« StillSecure, After all these years, Podcast #11 | Main | Two patch Tuesdays later ... »

August 19, 2006

Comments

SamVR

Where can I get one of those children's books? Nothing like scaring my kids early on to keep their systems patched and AV updated! ;-)

Minoo Hamilton

It's interesting to hear your ideas on ratchetting down the fear factor. Mike Murray has made his points on this subject (on his blog), so I'd like to add my 2 cents. From a technical perspective, everything about MS06-040 makes it the type of vulnerability capable of creating the perfect storm. I don't think anybody wants to challenge that in terms of the actual exposure. The thing that is hard to predict is, will someone out there decide to take advantage of that opportunity for the greatest ill? That is indeed the big question about the real risk. We haven't learned how to predict the weather with certainty either. Simply put, it's the first remote root vulnerability in awhile that affects all versions of windows, requires no authentication, and is unlikely to be blocked by a firewall. Why that seems like the perfect time to be afraid, because important things are, in fact, on the line.

On a final note, I don't imagine this type of Achilles-heal vulnerability will happen as often any more for Windows, since Microsoft has been putting a lot of effort into preventing this type of vulnerability in future products. Nowadays, critical vulnerabilities often affect the newer products less, require authentication, or affect a smaller set of the Windows product line. So, I'm not too worried about desensitizing people to these very real concerns.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)