[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

It would be a great risk to a company TO offer a warranty, especially since 
most of us either:

a) don't read warranties anyway, so they (e.g. M$) can say whatever they want,
b) don't really care. 

I happen to fix PC's for people for some cash on the side (being 17 and in the 
U.S. with our crappy child labor laws, I can't get a job doing it). 90% of 
the people I fix computers for are cases of viruses and/or trojans that 
teenage or slightly younger children have downloaded from some page listed on 
Google. License agreements on these things, where it has 4 pages+ of legal 
jargon (incomprehensible to most people), a simple button to "accept" 
(frequently the default button where your mouse goes) and some fine print 
near the bottom stating that "we can download anything we want onto your 
computer", effectively do nothing. How often does a windows user just 
click 'accept' without even knowing //what// they are accepting?

In windows, this happens because people will gladly shoot themselves in the 
foot and dump security out the window to keep convenience. It's why microsoft 
has remained so popular, and it's why Apple can't compete on Microsoft's 
grounds. The same would happen to Linux if we start producing binary-only 
applications and distributions.

This is why a firewall during the installation is a bad idea. It's obvious to 
anyone that crackers and other malicious individuals DO exist, and DO try to 
do things. But to an expert, the automatic firewall will be setup all wrong 
no matter how you set it up (and thus create work for them). To the beginner, 
it gets in the way, and they'll throw it out the window when it does (and 
thus defeat the purpose). A default firewall simply can't work, even if we 
had some way to implement it perfectly for all packages (without breaking 
any, which we undoubtedly would).

On Monday 20 August 2007 09:42, Jose Marrero wrote:
> I believe Microsoft software comes with NO WARRANTY as well.
> Hell, we should read the small print on all software...
> On Mon, August 20, 2007 8:18 am, Izak Burger wrote:
> > On 8/20/07, paddy@panici.net <paddy@panici.net> wrote:
> >> Software failures *are* in the worst cases life threatening, and
> >> everyday non-safety-critical systems can easily be a very serious
> >> nuisiance to other users.
> >
> > I propose we stick a label on: This software is not meant to be run in
> > life support systems.
> >
> > Oh wait, tis already there... Debian comes with ABSOLUTELY NO
> > WARRANTY, to the extent permitted by applicable law.
> >
> > Settled then?
> >
> > :-P
> >
> > regards,
> > Izak
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> --
> -JM.
> ?Estos días azules y este sol de la infancia.?(Antonio Machado-1939)


My GPG Public Key can be found at:
https://www.theanythingbox.com/pgp.htm (top link is current)
I appreciate signatures, but if you only know me online,
please use the --lsign-key, not the --sign-key.
I appreciate trust -- but too much makes it less valuable.

Attachment: pgpmxo1mTZwX7.pgp
Description: PGP signature

Reply to: