botnets: web servers, end-systems and Vint Cerf
Roland Dobbins
rdobbins at cisco.com
Fri Feb 16 17:44:46 UTC 2007
On Feb 16, 2007, at 9:12 AM, <michael.dillon at bt.com> wrote:
> It is regularly done with servers connected to the Internet.
> There is no *COMPUTING* problem or technical problem.
I beg to differ. Yes, it is possible for tech-savvy users to secure
their machines pretty effectively. But the level of technical
knowledge required to do so is completely out of line with, say, the
level of automotive knowledge required to safely operate an automobile.
> The problem of the 100 million machines is a social or business
> problem.
> We know how they can be secured, but the solution is not being
> implemented.
We know how -people with specialized knowledge- can secure them, not
ordinary people - and I submit that we in fact do not know how to
clean and validate compromised systems running modern general-purpose
operating systems, that the only sane option is re-installation of OS
and applications from scratch.
There have been very real strides in increasing the default security
posture of general-purpose operating systems and applications in
recent years, but there is still a large gap in terms of what a
consumer ought to be able to reasonably expect in terms of security
and resiliency from his operating systems/applications, and what he
actually gets. This gap has been narrowed, but is still quite wide,
and will be for the foreseeable future (witness the current
renaissance in the area of browser/HTML/XSS/Javascript
vulnerabilities as an example of how the miscreants can change their
focus as needs must).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
The telephone demands complete participation.
-- Marshall McLuhan
More information about the NANOG
mailing list