Bravo on that analogy. (even though I like Windows) That was excellent.
_____________________ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net "High achievement always takes place in the framework of high expectation." Jack Kinder -----Original Message----- From: Ranjeet Shetye [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 17:06 To: Dozal, Tim Cc: Ronish Mehta; [EMAIL PROTECTED] Subject: Re: Microsot Liability for vulnerabilities Tim, let me give a simple analogy. Let us assume that both Windows and Linux are like tyres, and exploits are like tyre punctures. And the PHB is replaced by the Wife. In the case of Windows, you purchase a brand name tyre, which you put on your car. When a puncture happens, your wife will not nag you about your mistake, since you purchased a well known brand i.e. you did not make a mistake in the eyes of the Powers That Be. However you are not allowed to carry an extra tyre, because of the EULA you agreed to when you bought the tyres. Also, you can only get tyre replacements (read update/patch/fix) ONLY according to the wishes of the Windows Tyre company. In the meantime, until you reach a designated tyre update station, you have drive with a flat tyre which can/will damage your car. Of course, the EULA has deprived you of all rights to sue in case of such damages. Linux is like a lesser-known brand used by a lot less number of people. This tyre is used primarily by sports-car enthusiasts, and people in the "know". If there is a puncture, your wife will nag you cos you didn't buy your tyres from a well known company. However, replacement Linux tyres are available *everywhere* for **FREE** and by air-drop too (xlation: 0day exploits are fixed in 3 hrs, GPL ensures world-wide availability of the fix)! Amazingly, you can carry 10 spares in your glove box (xlation: no worries about licencing or imaging). Moreover, these tyres incorporate run-flat technology so your car does not have to grind to a halt and you can even replace punctured Linux tyres on the move (xlation: no reboots are necessary). So, can the Linux tyre ever puncture ? Yes, it will, that's Real Life (TM) for you. However, the Linux tyres are statistically a hack lot more stable and reliable, whereas the Windows tyres benefit primarily from the marketing big bucks. Me. I would go with the Linux tyres. As for your statements, 1) "All of the ***** lovers will instantly be shocked by the attacks...", and 2) "...fixes for the exploits as hackers run rampant through their systems.", they seem more applicable to the latest Cisco and Windows exploits than to any recent OSS exploit. And who would have thunk that Windows ME would be the only secure OS from MS ? I dont know whether to laugh or to cry. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ -- The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. On 2003.07.22 11:43, "Dozal, Tim" wrote: > This is a very old question and most people are entrenched on one side > or the other already but for what its worth..... > > MS first gives you the chance to not accept its EULA so when you click > "I Accept" you should have read that MS is no longer liable for what a > virus or hacker is able to do to your system. > > This leads to the real issue, is MS code any more buggy than Linux or > Oracle or any other major software maker. Probably not, but the > nature > of MS and its massive success in the market makes them the target of > choice. You end up with the vast majority of hackers and virus > writers > targeting MS products since they have the largest market % and the > coder > can hence have the most impact. > > I'm waiting patiently for the day when Linux in some form or another > has > a large enough market share to become the new target. All of the > Linux > lovers will instantly be shocked by the attacks found in the open > source > they have come to love so much. The companies who deployed the open > source will have to internally fund patches and fixes for the exploits > as hackers run rampant through their systems. > > From a corporate perspective that paints a pretty scary and expensive > picture. Patches released from a single source look pretty attractive > and the time needed to deploy a corporate wide patch becomes much less > daunting when compared to keeping a fully staffed programming team > only > to deal with coding fixes and patches for your internal open source > deployment. > > With MS and the other large software/hardware vendors come a massive > support infrastructure and the piece of mind that when problems are > discovered they will be fixed by the experts who wrote the code in the > first place. It's for this reason you will see very few large scale > deployments of open source into enterprise level companies. > > So to end my rant: No MS is not liable and I don't believe they should > be. Why not hang (or better yet HIRE) the hackers and virus writers > who > create the destructive code, but don't blame MS for being the target > of > the efforts of the hacker community. > > Tim > > -----Original Message----- > From: Ronish Mehta [mailto:[EMAIL PROTECTED] > Sent: Monday, July 21, 2003 3:19 AM > To: [EMAIL PROTECTED] > Subject: Microsot Liability for vulnerabilities > > > Hi all, > As we all know, M$ licences are very expensive (both > one-time & recurring cost). > > We also know that new vulnerabilities are discovered > regularly (we may say monthly just to be kind) > > These vulnerabilities are exploited by viruses and > hackers, and these may cause damage to our computer > systems, and may involve additional cost > > to protect ourselves against these threats, we have to > apply latest patches, use uptodate antiviruses. > > In a large organisation deploying patches may be a > real headache (I know because I'm in this situation ;) > and may involve additional cost > > I was just wondering if Microsoft does not have a part > of responsibility in all this? After all we are paying > this company a fortune for OS and applications that > contain vulnerabilities/bugs. > > Should we continue to pay Microsoft for its buggy > software packages? Can we sue it for the damages that > it can potentially cause to our company (interms of > cost, reputation, etc)? > > Thanks for your views > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > > ------------------------------------------------------------------------ > --- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access > in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ------------------------------------------------------------------------ > ---- > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
