Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "Brian Kelly" To: "'Dennis Russo'" , Subject: RE: Windows Security Hole?? Date: Wed, 16 Jul 2003 21:42:04 -0400 Message-ID: <007101c34c04$a07d4410$6700a8c0@maxstars8g31h2> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20030717005338.23521.qmail@web12307.mail.yahoo.com> Importance: Normal X-Authentication-Info: Submitted using SMTP AUTH at pop016.verizon.net from [141.153.196.11] at Wed, 16 Jul 2003 20:42:00 -0500 I work in a large corporation with an obsessive security staff. Cygwin is now "accepted" (unofficially) through the "grease gun" method. In WWII one Nazi gunmaker was developing the world's first assault weapon. Hitler was informed of the effort - deemed it a waste of resources and ordered the project cancelled. A procurement general recognized the need for the weapon, and quietly "forgot" to cancel the program. A year or so later, the weapon was produced and distributed to German soldiers on the Eastern front. One day Hitler met briefly with some field commanders from the Eastern front and asked if they needed anything. "We need more of these new guns!" .... What new guns? Was Hitler's reply .... Defying Hitler was NOT a good career move for anyone! So what do you think happened to the general who "forgot" to cancel the weapon program????? HE WAS COMMENDED!!! Oh but what a risk he took indeed. I took a similar risk where I work. Living by the philosophy that I can do anything until threatened with termination in a face to face meeting (Boiler plate threats in corporate mass e-mails are delete key fodder), I went ahead and used Cygwin and Perl to build an incredibly powerful automated deployment and automated encrypted B2B communications infrastructure. The alternative is expenditure in the hundreds of thousands of dollars for third party software, licenses, consultants etc, etc. By the time I was "outed", management was faced with a cruel dilemma - live by their own rules and spend money they never budgeted for projects they never fully grasped nor understood, or accept the "unacceptable" - production processes running on non-proprietary "open source" software. OH THE HORROR!!! The result - I WAS COMMENDED. The point is Windows ITSELF is a SECURITY HOLE. You'd hardly do worse running cygwin on it if you have any kind of security consciousness and use good practices and policies. Your problem is, you were probably caught "too early" before you could do something truly valuable and impressive with it that would be VERY expensive to replace. Everything in life is a cost-benefit analysis. Sell a benefit, or impose a cost, and you will succeed in your agenda more often than not. Unfortunately, the bigger the organization, the more SIGNIFCANT the cost or benefit has to be to succeed in successfully creating change. Running emacs is probably not "significant" enough - unfortunately. -----Original Message----- From: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] On Behalf Of Dennis Russo Sent: Wednesday, July 16, 2003 8:54 PM To: cygwin AT cygwin DOT com Subject: Windows Security Hole?? Greetings all- I work for a corporation that is completly incased with windows. I currently have Win2K installed on my pc along with cygwin. My security dept became aware of this and now has asked me to remove cygwin because it represents a security breetch to the organization. Does running cygwin open any security 'holes' in a Win2K networked environment?? My thinking in this matter is that any information that I send while in cygwin would get 'encapsulated' and passed to Windows to determine what to do with it. Therefore, any security setting (GPOs, etc) are still enforced. I'm really only using it to run my perl scripts and have access to emacs. Any help or insight into this matter would be greatly appreciated... cheers, dr __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/