OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Ethical/Theoretical Question
From: Krystophyr Trezevant (philosfrREADYNETGO.COM)
Date: Thu Jun 01 2000 - 17:52:38 CDT


The other problem is where the line is. Where does adding security end and
removing functionality start? My users may demand .vbs and .js files to work
as they currently do.

The idea has a lot of merit as it would allow non-security minded users to
patch their system, however it would seriously hamper organizations that did
not need or want the assistance.

-----Original Message-----
From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Stephen McNaught
Sent: Thursday, June 01, 2000 5:48 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Ethical/Theoretical Question

Besides, you know that as soon as it's released, someone out there
will change it to make it malicious. - Steve

On Thu, 1 Jun 2000 13:41:37 -0700, you wrote:

>I was just discussing VBScript with some people online, and an interesting
>question came up.
>
>Namely, should we, the security conscious "geeks" of the world, be
designing
>"virii" that shore up holes in "normal" user's security? (Things like
.vbs,
>.js windows scripting associations, password caching, auto-opening EXEs
from
>IE)
>
>Something that tells you what holes there are in your system and offers to
>patch them...
>
>Jonathan