RE: ISA get EAL4+ rating

  • From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 5 Oct 2005 11:12:20 -0500

True, but have you ever read a EULA?  Basically it says that a bunch of
monkeys could have banged on the keyboard and accidentally had it
compile into a program and that they aren't liable if it makes your
computer start on fire.

The integrity of the bits is all an auditor cares about; since there is
no warranty as to what the software does, if anything at all.  If it can
prove that the software on the disk that I have is what Microsoft says
it should be, then it's good enough. It's the software's fingerprint,
nothing more, nothing less.  Right now, I can't even be sure it's the
correct software that they are referencing.  If I don't know that, then
what it does is a moot point.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, October 05, 2005 10:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA get EAL4+ rating

http://www.ISAserver.org

Good point.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, October 05, 2005 10:47 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> http://www.ISAserver.org
> 
> I'm not so sure... If the true concern is surviving an audit, 
> a published 
> file hash is worthless, really.  I can publish the hash of 
> any of my Hammer 
> o' God tools, but unless you have the source code and compile 
> it yourself, 
> you have no way of knowing what I'm really doing in my code 
> when you run it. 
> The presence (or absence) of a hash has nothing to do with 
> the integrity of 
> a tool's operation, purpose, or effect - it's only the 
> integrity of the 
> bits.
> 
> t
> 
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, October 05, 2005 6:58 AM
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> 
> http://www.ISAserver.org
> 
> Good point.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> ________________________________
> 
> From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
> Sent: Wednesday, October 05, 2005 8:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> 
> http://www.ISAserver.org
> 
> 
> That Integrity Check Tool is a joke.  Where's the published
> known good file hash for me to verify that it has not been 
> tampered with
> before I downloaded it?  Sure as heck isn't on the web page 
> that you can
> download it from.
> 
> Using an unverified tool to verify another piece of software
> would have any auditor laughing at you pretty dang quick....  
> Just like
> a cashier at a store shouldn't be comparing the back of your 
> credit card
> to your signature but to your state/government (hopefully checked and)
> issued ID, since anyone can sign a credit card after it's been mailed
> out.....
> 
> 
> 
> 
> ________________________________
> 
> 
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Tuesday, October 04, 2005 10:00 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> 
> 
> http://www.ISAserver.org
> 
> I did ;-P
> 
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> 
> 
> ________________________________
> 
> 
> From: Greg Mulholland
> [mailto:gmulholland@xxxxxxxxxxxxxx]
> Sent: Tuesday, October 04, 2005 9:57 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> http://www.ISAserver.org
> 
> same to you :p
> 
> 
> 
> 
> ________________________________
> 
> 
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, 5 October 2005 12:54 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> http://www.ISAserver.org
> 
> Blog.
> 
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> 
> 
> ________________________________
> 
> 
> From: Greg Mulholland
> [mailto:gmulholland@xxxxxxxxxxxxxx]
> Sent: Tuesday, October 04, 2005 9:51 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA get EAL4+ rating
> 
> http://www.ISAserver.org
> 
> got a link?
> 
> 
> 
> 
> ________________________________
> 
> 
> From: Thomas W Shinder
> [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, 5 October 2005 12:26 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] ISA get EAL4+ rating
> 
> http://www.ISAserver.org
> 
> 'nuf said.
> 
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> 
> ------------------------------------------------------
> Visit TechGenix.com for more information about
> our other sites:
> http://www.techgenix.com
> 
> ------------------------------------------------------
> You are currently subscribed to this
> ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> 
> ------------------------------------------------------
> Visit TechGenix.com for more information about
> our other sites:
> http://www.techgenix.com
> 
> ------------------------------------------------------
> You are currently subscribed to this
> ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> All mail to and from this network has been scanned for viruses
> 
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other
> sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as: gmulholland@xxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other
> sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tradtke@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2005