|
Re: Any value in this list ?
2001-07-31 23:50:03
Ladies and Gentlemen,
Do we have this list for debating about Microsoft products or how frequently
it released patches or to discuss about the *internet and related issues*?
Regards,
M.Venkateswar Reddy
--------------------------------------------------------------
Huawei Technologies,
Shenzhen, China
Off : +86 755 6540476/77
Hotel :+86 755 6602222 Suit:540
* Ideas and opinions expressed in this mail are personal *
--------------------------------------------------------------
----- Original Message -----
From: Samantha Naleendra Senaratna
<samantha(_dot_)senaratna(_at_)infotech(_dot_)monash(_dot_)edu(_dot_)au>
To: <ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, August 01, 2001 12:40 PM
Subject: RE: Any value in this list ?
Hey,
I do not totally agree with Ian. I think Microsoft does not give enough
emphasis into security in their products. They do a hell of a job on
marketing their products and making them seem flashy and attractive, and
only if they put that much work on security. For example six patches were
put forward only for this month for patching up vulnerabilities on their
products. It is a fact that most of viruses are propagated via Outlook. It
is about time that Microsoft gave more thought into this rather than
giving
excuses because by far they are leading the market in software products as
well as they have the resources to do it.
Sam
At 11:45 AM 7/31/2001 -0700, Ian King wrote:
Randy,
People wanted to do more than just exchange text messages, and Microsoft
(and other companies) built products to help them do that. Microsoft
also produces a lot of information on how to secure its products. I do
not have the data at hand, but I have read several times that when
Microsoft servers are compromised, it is often because they are
misconfigured. The argument then becomes, "Why aren't they easier to
configure?" Go back to premise #1, that people want to do more than
just exchange text messages - they want collaboration and forwarding and
rich attachments and scheduling and all the rest of it. The bells and
whistles require lots of knobs and switches....
I would also point out that NONE of this class of viruses can infect
unless the user executes them! It's not as if Outlook or any other MUA
automatically launches these viruses - people who evidently live in a
complete vacuum and have never heard warnings about executable content,
blissfully double-click on the clearly-identified package, and it blows
up in their (our) faces.
BTW, internally our mail servers are configured to strip anything that
looks remotely like an executable. Sometimes this is a pain (I can't
mail a legitimate script to a colleague), but that's the world in which
we live - more openness means more opportunity for sabots in the gears.
In any event, blaming any one company for viruses because its products
are abused, seems way too much like e.g. blaming automobile
manufacturers for reckless driving. Sure, no one really needs a car
that can do 150 MPH when the limit is 60 or 70, but the majority of
customers demand a vehicle that *could* do twice the limit, regardless
of whether they take advantage of the capability -- or those vehicles
wouldn't sell. Bottom line: blaming the instrumentality is easy, but
futile. Human beings are responsible for their own actions, although
some wish to evade or abuse that responsibility.
Again, this is my own opinion, no one else's -- Ian
-----Original Message-----
From: Randy Bush [mailto:randy(_at_)psg(_dot_)com]
Sent: Tuesday, July 31, 2001 10:07 AM
To: Ian King
Cc: ietf(_at_)ietf(_dot_)org
Subject: RE: Any value in this list ?
from the outside, it appears as if microsoft consciously decided to
distribute software with everything enabled so that their product
would be perceived as very easy to use. the problem is that this
means it is also easy to abuse. so the net is now paying for them
having a more salable product. who gains, who is bearing the cost?
randy
|
|