Novell Threat Assessment: More Like FUD and Harassment

Dr. Roy Schestowitz

2008-06-09 07:49:33 UTC
Modified: 2008-06-09 07:49:33 UTC

Reader's thoughts on Novell's perspective on security

A reader has sent us some thoughts about the following threat assessment questionnaire from Novell which, unsurprisingly, requires that you install the proprietary Adobe Flash player (yes, for a simple questionnaire). Some of the questions evoked our reader's response, as follows:

Is your organization subject to regulatory compliance (PCI, HIPAA, SOX, etc.)?

Er... NO, and what difference would it make to computer security and why are you posting such waffle?

Does the organization need to enforce integrity on products such as anti-virus, 24x7 even if the device is remote?

No, we have 'computers' that don't get viruses.

If an infected machine is introduced to the network are there protections against network infection and propagation.

We don't need such protections, our computers don't get viruses.

Do your endpoints have a firewall that is driver based and not controllable by the end user?

Such software firewalls are next to useless, we have embedded firewalls at the gateway. ⬆

Related and recent post:

Is Novell Ignoring Critical Security Problems?

Comments

Dan O'Brian

2008-06-09 10:58:30

Why do you need the Adobe Acrobad reader? OpenSuSE ships Evince which works far far better and is installed by default.

Maybe you had to use Adobe Acrobat because you don't run OpenSuSE? ;-)
Dan O'Brian

2008-06-09 10:59:39

lol, I made a pretty funny typo - s/Acrobad/Acrobat/

It so should be called Acrobad tho ;-)
Roy Schestowitz

2008-06-09 11:01:21

it's about Flash, not Acrobat (which is rarely needed).
Dan O'Brian

2008-06-09 11:28:28

Doh, my apologies. I misread "Acrobat" instead of "Flash" (haven't had my morning coffee yet).

Even so, SUSE ships Gnash and swfdec, but I agree: Flash = bad.

Then again, you use Flash on this website as well (and until recently didn't offer ogg alternatives), so you are being a bit hypocritical imho.
Open Honest

2008-06-09 16:39:24

Questionair is about positioning Audit and Sentinal around compliance. Again we know where that idea came from. What they don't tell you is that Audit links to a server clock much like all software offerings, and the server can be chanaged leaving you with an expensive appication that can't sustain a trail of evidence. Same can be said with Sentinal, tied to a changable, hackable server. FUD with nothing to really meet compliance, as long as it is software based you will never get any better than FIPS 2 so much for government, banking ect.
aeshna

2008-06-09 17:08:33

This minor incident brings up a question I have. Instead of developing gnash and moonlight, wouldn't have been easier to build from scratch a FOSS competitor that would work on Linux, Mac, *BSD, Windows, and Solaris? It wouldn't have to have the bells and whistle to start--just stop, pause,and play functionality. And I would think that the *BSD people would be more than willing to contribute That Flash doesn't work their OS is a real obstacle for them on the desktop and is an excellent example of how non-FOSS discourages innovation.

Has this not been done due to lack of interest or some deeper reason?

Novell Threat Assessment: More Like FUD and Harassment

Comments

Recent Techrights' Posts