At 1:01 PM -0500 2003/08/23, gep2(_at_)terabites(_dot_)com wrote:
Most of these recipients who allowed this worm to infect their
computer probably would NOT have had authorized those senders
to send attachments at all, let alone EXECUTABLE attachments.
I disagree. If you have a consent framework system, and the
dominant monopoly application vendor chooses to default to turning
off all security, by far the vast majority of users will leave it
that way. Thus, they would remain vulnerable.
This entire problem would have been a non-event even without a
consent framework system, if the dominant monopoly application vendor
actually paid any attention whatsoever to the issue of security from
a user perspective.
A consent framework system is neither a necessary condition nor
sufficient, unless it is a fundamental requirement of the most basic
kind of operations. However, such a system may be an enabler,
especially during a time of transition from an old system that
doesn't use it to a new system where it is integral.
However, to be truly effective, we have to make sure that we do
everything possible to create a system in which all possible
implementations default to "secure" mode, as opposed to "insecure".
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg