'Re: Nimda et.al. versus ISP responsibility - Laying responsibility where it belongs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    Re: Nimda et.al. versus ISP responsibility - Laying responsibility where it belongs
From:       Neil Dickey <neil () geol ! niu ! edu>
Date:       2001-09-28 15:54:51
[Download RAW message or body]


Fred Cohen <fc@all.net> wrote in part:

Note:  In what follows I am not a MicroSoft partisan.  I'm just following
reason to see where it goes.

>I say forget about telling the ISPs what to do - start a class action
>suit against Microsoft for putting this crap into the market knowing
>full well how it might be exploited and knowing full well that it was
>choosing time to market over quality.  The class is all users of
>Microsoft IIS servers and every person who has a system that has been
>affected by the virus.  The dmages are the total cost of all actions
>taken to defend against or monitor this infection, in cluding all time
>taken by all parties involved.  Put them out of business unless and
>until they can act responsibly.

There is a certain resonance to this, as when the environmentalists rush
to the barricades shouting "death to the oil companies," but upon reflection
reality rears its ugly head.  True, the oil companies have done some serious
polluting and behaved themselves in a profoundly irresponsible manner, BUT if
we shut them down outright then you can flip your switch all the day long
and the light will stay dark.  There won't be any plastic to make your
Reeboks, shirt, really cool sunglasses, CD player, or even the CDs themselves
out of.  Think of it:  NO INTERNET.  Nope, no can do.

Human beings have two needs:  Food and shelter.  The internet is not one of
them.  It is still possible -- many do it -- to live out one's life without
ever "going online."  People go to the internet because they *want* to.  Just
about everyone who will ever read this post has a job because people *want*
to go on the internet.  Suing MicroSoft out of business won't solve anything
because a huge amount of the business of the internet is carried out with
MicroSoft products and we really shouldn't cut off our nose to spite our face.
The reason that MicroSoft has such a huge share of the market is because rank
beginners can make their stuff work.

The automobile did not turn us all into mechanics.  It made us into people who
can put a key in a slot and turn it.  Bill Gates knew this.

Anyone who has ever done programming knows that the last 10% of the debugging
takes 90% of the time.  If it were necessary to wait until a package has
reached perfection before releasing it, nothing new would ever come out.
That said, do I think MicroSoft has released software prematurely, even by
my standard?  Yes, I do.  Do I think that they sometimes sit on bugs and
security holes on the philosophy that anonymity equals security, or out of
sheer corporate laziness?  Yes again.  Do I think that Microsoft has behaved
itself at times rapaciously and with a profound lack of responsibility?  Yupper.
Review my comments about oil companies above.

Get used to it, folks.  It isn't right, but it is how things are.  You want
the internet?  The rest follows.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic