[O.T.] Ethics & Security [was Re: Debian VS. Red Hat + MS]

["Jonathan D. Proulx" <jon@ai.mit.edu>]

Hi,

<rant>

I think that software vendors need to take responsibility for the
security implications of their products.

I personally don't much care if visual basic script allows for the
propogation of viruses that reformat your hard drive, that can go
under "the trad offs you make" heading.  But if remote exploits in IIS
allow some cracker to focus 2^n NT boxes into a DDOS attack on my net 
work (or your's or whom ever), then the "trade offs" that M$ makes for
their customers has a potential of harm for anyone on the net.

</rant>

-jon
ps.  I will make every effort to keep my next 10 posts on topic :)


On Fri, Sep 15, 2000 at 12:37:33AM -0400, Mark Simos wrote:

:On the security angle: MS is getting better than they have been. Remember that their
:interest lies in pleasing their customers and making them want to buy more MS
:products. If their customers don't realize the need for tight security and don't
:demand it of MS, MS doesn't have reason to make security priority number 1. customers
:clamor for features, MS gives it to them. As customers realize that features and ease
:of use sometimes sacrafice security, they may change their minds and ask for security.
:Melissa / Love bug certainly helped the cause.