--On 31. juli 2001 09:41 -0700 Ian King <iking(_at_)microsoft(_dot_)com> wrote:
The "folks who caused it" are the sociopaths who would rather use their
not inconsiderable technical skills to hurt other people. I'm not aware
of any software that comes out of the box with a "launch nasty virus"
option; irresponsible people seek out and exploit weaknesses that are
unfortunately present in any non-trivial software product. (Sendmail,
as a relevant example, has had its share of security issues over the
years; having been around for a long time in substantially the same
form, many of its problems have been discovered and patched.)
I must agree with your point, but not with your conclusion.
I had the joy of reading the source of the original Melissa virus with some
experienced Windows programmers; what caused us all to fall over laughing
was that we never realized there were so MANY ways to embed yourself in a
Windows system without the need for any privilleges. But they were
DOCUMENTED FEATURES of the platform, not bugs; until the Melissa virus came
along, we simply hadn't thought of applying them in that particular way.
Sendmail's buffer overflows were bugs. (OK, the WIZ command wasn't.)
Windows' any-user-writable registry was intended as a feature, and the
functions to which these keys were put were intended as features.
DISCLAIMER: Yes, I work for Microsoft. No, I'm not speaking on behalf
of Microsoft, only myself. So there.
A good starting point for a debate.