[Discussion] What are we making? -- CLIENT Side

Jack Pepper pepperjack at afferentsecurity.com
Mon Oct 20 13:31:38 UTC 2008


Quoting Matt Jonkman <jonkman at jonkmans.com>:

> I really REALLY am not excited about trying to make a windows client.
> Not only does that open up a huge responsibility in support and the
> inevitable bluescreens, but I have had a difficult time over the years
> believing that any process on ANY os (especially windows) could be
> trusted and independant enough to watch itself. Take into account how
> easy it is for trojans and rootkits to shut down antivirus, or blind it.
> And these are products with hundreds of the most skilled coders around
> working on them.

The problem with client side technical controls is not a technical  
problem.  Several people have solved it several ways.  But paying  
customers won't buy it.  Home users won't use it.  Techies admire the  
novelty, but they are not the "at risk" community.  Client side is  
simply not possible due to political and religious issues.

> I know we're sharp as a community, but I don't think that's a battle we
> want to get in to. So how can we do it at the network layer?

I beat my head against that wall for years before I finally gave up on  
end user security.  Screw 'em.  The only viable approach is to make  
the network safe, in spite of user misconduct.  You should assume  
Granny has an infected workstation and spends all her idle time trying  
to hack the IDS and compromise every other machine on the internet.


(I will spare the list from a rant on the subject of NAC technology)

jp

-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com




More information about the Discussion mailing list