, Ken Schaefer k...@adopenstatic.com wrote: Sometimes people do things because they weigh risks (rightly or wrongly) and decide the risk is worth it. If someone told you not to use your PC, but someone was going to die unless you authorised something, would you do it? What if it was your company losing $100m dollars (and then hundreds of people getting fired?) What if it was $10m and dozens? What if it were you losing your own job? Etc. Sometimes people have to get things done, and being unaware of the risks, do it anyway. Cheers Ken *From:* Rene de Haas [mailto:rene.deh...@gmail.com] *Sent:* Friday, 28 January 2011 11:07 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' I don't call people idiots because they don't know how something works. But if you don't then listen to someone who does. He didn't ask the to understand anything, just the instruction not to use it, That shouldn't be that hard. On Fri, Jan 28, 2011 at 12:46 AM, Shauna Hensala she...@msn.com wrote: I thought it was good - remarkably astute. We all know different things - to classify someone as an idiot because they don't know the things you know is a fallacy. Plus the sigh correlation was good for a chuckle! -- Subject: Re: Intel developing security 'game-changer' From: dangerw...@gmail.com Date: Thu, 27 Jan 2011 18:31:07 -0500 To: ntsysadmin@lyris.sunbelt-software.com Sensitive as always. :) William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Jan 27, 2011, at 18:25, Gary Slinger gary.slin...@gmail.com wrote: What a load of hippy crap. What part of don't use that system has to be explained in kindergarten terms to a user? They're not special, they're idiots. -- *From: *Steven Peck sep...@gmail.com *Date: *Thu, 27 Jan 2011 15:22:28 -0800 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Intel developing security 'game-changer' We all have our share of special users. Those are interesting stories. Some of us have our share of educational victories as well. Those that learn after getting the right information after only one or two bad experiences. For instance, I have this thing in my kitchen that makes things hot (my wife calls it an oven). If I have a recipe that I follow I can get an approximation of edible food. Sometimes I get lucky and it's really good, other times it's merely a lesson in what doesn't work. In the cooking world I am that 'special user'. Fortunately my wife does not mock me for it, although I am beginning to suspect a correlation between my attempts to bake and her loud sighs, I may have to chart the occurrences. For our special users (even our general ones), we must remember that people learn differently and often we must craft our educational message to fit our users ability to comprehend. Educating people on social
Re: Intel developing security 'game-changer'
I don't think less of my users. I think less of people who ask me for my professional opinion and then proceed to ignore that opinion without providing any reason or a very trifling reason. There are always going to be users who can't/wont do a certain task. A boss that won't clear a paper jam on their printer. In their mind, they've determined that it isnt' worth their time. I can accept that calculation, I might disagree with it, but it's not necessarily a battle worth fighting. They have a reasonable basis for their belief, and any different is going to be splitting hairs, and therefore not worth it. On Thu, Jan 27, 2011 at 10:48 PM, Shauna Hensala she...@msn.com wrote: I tend to think less of my users for not recognizing what I deem to be blatantly obvious. I thought it was a good point that we should be more tolerant and respectful of our 'clients' as they provide our job security. In the extreme - the more issues they have (and directions they ignore) the more necessary it is to have people that can 'make it work.' I do like being the 'hero' even if all I do is plug in the power. I LIKE the problems I can fix. It is a reward for the problems I spend extensive time trying to solve. Just my perspective. Shauna -- From: r...@pge.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Intel developing security 'game-changer' Date: Fri, 28 Jan 2011 03:23:54 + If it is House he will probably call you an idiot at both visits so you can’t win in that particular case :-] *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, January 27, 2011 7:20 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Beyond the pale of idiocy. Outside the ordinary decent bounds, it's a pretty easily understood phrase, such as the scenarios you present, they are beyond the pale. Say you go to the doctor, complaining of some symptom and he tells you to stop a behavior and that symptom will go away. Next year, same complaint, but you haven't given up the behavior, how do you think he's going to handle you? On Thu, Jan 27, 2011 at 10:14 PM, Ken Schaefer k...@adopenstatic.com wrote: That didn’t sound like your point at all. You said : Ignoring advice of using a compromised computer to buy a widget with a debit card is beyond the pale. *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Friday, 28 January 2011 11:12 AM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' My statement didn't exempt anyone from exhibiting idiocy. My point is if you're going to ask for advice, and the proceed to ignore that advice and still want my assistance, expect to pay a higher/additional price. To answer your specific items, see inline On Thu, Jan 27, 2011 at 9:52 PM, Ken Schaefer k...@adopenstatic.com wrote: People do things all the time that they are admonished not to. How many people here have: - never spoken on a mobile phone whilst driving a car I have a hands free system in my car - never smoked a cigarette I avoid smoking, but I have been known to enjoy a cigar - never failed to switch off your electronic devices whilst on an airborne plane after being directed I do shut off devices, I've directed a traveller next to me to do so, as well. - etc (I realise that the last one doesn't really have any impact on the flying off the plane, but none the less you are being directed by someone in authority to do something, yet didn't) And then there are the cases where your friend/family/whatever recommends that you don't buy xyz product, or don't visit xyz shop or whatever. Does everyone always follow that advise? Or put on safety goggles when doing work in the garage or whatever. The fact of the matter is that people take *risks* all the time. Despite advice to the contrary. Sometimes it's: a) the way we communicate the message - just saying don't do it isn't sufficient for some people I try and explain why it's bad, such as they're going to get your credit card, or get access to other information on your computer, if they haven't already done so. Leave it off until I can look at it. b) the regard in which we are held - we are not always seen as god I don't pretend to be god, I present myself as a professional. If you come to me asking for a professional opinion and then ignore it, well, that is your choice, but don't expect me to bend over backwards to help you, either. c) what people perceive the risks to be, and how likely they think the risk will. If people think this will never happen to me then they'll go and go it anyway. Careful explanation of why doing something in a) is bad is the beginning, explaining how I arrived at that opinion is part of b) and c) is, if they are going to do it because they can't stave off the impluse, or because they have no choice
