[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40AA0412.16771.2E464191@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Support the Sasser-author fund started
"Shane C. Hage" to Bill Royds:
> I agree with most of your statements below.
Well, actually, he was wrong if you consider the NT family of OSes
starting in about 1993-4 (true, OOTB they were configured to be "fully
Win 3.x compatible" -- that is, with all security disabled/dumbed down
-- but the underlying architecture design at least met most of the
minimum criteria for C2...).
> ... However, with competing
> operating systems such as those you mentioned below plus OS/2 and Apple
> Macintosh in the 1980's, the business leaders and consumers chose Windows.
>
> I think people forget that Microsoft must have filled a gap that these other
> operating systems didn't. ...
They beat OS/2 on installation ease (_great_ OS, dog of an install,
even on some IBM hardware) and Apple by running on "any old crud" (and
therefore very cheap) hardware (and the market size then contributed
further to the PC harder getting much cheaper, much faster than Apple
would allow/could match) with its proprietary hardware/OS lock-in.
> ... How can we blame Microsoft for capitalizing on
> the need at the time?
"Need"?
They sold completely insecurable products into large -- real large; I
recall Ford being "poster boy" for _Win95_ fercrissakes -- markets to
make sure they got market penetration, when (if they had any integrity
or could have been at all objective about the product they'd either
have pushed NT _or not even tried_ for the sale). Of course, some folk
at Ford and many other large corporates that made the same mistake have
a lot to answer for too...
> When the Internet revolution started, there was no way to predict the
> magnitude that a malicious program could have across the world. ...
Bollox -- the Morris Worm had already showed us what could be achieved.
Are we really so dense that we need weekly to monthly replays on a
slightly different scale, and with slightly different attack vectors,
before we can learn anything from such "attacks"?
Or did the all-out greed fuelled by the contemporaneous dot-com bubble
cloud some folks' judgement?
> ... Sure,
> Microsoft is playing catch-up with security. They are just filling the gap
> in their own products now.
The trouble with that approach is that there is just not enough spackle
in the world for them to achieve that goal any time soon. So, what do
they do? What they've always done -- continuing with "business as
usual"; spin, spin, spin.
Seems to have worked for you...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists