[funsec] Microsoft trying to put F.U.D. on Guilfanov
abrams at eset.com
Fri Jan 6 18:02:36 CST 2006
Trusting Ilfak with your beer was, notably, omitted :)
> -----Original Message-----
> From: funsec-bounces at linuxbox.org
> [mailto:funsec-bounces at linuxbox.org] On Behalf Of Pierre Vandevenne
> Sent: Tuesday, January 03, 2006 4:11 PM
> To: Fergie
> Cc: funsec at linuxbox.org
> Subject: Re: [funsec] Microsoft trying to put F.U.D. on
> Guilfanov 'temporary'patch
> Good Day,
> Tuesday, January 3, 2006, 10:15:40 PM, you wrote:
> F> Not sure I like how this story is worded. I mean, I
> realize that MS
> F> won't exactly endorse it, but WTF...
> The wording is, imho, miles better than Sony's initial
> reaction to the "rootkit" affair. It is very responsible,
> very technically accurate, and not disparaging in any way.
> You couldn't expect MS to endorse anything produced by a
> third party, this is natural. I've always had a lot of "free
> speech" respect for Microsoft, compared to other companies,
> and I've really been positively impressed at their reaction
> to the (bulgarian/romanian?) guy who made a job of finding
> vulnerabilities in Office.
> Although I am an early adopter of the patch. I would NOT take
> the responsability to recommend to anyone to deploy it in a
> huge corporate environment without extensive testing by the
> involved parties.
> As Ilfak made it clear from the start, this patch evolved
> from his (and my own need) to protect ourselves to what we
> perceived was a real threat. Ilfak apparently posted this on
> his blog, which is usually followed only by a bunch of very
> competent hard core techies, as a technical demonstration of
> how such an issue could be solved. Knowing Ilfak, I am sure
> he did not expect it to be picked up by the mainstream as it
> was. Basically, the idea was - source code provided - to
> demonstrate a potentially useful technique to solve such issues.
> Now, to speak of hypothetical scenarios, if I was the "Blue
> Team" and the "Red Team" attacked on a global scale, I'd be
> glad to have that guy on my side ;-)
> Gadi asked me in private if Ilfak could be trusted (a natural
> question if their ever was one). My answer was basically that
> I would trust Ilfak with my wallet, my girlfriend and my
> programs. I stand by that assessment.
> It should also be noted that, in an indirect way, a lot of
> the people who rely on a anti-virus or a vulnerability fix
> rely on the tool Ilfak masterminds. A lot of the hard core
> techies around know that, but that is a bit complex to
> explain to non techies.
> The wording "a Russian computer programmer" is factually true
> (although Ilfak is a Tatar living in Belgium), but the "the
> designer and main programmer of the most widely used malware
> analysis tool" is also factually true.
> I guess the one you pick reveals your bias.
> Best regards,
> Pierre mailto:pierre at datarescue.com
> Fun and Misc security discussion for OT posts.
> Note: funsec is a public and open mailing list.
More information about the funsec