| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40A4BAF3.6635.19A0CE60@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Support the Sasser-author fund started merlyn@...nehenge.com (Randal L. Schwartz) wrote: <<snippage>> > So why is it, with Microsoft and all of their billeeeunnss of dollars, > that they wouldn't spend at least SOME MORE of that BEFORE they > release their code? OpenBSD manages a decent security review and a > right mindset towards security on the annual amount of money that Bill > Gates makes every time he takes a dump. > > This is what irks me about Microsoft. It's irresponsible. > Continuously and apparently knowingly. Does that justify actual > malicious acts? No. The Sasser Worm guy deserves punishment. But > when I spend hours and days trying to defend my paid-for bandwidth > from the incoming onslaught of Microsoft-enabled worm mail, I've got > to think that I'm due some payment for damages, both from the worm > writers, *and* from Microsoft. If this were indeed a fair world. The issue here though is one of liability. And by definition, MS is not liable because of the completely iniquitous exception only sofwtare developers enjoy under (US) law (and extensively copied most everywhere, often following extensive lobbying from the major software developers themselves). It's nice -- perhaps even "quaint" -- that the BSD folk (and especially OpenBSD) expend so much effort on perfecting the implementation of such lofty computer security ideals as they hold so dear, but the market reality is that, at least sans strong liability expectations, "flying pink elephants" are clearly much more desirable than security, so companies like MS which have put all their idealistic fervour into becoming disgustingly, unethically and largely illegally rich at almost any cost have "won" over the BSDs of the world. Further, because machines running MS products can just as easily as any others connect to the open sewer model of internetworking we have adopted, of course we all pay the bandwidth tax levied by the worms, viruses and so on of the most popular OSes and applications. Perhaps back in 1995 we should have all been praying for MSN (remember, it was originally more of what you would consider an ISP service than what it is now) to succeed in tackling CompuServe and AOL, and "the Internet" could have remained "pure" of all that negative influence from MS products of which you complain... Regards, Nick FitzGerald
Powered by blists - more mailing lists