[MrHyde]

"I sorta find it amusing that McAfee released a PDF of the white paper, considering that Abode’s PDF Reader is also a popular attack vector. It’s like railing again IE6 being insecure, but using it to post the message that IE6 is insecure."

-From the comments in the original article.

I found the above interesting because it suggests to me one of the fundamental principles of security: we must necessarily try to improve our security from inside of systems which are already insecure.

We could say that no one should ever use an IE with a zero-day vulnerability. And that no one should use pdf because it can be an attack vector. Or view jpegs because there have been embedded executable code vulnerabilities. Or run executable code because sometimes it is malicious.

Security is always a matter of trade-offs. One can never build a house which cannot be broken into but one can build a house that is not worth breaking into.

Sounds like there were a number of vulnerabilities here. It also sounds like improving default settings is one of the best solutions here. But it's clearly not a justification for no longer using SCM, or pdf. Perhaps for old IE.