On Thu, 24 May 2007 14:47:27 -0000, Pavel Machek said: > Yes, if there's significantly more remote bad guys than local bad > guys, and if remote bad guys can't just get some local user first, AA > still has some value.
Experience over on the Windows side of the fence indicates that "remote bad guys get some local user first" is a *MAJOR* part of the current real-world threat model - the vast majority of successful attacks on end-user boxes these days start off with either "Get user to (click on link|open attachment)" or "Subvert the path to a website (either by hacking the real site or hijacking the DNS) and deliver a drive-by fruiting when the user visits the page".
pgpBr0jOMBUhb.pgp
Description: PGP signature
