Re: new iss stuff

[rwing!pat () ole cdac com (Pat Myrto)]

"In the previous message, Adam Shostack said..."
> Pat Myrto said:
>
> | "In the previous message, Dan said..."
 
[ ... ]

>       I don't like it much either, but for a different reason.  The
> high cost of source compared to binaries at an educational site will
> cause most sites to end up with binaries.  This leads to a black box

And binaries at privileged levels are an anathema to security.  Especially
when security DEPENDS on them.  It boils down to a 'one size fits all'
solution.  Which is not satisfactory.  The price for source is nothing
but a ripoff.  Sooner or later (probably sooner) the crackers will have
it, but the legit users WON'T.  Just like they have access (to some
extent, at least) to pirated sources for versions of Unix.  Thanks a
lot.

> way of thinking about security.  If ISS has bugs that cause it to
> seriously misrepresent your situation, you may end up trusting a
> product you shouldn't.  If it was available as source for the same
> price, those bugs would be found and patched sooner.

It all boils down to the same thing.  Security through obscurity.
Only now you get your pockets emptied for the service.

I bet there was more than a little contributed code or code based on
freeware code in the original iss, and it would be carried over to the
'super' version.  And I bet those contributers aren't getting a NICKEL.
Which means that people are charging for at least some code that isn't
theirs.

Its a gouge playing on fear, as I see it.

NO SALE.
-- 
pat@rwing  [If all fails, try:  rwing!pat () ole cdac com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.