Sat, Jun 19 2010 23:48
The small people
Recently a security researcher took it upon himself to make a risk decision for us all on the Internet. He decided that it was better to put people at risk, make them deploy a fixit workaround than to work with a vendor for a long term fix.
During a month like June was with lots of updates and patches and especially .NET ones, the fact that one person took it upon himself to make a risk determination for the Windows computing world annoys me. Fixits and workarounds that mitigate security issues are nice, but only if someone installs the mitigation.
If you only think in terms of risk to Enterprises, you forget consumers. If you only think of the impact to consumers, enterprises may need something different.
I challenge every security researcher to help someone get their computer fully up to date. No really. I mean FULLY up to date. On both a Mac and a Windows platform you need near enterprise patch management tools to determine if you are really up to date. And in getting up to date, try keeping tool bars and marketing relationships off your system.
Just the other day I was updating Adobe on Windows and had to ensure that I didn't get the Google toolbar. Yet on my Mac, there was no offending marketing offering in the Adobe flash update.
Sometimes there's just as much risk from patching as there is from the thing you are putting out the patch for.
There is no absolutes in security. There is no black and white.
And sometimes one person doesn't get the right to make the risk decision for the entire Internet without having some of us "small people" question that decision.
Filed under: Rants