From: Billy Brown (ewbrownv@mindspring.com)
Date: Wed Aug 18 1999 - 10:07:36 MDT
O'Regan, Emlyn wrote:
> If you stick to Wintel machines, you could argue that since MS says their
> products are secure, and since they have a history of not telling the
whole
> story re: APIs for their "OSes", then the security holes must in fact be
> hidden APIs, and that their system is thus designed to allow this kind of
> radical distributed computing.
A) Microsoft has repeatedly stated that Windows 95/98 is not secure, is not
intended to be secure, and should not be used by anyone who is concerned
about security. Its security measures are intended to stop curious
co-workers and children, not experienced hackers.
B) Windows NT security is not any easier to crack than UNIX systems
(actually I would argue that it is substantially better on average, since
most UNIX sites are running older implementations with relatively feeble
security measures, but the lower quality of NT administration
counterbalances this). The only reliable method is to use a Trojan Horse
program, and that carries a very high risk of detection.
C) All OSes have security holes. All OS vendors (AFAIK) make a strong
effort to plug them as soon as they are discovered. The effort they put
into getting these fixes to customers varies a great deal from one vendor to
another. There is nothing in Microsoft's business practices that
distinguishes it from any other vendor in this regard.
These points aside, your argument is legally equivalent to claiming that the
company that built your office building should be liable if your office gets
burglarized. It doesn't work that way (which is a good thing, because it is
not possible to construct a perfect security system). The burden of
ensuring that your posessions are defended by an adequate level of security
(and deciding what exactly is 'adequate') rests entirely on your shoulders.
> Perhaps they could even be sued for then patching said holes, for
> anti-competitive practices?
Would you think this statement made sense if we were talking about Linux?
Billy Brown, MCSE+I
ewbrownv@mindspring.com
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:04:48 MST