ietf
[Top] [All Lists]

Re: Any value in this list ?

2001-07-31 21:20:02
I completely agree with Ian.
Just to quote him back -
It's not as if Outlook or any other MUA
automatically launches these viruses - people who evidently live in a
complete vacuum and have never heard warnings about executable content,
blissfully double-click on the clearly-identified package, and it blows
up in their (our) faces
- If only we prevent ourselves opening rather double-clicking the so-called
affected attachments....


Regards,
M.Venkateswar Reddy

--------------------------------------------------------------
Huawei Technologies,
Shenzhen, China
Off : +86 755 6540476/77
Hotel :+86 755 6602222 Room No:540
* The opinions expressed are purely personal*
--------------------------------------------------------------
----- Original Message -----
From: Ian King <iking(_at_)microsoft(_dot_)com>
To: Randy Bush <randy(_at_)psg(_dot_)com>
Cc: <ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, August 01, 2001 2:45 AM
Subject: RE: Any value in this list ?


Randy,

People wanted to do more than just exchange text messages, and Microsoft
(and other companies) built products to help them do that.  Microsoft
also produces a lot of information on how to secure its products.  I do
not have the data at hand, but I have read several times that when
Microsoft servers are compromised, it is often because they are
misconfigured.  The argument then becomes, "Why aren't they easier to
configure?"  Go back to premise #1, that people want to do more than
just exchange text messages - they want collaboration and forwarding and
rich attachments and scheduling and all the rest of it.  The bells and
whistles require lots of knobs and switches....

I would also point out that NONE of this class of viruses can infect
unless the user executes them!  It's not as if Outlook or any other MUA
automatically launches these viruses - people who evidently live in a
complete vacuum and have never heard warnings about executable content,
blissfully double-click on the clearly-identified package, and it blows
up in their (our) faces.

BTW, internally our mail servers are configured to strip anything that
looks remotely like an executable.  Sometimes this is a pain (I can't
mail a legitimate script to a colleague), but that's the world in which
we live - more openness means more opportunity for sabots in the gears.


In any event, blaming any one company for viruses because its products
are abused, seems way too much like e.g. blaming automobile
manufacturers for reckless driving.  Sure, no one really needs a car
that can do 150 MPH when the limit is 60 or 70, but the majority of
customers demand a vehicle that *could* do twice the limit, regardless
of whether they take advantage of the capability -- or those vehicles
wouldn't sell.  Bottom line: blaming the instrumentality is easy, but
futile.  Human beings are responsible for their own actions, although
some wish to evade or abuse that responsibility.

Again, this is my own opinion, no one else's -- Ian

-----Original Message-----
From: Randy Bush [mailto:randy(_at_)psg(_dot_)com]
Sent: Tuesday, July 31, 2001 10:07 AM
To: Ian King
Cc: ietf(_at_)ietf(_dot_)org
Subject: RE: Any value in this list ?

from the outside, it appears as if microsoft consciously decided to
distribute software with everything enabled so that their product
would be perceived as very easy to use.  the problem is that this
means it is also easy to abuse.  so the net is now paying for them
having a more salable product.  who gains, who is bearing the cost?

randy



<Prev in Thread] Current Thread [Next in Thread>