Surely this isn’t practical for all users in all areas at all businesses. But there are places where it makes a whole lot of sense. For example, why wouldn’t you want your firewall box to refuse to run, say, MS Outlook with VBA macros allowed to auto-run? Or anything else you didn’t manually install and enable, for that matter?

Just because the solution – exactly as specified – is frequently impractical does not mean that all parts of it are worthless all the time. Sounds to me like an ideal worth pursuing, even if you know you won’t always get there.

I’m with you, though, on the vulerability scans (should we do away with crash-testing of cars, and rely instead on the theoretical soundness of the engineering?) and the lessons to be learned by studying exploits.

Surely this isn’t practical for all users in all areas at all businesses. But there are places where it makes a whole lot of sense. For example, why wouldn’t you want your firewall box to refuse to run, say, MS Outlook with VBA macros allowed to auto-run? Or anything else you didn’t manually install and enable, for that matter?

Just because the solution – exactly as specified – is frequently impractical does not mean that all parts of it are worthless all the time. Sounds to me like an ideal worth pursuing, even if you know you won’t always get there.

I’m with you, though, on the vulerability scans (should we do away with crash-testing of cars, and rely instead on the theoretical soundness of the engineering?) and the lessons to be learned by studying exploits.