Even worse, I heard the morning radio news quoting Gates as saying that it
would be harder to protect against such virus outbreaks if Microsoft were
broken up.
There ought to be some legal liability associated with knowingly telling
such untruths!
--Bruce McCulley
Bill Sconce wrote:
> Phil Agre does us a favor by patiently noting how Microsoft babbles;
> see his original at
>
> http://commons.somewhere.com/rre/2000/rre.notes.and.recommenda5.html
>
> -------------------------
>
> I received about 60 copies of the latest Microsoft e-mail virus and
> its variants. How many did you get? Fortunately I manage my e-mail
> with Berkeley mailx and Emacs keyboard macros, so I wasn't at risk.
> But if we're talking about billions of dollars in damage, which
> equates roughly to millions of lost work days, then I think that we
> and Microsoft need to have a little talk.
>
> Reading the press reports, Microsoft's stance toward this situation
> has been disgraceful. Most of their sound bites have been sophistry
> designed to disassociate the company from any responsibility for
> the problem. One version goes like this quote from Scott Culp of
> Microsoft Public Relations, excuse me, I mean Microsoft Security
> Response Center:
>
> This is a general issue, not a Microsoft issue. You can write a
> virus for any platform. (New York Times 5/5/00)
>
> Notice the public relations technology at work here: defocusing the
> issue so as to move attention away from the specific vulnerabilities
> of Microsoft's applications architecture and toward the fuzzy concept
> of "a virus". Technologists will understand the problem here, but
> most normal people will not. Mr. Culp also says this (CNET 5/5/00):
>
> This is by-design behavior, not a security vulnerability.
>
> More odd language. It's like saying, "This is a rock, not something
> that can fall to the ground". It's confusing to even think about it.
> Even though Microsoft had been specifically informed of the security
> vulnerability in its software, it had refused to fix it. Microsoft
> even tried to blame its problem on Netscape, which had fixed it:
>
> http://news.cnet.com/news/0-1005-200-1820959.html
>
> The next step is to blame the users. The same Mr. Culp read on the
> radio the text of a warning that the users who spread the virus had
> supposedly ignored. That warning concludes with a statement to the
> effect that you shouldn't execute attachments from sources that you
> do not trust. He read that part kind of fast, as you might expect,
> given that the whole point of this virus is that people receive an
> attachment from a person who has included them in their address book.
> This particular blame-shifting tactic is particularly disingenuous
> given that the virus spread rapidly through Microsoft itself, to the
> point that the company had to block all incoming e-mail (Wall Street
> Journal 5/5/00).
>
> Similarly, CNET (5/4/00) quoted an unnamed "Microsoft representative"
> as saying that companies must educate employees "not to run a program
> from an origin you don't trust". Notice the nicely ambiguous word
> "origin". The virus arrives in your mailbox clearly labeled as having
> been sent by a particular individual with whom you probably have an
> established relationship. It bears no other signs of its "origin"
> that an ordinary user will be able to parse, short of executing the
> attachment.
>
> So what on earth is Microsoft doing allowing attachments to run code
> in a full-blown scripting language that can, among many other things,
> invisibly send e-mail? Says the "Microsoft representative",
>
> We include scripting technologies because our customers ask us to
> put them there, and they allow the development of business-critical
> productivity applications that millions of our customers use.
>
> There needs to be a moratorium on expressions such as "customers ask
> us to". Does that mean all of the customers? Or just some of them?
> Notice the some/all ambiguity that is another core technology of
> public relations. Do these "customers" really specifically asked for
> fully general scripts that attachments can execute, or do they only
> ask for certain features that can be implemented in many ways, some
> of which involve attachments that execute scripts? Do the customers
> who supposedly ask for these crazy things understand the consequences
> of them? Do they ask for them to be turned on by default, so that
> every customer in the world gets the downside of them so that a few
> customers can more conveniently get the upside? And notice how the
> "Microsoft representative" defocuses the issue again, shifting from
> the specific issue of scripts that can be executed by attachments
> to the fuzzy concept of "scripting technologies", as if anybody were
> suggesting that scripting technologies, as such, in general, were to
> blame.
>
> Microsoft shouldn't be broken up. It should be shut down.
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