Re: Intel developing security 'game-changer'
Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* ** - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
On Wed, Jan 26, 2011 at 1:37 PM, David Lum david@nwea.org wrote: http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 No actual content in that article. None. Zip. Zero. Zilch. You could replace the entire article with Intel is developing something that will solve all security problems. It might be hardware, software, or both. It might be released this year, or next, or never. and it would not change the meaning. The author must own Intel stock or something. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
cynic I think the term you are looking for is vaporware? And their claim to the security industry is their purchase of McAffee? Maybe I'm just extra cynical today, but this is not reporting, it is a thinly veiled press release. There's a lot of hope and may and might be in this. If it was, we've got this great product we're rolling out in the third quarter and they end up missing it by a quarter or two, I'd be fine, at least they have a goal. The way Rattner's talking, they don't have a goal, they just think it's really cool and want everyone else in the market to know we're going to mess up the security market, so better stop what you're doing. /cynic On Wed, Jan 26, 2011 at 1:37 PM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMD. Don't worry, the product will be RFC-3514 compliant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
And people wondered why they bought McAfee Intel is not stupid. By the way, the FTC approved the acquisition of McAfee in late December. Jonathan - Thumb typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. On Jan 26, 2011 1:48 PM, Sean Martin seanmarti...@gmail.com wrote: ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
And RFC 1149 Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, January 26, 2011 10:54 AM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMD. Don't worry, the product will be RFC-3514 compliant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
There is a term for this kind of thing... Vaporware. This article is just about hype. I see no news here, in fact I think I've read this article somewhere before... http://www.darkreading.com/security/security-management/208804703/index.html http://www.computerworld.com/s/article/96020/IBM_fits_PCs_with_new_hardware_based_security_chip?taxonomyId=017 http://www.net-security.org/news.php?id=2736 But maybe this is something new? Who knows until a real announcement. Even then, it'll be hacked and picked appart. Limitations will be discussed. Loopholes will be found. New attack methods will emerge. Go ahead and paste me into the skeptic category on this one. --Matt Ross Ephrata School District - Original Message - From: David Lum [mailto:david@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 26 Jan 2011 10:37:10 -0800 Subject: Intel developing security 'game-changer' What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Thanks for the laughs Ben and David. I'd never seen those before. - Sean On Wed, Jan 26, 2011 at 9:53 AM, Ben Scott mailvor...@gmail.com wrote: On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMD. Don't worry, the product will be RFC-3514 compliant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* ** - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 2:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Something like this is a step on the slippery slope to running signed software only as well – you can effectively guarantee you wouldn't have malicious software if you only run things that you've whitelisted on your system. Of course, you can do that today and it also won't save you if you've whitelisted something that turns out to be malicious – or if someone breaks your signing mechanism, etc. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Wed, 26 Jan 2011 14:34:37 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Agreed and agreed. But those issues are more easily defined. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.comwrote: I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
For example, what happens if I whitelist Acrobat, what else am I whitelisting? I'm not readup on current whitelisting capabilities, I suppose I need to research a bit more thoroughly. I haven't seen anything about this in what I have researched. On Wed, Jan 26, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.comwrote: I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Why is it a slippery slope? *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 2:39 PM, Kramer, Jack jack.kra...@ur.msu.eduwrote: Something like this is a step on the slippery slope to running signed software only as well – you can effectively guarantee you wouldn't have malicious software if you only run things that you've whitelisted on your system. Of course, you can do that today and it also won't save you if you've whitelisted something that turns out to be malicious – or if someone breaks your signing mechanism, etc. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Andrew S. Baker asbz...@gmail.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Wed, 26 Jan 2011 14:34:37 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.comwrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* ** - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, that's not a panacea either. Documents = 1's and 0's = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 2:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
I'm sorry, I don't understand your question. The whitelisting capabilities of 2008R2 are pretty good. And there are third parties that do it even better. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, January 26, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' For example, what happens if I whitelist Acrobat, what else am I whitelisting? I'm not readup on current whitelisting capabilities, I suppose I need to research a bit more thoroughly. I haven't seen anything about this in what I have researched. On Wed, Jan 26, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 2:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
