RE: Extropians GIMPS team

Billy Brown (ewbrownv@mindspring.com)
Wed, 18 Aug 1999 11:07:36 -0500

O'Regan, Emlyn wrote:
> If you stick to Wintel machines, you could argue that since MS says their
> products are secure, and since they have a history of not telling the
whole
> story re: APIs for their "OSes", then the security holes must in fact be
> hidden APIs, and that their system is thus designed to allow this kind of
> radical distributed computing.

  1. Microsoft has repeatedly stated that Windows 95/98 is not secure, is not intended to be secure, and should not be used by anyone who is concerned about security. Its security measures are intended to stop curious co-workers and children, not experienced hackers.
  2. Windows NT security is not any easier to crack than UNIX systems (actually I would argue that it is substantially better on average, since most UNIX sites are running older implementations with relatively feeble security measures, but the lower quality of NT administration counterbalances this). The only reliable method is to use a Trojan Horse program, and that carries a very high risk of detection.
  3. All OSes have security holes. All OS vendors (AFAIK) make a strong effort to plug them as soon as they are discovered. The effort they put into getting these fixes to customers varies a great deal from one vendor to another. There is nothing in Microsoft's business practices that distinguishes it from any other vendor in this regard.

These points aside, your argument is legally equivalent to claiming that the company that built your office building should be liable if your office gets burglarized. It doesn't work that way (which is a good thing, because it is not possible to construct a perfect security system). The burden of ensuring that your posessions are defended by an adequate level of security (and deciding what exactly is 'adequate') rests entirely on your shoulders.

> Perhaps they could even be sued for then patching said holes, for
> anti-competitive practices?

Would you think this statement made sense if we were talking about Linux?

Billy Brown, MCSE+I
ewbrownv@mindspring.com