[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    Re: Remote Access Users
From:       Ryan Russell <ryan () thievco ! com>
Date:       2004-01-22 21:51:53
Message-ID: 401045F9.503 () thievco ! com
[Download RAW message or body]

Adam Shostack wrote:

> Betchya I can design something that just uses the same DLL! :)

Right.  As I said, the protection code simply changes so that your 
attack doesn't work anymore.  I.e. the next version doesn't have that 
DLL anymore.  I get to see your attack, and I can always defeat it, 
after the fact.  And vice-versa.

> More seriously, I'm asking about the economics and usefulness of
> designing these systems, if we know that they're going to be another
> arms race.

I'm very specifically avoiding the term "arms race", since the 
technology is not escalating in any particular way (I think.)  Rather, 
it's a who-is-most-recent race.  That's what we do with AV software now, 
for all intents and purposes.


> If you have say, $100,000 to spend on a tool, should you
> spend it on a weak assurance that the laptop is patched, or on
> something else, say an application level gateway that protects
> internal systems from the attacks those laptops launch?

Ah, now I make absolutely no claims that something like this is an 
appropriate expenditure for the threat model.  In fact, I would rather 
spend my time and money keeping the inside in decent shape (patching, 
for the context of this list), so that it can tolerate an infected 
visitor or returning laptop, to a degree.

					Ryan


---
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]