I'm just wondering if it the plugins for Acrobat are whitelisted because they run within Acrobat, or if those need to be whitelisted separately. Again, I'm unifnormed, and I admit it, but it is something that I haven't seen an obvious answer. On Wed, Jan 26, 2011 at 2:51 PM, Michael B. Smith mich...@smithcons.comwrote: I’m sorry, I don’t understand your question. The whitelisting capabilities of 2008R2 are pretty good. And there are third parties that do it even better. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' For example, what happens if I whitelist Acrobat, what else am I whitelisting? I'm not readup on current whitelisting capabilities, I suppose I need to research a bit more thoroughly. I haven't seen anything about this in what I have researched. On Wed, Jan 26, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.com wrote: I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.eduwrote: Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
Yes and no. If you have an app that requires it, and it is a mainline business app, there isn't a viable alternative. On Wed, Jan 26, 2011 at 2:54 PM, Andrew S. Baker asbz...@gmail.com wrote: Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.eduwrote: Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Intel developing security 'game-changer'
The potential for an architecture company, like Intel, to say that they're now only allowing you to run code on their chips that's signed by their signing authority and you have to pay $(largenum) for the privilege of having your code evaluated, etc. Whitelisting is great when you can control it but not as much if it's imposed on you by an outside agency. Obviously this would be done out of security concerns. In an ideal world this would be stopped either by the competitive market or a monopoly regulation but you never know. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Wed, 26 Jan 2011 14:47:26 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' Why is it a slippery slope? ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 2:39 PM, Kramer, Jack jack.kra...@ur.msu.edumailto:jack.kra...@ur.msu.edu wrote: Something like this is a step on the slippery slope to running signed software only as well – you can effectively guarantee you wouldn't have malicious software if you only run things that you've whitelisted on your system. Of course, you can do that today and it also won't save you if you've whitelisted something that turns out to be malicious – or if someone breaks your signing mechanism, etc. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Wed, 26 Jan 2011 14:34:37 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
Re: Intel developing security 'game-changer'
I think the article at the link below has more content than their security killer app. http://www.engadget.com/2011/01/26/intel-hires-will-i-am-as-director-of-creative-innovation-whol/ On Wed, Jan 26, 2011 at 1:53 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Jan 26, 2011 at 1:37 PM, David Lum david@nwea.org wrote: http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 No actual content in that article. None. Zip. Zero. Zilch. You could replace the entire article with Intel is developing something that will solve all security problems. It might be hardware, software, or both. It might be released this year, or next, or never. and it would not change the meaning. The author must own Intel stock or something. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Intel developing security 'game-changer'
My point is that neither signatures, nor white-listing are a panacea. The fact that we've been sig based for so long while malware continues to be effective leads many to think that white-listing would solve all our woes. I'm simply saying that many *current* vulnerabilities circumvent a white-list so it can't be a panacea...unless of course you white-list each individual data file. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 1:55 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, that's not a panacea either. Documents = 1's and 0's = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: RE: Intel developing security 'game-changer' I'm still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, January 26, 2011 2:35 PM To: NT System Admin Issues Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Most important statement If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMDhttp://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_. - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body
Re: Intel developing security 'game-changer'
No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment. It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott crawfo...@evangel.eduwrote: My point is that neither signatures, nor white-listing are a panacea. The fact that we’ve been sig based for so long while malware continues to be effective leads many to think that white-listing would solve all our woes. I’m simply saying that many **current** vulnerabilities circumvent a white-list so it can’t be a panacea…unless of course you white-list each individual data file. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 1:55 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff. It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott crawfo...@evangel.edu wrote: Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only difference is what layer its executed at. Assume you white-list AdobeReader.exe. The next time a flaw is found that is exploited through a malformed PDF, it will march right through your white-list. *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* RE: Intel developing security 'game-changer' I’m still of the opinion that the only real solution is white-listing. But that raises its own set of issues. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, January 26, 2011 2:35 PM *To:* NT System Admin Issues *Subject:* Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin seanmarti...@gmail.com wrote: Most important statement *If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware, Olds said. **The key is that it's reliable. It has to have the ability to discern legit software from malware**. But if they can pull this off, it would give them quite a competitive advantage **vs. AMD*http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_ *.* - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum david@nwea.org wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana