× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2007

Re: How Secure is Windows, Really?

Joe,

I definately wasn't picking on Bill Regar or WRKDBF; I could have used any
number of other freeware authors and utilities as an example. WRKDBF is just
so pervasive and such a perfect vehicle for the kind of attack I described.
My point, as you grasped, is how many of us are guilty of installing
freeware utilities without truly knowing the author or what's in the code
and exposing our systems to possible attack. Please note that I recognize a
huge difference between freeware and opensource software and the latter is
perfectly acceptable to me since I can examine the code and see what it's
doing.

While I guess there are no guarantees, commercial software vendors are known
entities and can be made accountable through the judicial system. They have
a vested interest in making sure their products cannot be exploited in this
manner and maybe we as a community need to
put them on notice that any potential exploits discovered in their products
will be made known publicly forum such as this.

Kind regards,

BJ


On 1/3/07, Joe Pluta <joepluta@xxxxxxxxxxxxxxxxx> wrote:


> From: Brian
>
> Better yet, how about you create and distribute a freeware utility like
> WRKDBF with a timer set for a few years into the future so confidence in
> the
> utility is achieved then when the timer is tripped you start randomly
> selecting a record from the file being updated and perform such
mischief.
> Do
> you have a freeware utility like WRKDBF installed? Do you know what's in
> the
> code?
>
> This message is not in anyway way meant to suggest that WRKDBF contains
> any
> malware but just used it as an example of freeware that is installed and
> used by those with high-level authority without them really knowing
what's
> in the code.

Your point is well taken, Brian.  And while I'm reasonably certain that
Bill
Reger didn't put any time bombs in WRKDBF <grin>, that's one reason why
the
more security conscious managers I've met refuse to put ANY freeware on
their systems.

But then again, what's to stop say, a programmer at an ERP vendor or an AV
software vendor from doing the same thing?  Or even an IBM i5/OS
programmer?
This is indeed a slippery slope, and eventually you end up chucking the
computer and going back to the abacus...

Joe


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.