Re: [IMail Forum] It is worth it to buy the SA?

Matt Tue, 24 Oct 2006 14:41:21 -0700

I do have an active SA, but I can't upgrade to 2006 until at leastSafari is working with it, and I'm not happy about needing to rush to2006.2 once it is released, much less waiting for it.

I don't think it's necessarily unreasonable to not supply securitypatches outside of an SA, though I would of course think it would bewise for both the company and the customer to make security patchesavailable for a period of at least two years after the release of a newmajor version. While this doesn't directly contribute to Ipswitch'sbottom line, we all know that mail servers are a top target forexploits, and IMail users have definitely suffered from ones in thepast. Not all customers have the money to keep things current at alltimes, especially when they see no new functionality that they desire orcan justify in paying for. It is unnatural to have a one year upgraderequirement on a mail server because of everything that is involved,especially when a critical component such as webmail and theadministrative interface are changed so dramatically. If these devoutcustomers who have no need to upgrade outside of a vulnerabilitysubsequently get hit by an exploit for which they had no patch, therewould definitely be blame placed on Ipswitch and damage to thatrelationship and possibly others if such issues become more widespread.

There are also other components of upgrading. For instance, there arestill quite a few 8.15 users out there that have chosen to stay withthat because they did not want to change their version of Declude, whichis required due to some issues that Declude had initially with 8.2'schanges.

I think the choice is simple. Ipswitch needs to weigh the benefits fromreleasing the patch for older versions with the disadvantages of doingso. Releasing that patch will improve goodwill and save goodwill fromharm. It would serve to recognize the fact that an upgrade is not analternative for a good number of us at the moment. It would alsodemonstrate that Ipswitch was a good netizen. The downside for Ipswitchin releasing the patch would be the loss of a modicum of revenuegenerated from those that feel forced to upgrade or be hacked.


Matt



Imail wrote:

That may be good for them but not for some of us that will not upgradeto 2006 until it is stable enough to use without causing problems forour clients. I have not renewed our SA and will not until theproblems with 8.X are solved. The SMTP problem has been around forquite a long time and I just got tired of dealing with Ipswitch on itand did our own work around. If they won't fix the problem then wewill be moving to another application.
Chris Moody wrote:
It can be argued that software developers might have a certain moralinterest in patching their software if the vulnerability can be usedto hurt others. Windows 95 is pretty long in tooth, and few systemsare still running on Windows 95. Imail 8.x on the other hand is noteven comparatively old to Windows 2000, and a great number of serversare still running that version of software. The real question is whenis that line drawn in the sand. When should a product no longer besupported for patches? Ipswitch says it's as soon as a new versioncomes out. I am sure what they would like is a subscription modelthat keeps the cash rolling in, and that is almost what they haveachieved.
    -----Original Message-----
    *From:* [EMAIL PROTECTED]
    [mailto:[EMAIL PROTECTED] Behalf Of *John T
    (Lists)
    *Sent:* Tuesday, October 24, 2006 2:01 PM
    *To:* [email protected]
    *Subject:* RE: [IMail Forum] It is worth it to buy the SA?

    So if a vulnerability is discovered in Windows 95, Microsoft
    should spend the time and resources developing a patch to fix it?
What about all those software vendors that were using old style
    parallel port keys that became obsolete when Windows XP came out?
    Should those software vendors have been forced to provide entirely
    new versions of software and keys that were working perfectly fine
    under DOS 6.22 or Windows 3.1 for free?
**John T**
    **eServices For You**

    ****
    **"Seek, and ye shall find!"**
-----Original Message-----
    *From:* [EMAIL PROTECTED]
    [mailto:[EMAIL PROTECTED] *On Behalf Of *Jim F.
    *Sent:* Tuesday, October 24, 2006 9:45 AM
    *To:* [email protected]
    *Subject:* RE: [IMail Forum] It is worth it to buy the SA?
>> The answer is obvious, time to drop Imail. <<
The only problem is that the alternatives aren't exactly that
    great.  SmarterMail looks like a great product, but it's still
    lacking some of the fundamental elements of a corporate mail
    server like TLS.  They also remind me now of how IPswitch was 5 or
    6 years ago.  I'm afraid that if I jump ship to SM, in a few
    years they'll start going down the same over-priced,
    feature-bloated, performance-lacking, unstability-ridden road that
    Ipswitch (and Declude) did.  I've looked at the other alternative
    products and none are really that viable IMO.
I would love it if there were a full featured Open Source mail
    server.  Not that I am looking to save money - I'd just like to be
    able to use a product that is driven by functionality instead of
    the bean counters.
FWIW, I didn't renew my IMail service agreement that expired a
    month or two ago.  I'm not sure what I'm holding out for, but I
    don't want to feel like I'm being robbed by paying Ipswitch to use
    their product.  That said, I'm not using a version with a
    vulnerability in it, but that shouldn't matter.  If a
    vulnerability is discovered in any version of a piece of software,
    the vendor should provide a patch regardless of SA status.
------------------------------------------------------------------------
    *From:* [EMAIL PROTECTED]
    [mailto:[EMAIL PROTECTED] *On Behalf Of *Tyran
    Ormond
    *Sent:* Monday, October 23, 2006 6:17 PM
    *To:* [email protected]
    *Subject:* Re: [IMail Forum] It is worth it to buy the SA?

    On 05:41 PM 10/23/2006 -0400, it would appear that Mike N wrote:

    Now that there's been an SMTP exploit released (yesterday) for the
    recently patched SMTP bug, you are running on borrowed time until
    someone decides to try it on your server.


    Stay with possibly exploitable version of the server or upgrade to
    a feature and bug rich version that doesn't have the exploit?  The
    answer is obvious, time to drop Imail.  It's been a long run (7
    years) but the handwriting is clearly on the wall.


    ----- Original Message -----

    From: Troy D. Hilton <mailto:[EMAIL PROTECTED]>

    Subject: [IMail Forum] It is worth it to buy the SA?

    Weve been running Imail 7.15 for a few years now and its been
    running very well. Well, its time to renew my SA with Ipswitch
    but Im wondering is it worth it?
In following this list I see that the latest versions of Imail
    have been far from stellar, so Im know I will not be upgrading to
    2006.x anytime soon. I think Ive seen that 8.22 is pretty stable
    but is it worth the upgrade from a 7.15 thats old but stable, to
a 8.22? Is it worth it for me to spend the money for an SA forImail?
Opinions?
Tyran Ormond
    Programmer/LAN Administrator
    Central Valley Water Reclamation Facility
    [EMAIL PROTECTED]
    To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
    List Archive:
    http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
    Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
---
[This E-mail scanned for viruses courtesy of Netslyder,Inc.(http://www.netslyder.net)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] It is worth it to buy the SA?

Reply via email to