[Discussion] What are we making? -- CLIENT Side
Jack Pepper
pepperjack at afferentsecurity.com
Mon Oct 20 13:31:38 UTC 2008
Quoting Matt Jonkman <jonkman at jonkmans.com>:
> I really REALLY am not excited about trying to make a windows client.
> Not only does that open up a huge responsibility in support and the
> inevitable bluescreens, but I have had a difficult time over the years
> believing that any process on ANY os (especially windows) could be
> trusted and independant enough to watch itself. Take into account how
> easy it is for trojans and rootkits to shut down antivirus, or blind it.
> And these are products with hundreds of the most skilled coders around
> working on them.
The problem with client side technical controls is not a technical
problem. Several people have solved it several ways. But paying
customers won't buy it. Home users won't use it. Techies admire the
novelty, but they are not the "at risk" community. Client side is
simply not possible due to political and religious issues.
> I know we're sharp as a community, but I don't think that's a battle we
> want to get in to. So how can we do it at the network layer?
I beat my head against that wall for years before I finally gave up on
end user security. Screw 'em. The only viable approach is to make
the network safe, in spite of user misconduct. You should assume
Granny has an infected workstation and spends all her idle time trying
to hack the IDS and compromise every other machine on the internet.
(I will spare the list from a rant on the subject of NAC technology)
jp
--
Framework? I don't need no stinking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
More information about the Discussion
mailing list