[funsec] Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch

Randy Abrams abrams at eset.com
Fri Jan 6 18:02:36 CST 2006

Trusting Ilfak with your beer was, notably, omitted :)

> -----Original Message-----
> From: funsec-bounces at linuxbox.org 
> [mailto:funsec-bounces at linuxbox.org] On Behalf Of Pierre Vandevenne
> Sent: Tuesday, January 03, 2006 4:11 PM
> To: Fergie
> Cc: funsec at linuxbox.org
> Subject: Re: [funsec] Microsoft trying to put F.U.D. on 
> Guilfanov 'temporary'patch
> Good Day,
> Tuesday, January 3, 2006, 10:15:40 PM, you wrote:
> F> Not sure I like how this story is worded. I mean, I 
> realize that MS 
> F> won't exactly endorse it, but WTF...
> The wording is, imho, miles better than Sony's initial 
> reaction to the "rootkit" affair. It is very responsible, 
> very technically accurate, and not disparaging in any way. 
> You couldn't expect MS to endorse anything produced by a 
> third party, this is natural. I've always had a lot of "free 
> speech" respect for Microsoft, compared to other companies, 
> and I've really been positively impressed at their reaction 
> to the (bulgarian/romanian?) guy who made a job of finding 
> vulnerabilities in Office.
> Although I am an early adopter of the patch. I would NOT take 
> the responsability to recommend to anyone to deploy it in a 
> huge corporate environment without extensive testing by the 
> involved parties.
> As Ilfak made it clear from the start, this patch evolved 
> from his (and my own need) to protect ourselves to what we 
> perceived was a real threat. Ilfak apparently posted this on 
> his blog, which is usually followed only by a bunch of very 
> competent hard core techies, as a technical demonstration of 
> how such an issue could be solved. Knowing Ilfak, I am sure 
> he did not expect it to be picked up by the mainstream as it 
> was. Basically, the idea was - source code provided - to 
> demonstrate a potentially useful technique to solve such issues.
> Now, to speak of hypothetical scenarios, if I was the "Blue 
> Team" and the "Red Team" attacked on a global scale, I'd be 
> glad to have that guy on my side ;-)
> Gadi asked me in private if Ilfak could be trusted (a natural 
> question if their ever was one). My answer was basically that 
> I would trust Ilfak with my wallet, my girlfriend and my 
> programs. I stand by that assessment.
> It should also be noted that, in an indirect way, a lot of 
> the people who rely on a anti-virus or a vulnerability fix 
> rely on the tool Ilfak masterminds. A lot of the hard core 
> techies around know that, but that is a bit complex to 
> explain to non techies.
> The wording "a Russian computer programmer" is factually true 
> (although Ilfak is a Tatar living in Belgium), but the "the 
> designer and main programmer of the most widely used malware 
> analysis tool" is also factually true.
> I guess the one you pick reveals your bias.
> --
> Best regards,
>  Pierre                            mailto:pierre at datarescue.com
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

More information about the funsec mailing list