ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: still no Outlook patch

2000-05-30 06:30:02
from [Anthony Atkielski] [Permanent Link] 
From: "James Salsman" <j(_dot_)salsman(_at_)bovik(_dot_)org>
Sent: Monday, May 29, 2000 02:12
Subject: RE: still no Outlook patch



The fact that they still have some people who
have suggested it is not helping them avoid
the "predatory" label.


Only among those with a poor understanding of the software issues, I
daresay.  I think, in this case (as in most), it is a question of poor or
questionable product design, not predation.

Microsoft, like just about every other microcomputer software publisher,
gives priority to feature bloat over security.  This is an economic
necessity, because the need to sell upgrades and versions to survive
requires that a software publisher find reasons to entice customers to
replace software that already does the job with new software that does the
same thing.  Customers may whine about security, but they won't pay for it,
and they find it a nuisance when they see it in the products they buy (even
mainframe customers tend to be this way, but microcomputer users are much,
much worse in this respect).  Build lots of new features of dubious utility
into a product and you'll be able to persuade at least some people to buy an
upgrade that they don't really need; build security into a product and a lot
of people will stick with the old version just to avoid the inconvenience of
the new security features.  Additionally, while it is difficult to prove
that a publisher has not lived up to its promise with respect to new and
often useless features, it is much easier to prove that a publisher has
messed something up if it promises security and fails to deliver--so it's
best not to promise security in the first place.

Anyway, I'm not sure what any of this has to do with the Internet, apart
from a loose connection to recent problems with viruses that have propagated
via e-mail sent (incidentally) over the Internet.  Even then, in these
specific, recent cases, the viruses spread because individual users were too
stupid to reflect before opening just any old attachment that they see (even
after repeated warnings); and so, if any fingers must be pointed, I suggest
that they be pointed at the end users, not at vendors, ISPs, the IETF, or
anyone else.  There's a limit to how completely any software can protect
against stupidity and still fulfill a useful purpose.

  -- Anthony
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: 48th IETF meeting in Pittsburgh, PA, Morrisey Matthew J.
Next by Date:  Your subscription list review password, SubscriptionBot
Previous by Thread:  RE: still no Outlook patch, James Salsman
Next by Thread:  test, Kimmo Rantanen
Indexes:  [Date] [Thread] [Top] [All Lists]