06.09.08
Gemini version available ♊︎Novell Threat Assessment: More Like FUD and Harassment
Reader’s thoughts on Novell’s perspective on security
A reader has sent us some thoughts about the following threat assessment questionnaire from Novell which, unsurprisingly, requires that you install the proprietary Adobe Flash player (yes, for a simple questionnaire). Some of the questions evoked our reader’s response, as follows:
Is your organization subject to regulatory compliance (PCI, HIPAA, SOX, etc.)?
Er… NO, and what difference would it make to computer security and why are you posting such waffle?
Does the organization need to enforce integrity on products such as anti-virus, 24×7 even if the device is remote?
No, we have ‘computers’ that don’t get viruses.
If an infected machine is introduced to the network are there protections against network infection and propagation.
We don’t need such protections, our computers don’t get viruses.
Do your endpoints have a firewall that is driver based and not controllable by the end user?
Such software firewalls are next to useless, we have embedded firewalls at the gateway. █
Related and recent post:
ᶃ Gemini Space
This post is also available in 
Content is available under CC-BY-SA
Dan O'Brian said,
June 9, 2008 at 5:58 am
Why do you need the Adobe Acrobad reader? OpenSuSE ships Evince which works far far better and is installed by default.
Maybe you had to use Adobe Acrobat because you don’t run OpenSuSE?
Dan O'Brian said,
June 9, 2008 at 5:59 am
lol, I made a pretty funny typo – s/Acrobad/Acrobat/
It so should be called Acrobad tho
Roy Schestowitz said,
June 9, 2008 at 6:01 am
it’s about Flash, not Acrobat (which is rarely needed).
Dan O'Brian said,
June 9, 2008 at 6:28 am
Doh, my apologies. I misread “Acrobat” instead of “Flash” (haven’t had my morning coffee yet).
Even so, SUSE ships Gnash and swfdec, but I agree: Flash = bad.
Then again, you use Flash on this website as well (and until recently didn’t offer ogg alternatives), so you are being a bit hypocritical imho.
Open Honest said,
June 9, 2008 at 11:39 am
Questionair is about positioning Audit and Sentinal around compliance. Again we know where that idea came from. What they don’t tell you is that Audit links to a server clock much like all software offerings, and the server can be chanaged leaving you with an expensive appication that can’t sustain a trail of evidence. Same can be said with Sentinal, tied to a changable, hackable server. FUD with nothing to really meet compliance, as long as it is software based you will never get any better than FIPS 2 so much for government, banking ect.
aeshna said,
June 9, 2008 at 12:08 pm
This minor incident brings up a question I have. Instead of developing gnash and moonlight, wouldn’t have been easier to build from scratch a FOSS competitor that would work on Linux, Mac, *BSD, Windows, and Solaris? It wouldn’t have to have the bells and whistle to start–just stop, pause,and play functionality. And I would think that the *BSD people would be more than willing to contribute That Flash doesn’t work their OS is a real obstacle for them on the desktop and is an excellent example of how non-FOSS discourages innovation.
Has this not been done due to lack of interest or some deeper reason?