[Am-info] E-mail virus picks up speed
Erick Andrews
Erick Andrews" <eandrews@star.net
Sun, 05 Jan 2003 08:40:13 -0500 (EST)
On Sat, 4 Jan 2003 21:51:04 -0600, Roy Bixler wrote:
>On Sat, Jan 04, 2003 at 10:13:38AM -0800, Mitch Stone wrote:
>> I'm familiar with the countering arguments, but I tend to shy away from
>> the more technical rebuttals, as I've found that most people don't
>> understand them, and those that do, will claim I'm promoting "security
>> by obscurity."
[...]
>So I think the people you are trying to convince are confused between
>"security through obscurity" and "security through diversity". They
>think you are talking about the former and, if you were, they would be
>correct. "Security through obscurity" is really not much security at
>all. "Security through diversity" is what you're really arguing.
[...]
I understand your distinction now, which is fine, but I think many others
may be confused, that is, I can't recall the term "security through diversity".
To me, MS viruses and worms are obscure: they just won't "run" on my
system. They're native to MS systems.
Sure, there may be other exploits that I may be vulnerable to, like
Javascript; some exploit getting though an open TCP/IP socket (OS/2 keeps
them closed unless connected to somewhere); or DOS (Denial Of Service,
which I believe my stack is hardened against), but I've not yet experienced
any of these. There are websites that you can do some testing with. They're
not foolproof but all those I've tried have yet to find any vulnerabilities.
"Security through obscurity" is generally bantered about with not much
definition. And though I like the phrase "security through diversity", I doubt
it has much currency.
--
Erick Andrews