Hey,
I do not totally agree with Ian. I think Microsoft does not give enough
emphasis into security in their products. They do a hell of a job on
marketing their products and making them seem flashy and attractive, and
only if they put that much work on security. For example six patches were
put forward only for this month for patching up vulnerabilities on their
products. It is a fact that most of viruses are propagated via Outlook. It
is about time that Microsoft gave more thought into this rather than giving
excuses because by far they are leading the market in software products as
well as they have the resources to do it.
Sam
At 11:45 AM 7/31/2001 -0700, Ian King wrote:
>Randy,
>
>People wanted to do more than just exchange text messages, and Microsoft
>(and other companies) built products to help them do that. Microsoft
>also produces a lot of information on how to secure its products. I do
>not have the data at hand, but I have read several times that when
>Microsoft servers are compromised, it is often because they are
>misconfigured. The argument then becomes, "Why aren't they easier to
>configure?" Go back to premise #1, that people want to do more than
>just exchange text messages - they want collaboration and forwarding and
>rich attachments and scheduling and all the rest of it. The bells and
>whistles require lots of knobs and switches....
>
>I would also point out that NONE of this class of viruses can infect
>unless the user executes them! It's not as if Outlook or any other MUA
>automatically launches these viruses - people who evidently live in a
>complete vacuum and have never heard warnings about executable content,
>blissfully double-click on the clearly-identified package, and it blows
>up in their (our) faces.
>
>BTW, internally our mail servers are configured to strip anything that
>looks remotely like an executable. Sometimes this is a pain (I can't
>mail a legitimate script to a colleague), but that's the world in which
>we live - more openness means more opportunity for sabots in the gears.
>
>
>In any event, blaming any one company for viruses because its products
>are abused, seems way too much like e.g. blaming automobile
>manufacturers for reckless driving. Sure, no one really needs a car
>that can do 150 MPH when the limit is 60 or 70, but the majority of
>customers demand a vehicle that *could* do twice the limit, regardless
>of whether they take advantage of the capability -- or those vehicles
>wouldn't sell. Bottom line: blaming the instrumentality is easy, but
>futile. Human beings are responsible for their own actions, although
>some wish to evade or abuse that responsibility.
>
>Again, this is my own opinion, no one else's -- Ian
>
>-----Original Message-----
>From: Randy Bush [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, July 31, 2001 10:07 AM
>To: Ian King
>Cc: [EMAIL PROTECTED]
>Subject: RE: Any value in this list ?
>
>from the outside, it appears as if microsoft consciously decided to
>distribute software with everything enabled so that their product
>would be perceived as very easy to use. the problem is that this
>means it is also easy to abuse. so the net is now paying for them
>having a more salable product. who gains, who is bearing the cost?
>
>randy
