undefined | Better HN

0 pointsagravier13y ago0 comments

That's assuming the security models being compared are strict about the things that matter.

For instance, I can be very strict about PDFs on your computer: no PDF allowed. If you have addressed the risks posed by other more vulnerable attack vectors, OK, then my rule reduces the uncertainty of less strict but more complicated rules that would address the vulnerabilities of PDF readers. Otherwise, for example if I'm allowing the auto-execution of apps on removable devices, my strict PDF rules don't increase security.

0 comments

fpgeek13y ago

And might even decrease security in practice if people end up working around your strict rules via an even less secure path (e.g. sending around Word documents instead of PDF, perhaps).

j / k navigate · click thread line to collapse

0 pointsagravier13y ago0 comments

That's assuming the security models being compared are strict about the things that matter.

0 comments

fpgeek13y ago

And might even decrease security in practice if people end up working around your strict rules via an even less secure path (e.g. sending around Word documents instead of PDF, perhaps).

j / k navigate · click thread line to collapse