Truth About Computer Security Hysteria
McGraw's comments quoted for posterityRob Rosenberger, Vmyths co-founder
Sunday, 31 January 1999
FINJAN REMOVED DR. Gary McGraw's comments from their Russian New Year quotes page. Ironically, they continue to highlight comments made by Greg Coticchia, a vice president of marketing at AXENT. Let me quote McGraw's original comments for posterity:
Mobile code presents very real security risks. The newly-discovered Russian New Year exploit demonstrates how simple it is to misuse good technology to carry out any number of dangerous security attacks. Who wold have guessed that mixing an extremely useful Excel funciton, a standard HTML call, and a devious mind would result in a full-fledged attack? The Russian New Year falls squarely within the worst category of mobile code attacks — system modification. A majority of Web users remain blithely unaware of the dangers of mobile code and would do well to sit up and take notice.
As I mentioned previously, McGraw's comments passed my "realism" test with flying colors, and they would apply equally well to the Res exploit discovered in 1997.