Re: [Full-Disclosure] Anti-MS drivel
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 01/23/04
- Previous message: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] Anti-MS drivel"
- In reply to: Gregh: "Re: [Full-Disclosure] Anti-MS drivel"
- Next in thread: Andreas Bischoff: "RE: [Full-Disclosure] OT: was Anti-MS drivel; SCO fights GPL"
- Reply: Andreas Bischoff: "RE: [Full-Disclosure] OT: was Anti-MS drivel; SCO fights GPL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sat, 24 Jan 2004 09:15:03 +1300
"Gregh" <chows@ozemail.com.au> wrote:
<<big snip>>
> > I haven't seen a sign on the shrink wrap of Windows XP Home that says
> > "Administrator not included".
>
> It is always accepted in the Western world that if something is not SAID to
> be there and ISNT there, then the people who manufactured it or sold it to
> you cant be held accountable for it NOT being there.
This is where you go off the rails...
You are simply wrong. At least when it comes to "general consumer
goods" there are all kinds of _assumed_ properties _that are never or
only very seldom mentioned in labelling_. You're in a supermarket or
at roadside stall buying apples; they have a big bin of them and you
can choose as many and whichever apples you want. The apples are not
labelled and any labelling you may find on the bin will not contain a
warning something like "Contain less than the minimum acceptable levels
of dioxin, PCBs, DDT [etc, etc]". Why not? Because various legal
processes "behind the scenes" require that (and, we hope, actually test
for it and monitor the situation, at least in some broad scope).
Likewise, other "due level of care" requirements specify, either
formally or through the court-determined if it ever gets there
"expectations of a reasonable person" concept.
And there's the rub with computers. They are now (and have been for
quite some time) sold as pretty much any other consumer electronics
device. The "reasonable person" does not worry, when buying a toaster,
or afterwards, while using it, that an entirely unknown and untrackable
person on the other side of the world can pillage his bank account
while the toaster is plugged in or at least while the toasting
mechanism is engaged and the machine is cooking his toast. It is
entirely reasonable for the consumer to not have to worry about such
things, so there is no need to put a pre-sales warning on the device to
that effect. Windows PCs however, are sold into the consumer market to
a very large extent because they enable Internet access. They are (by
and large) not sold with warnings about the near total lack of any
effective "protection" from the kinds of evils just described. Your
typical "reasonable person" may or may not be expected to be aware that
such dangers lurk at the end of the modem/DSL/cable/WiFi/etc
connection, but let's say for the sake of argument that in today's
society a "reasonable person" should be aware of such possibilities, at
least at some general level (such dangers are, after all reported in
the media, depicted in other popular culture materials and so on). The
"reasonable person" notes that there are no warnings on the computer
sales display stand at their favourite consumer electronics store,
notes there are no warnings about such thing inside the box when they
get it home, doesn't see any warnings when first turning the device on
nor when connecting it to the Internet. The reasonable person,
therefore, is quite reasonable in assuming the PC manufacturer and/or
Microsoft has taken the necessary precautions to make this machine
"safe" for Internet use because it was sold as "Internet ready". If
the "reasonable person" knows enough to aware of various online
dangers, surely the experts at the PC manufacturer and/or Microsoft do
too and given they were allowed to sell the machine and it wasn't
plastered with warnings about its unsuitability for Internet use, the
reasonable person is entirely within their rights to assume that the
machine is, in fact, safe for such use.
Of course, we computer experts know that is not the case, but it is not
the typical consumer's fault they get bitten. It is the fault of the
computer seller who recommended this model given the consumer
explicitly said they wanted to "use the Internet", the PC manufacturer
for selling self-described "Internet ready" computers that are not
"Internet ready" by the reasonable standards of most of the folk who
will buy them, it is Microsoft's fault for foisting its OS on the
market claiming such high levels of ease of use while ignoring that all
the security shortcuts it took to make Windows so easy to use are
precisely the things that bite typical users hardest when it comes to
the typical uses they are encouraged to make of the machines running
the OS ("out of the box" Windows is only "safe" for an entirely
standalone, non-networked environment) and it is the regulators fault
for perpetuating the travesty of removing from software (or even
computer systems as a whole) the same basic consumer protections as
every other product manufacturer has to work under (Why is Billy Boy
the richest kid in the world and so many of the other computer and
especially s/w moguls right up there despite the brief life of their
sector? Because they have not had to build their empires under the
treat of the huge financial costs of ensuring that they are making
products fit for its intended use, due to their lobbying for, and to
retain, the almost standalone exemption of software from all the normal
product liability legislation...).
> You need to know the risks in anything in life. Would you have a child and
> not bring it up warning it about people who may want to take advantage of
> it? Parenting doesnt come with a manual either but there are scumbags about
> who would do harm to an innocent child. Everything has a modicum of risk
> depending on what the thing is. Computers are no different to that. Ignore
> the risk at your own peril.
In general I agree. The problem with computers is they are
fundamentally complex. In fact, way too complex for a typical user
(and even most "computer experts") to understand sufficiently. Way,
way too complex for a typical user to understand well enough to do a
reasoned risk assessment. In fact, if they were able so to do and we
applied your reasoning, almost no "typical consumer" computer users
would use Windows (assuming that Windows had kept developing as it has
if people had actually been able to make sensible, informed security
assessments of it). I have no idea what they would use instead
(probably very few of them would exist), but if they could make the
kind of security assessment you suggest they should, I know they
wouldn't use Windows as it is today.
So, why do so many of them use Windows, flawed as we know it is?
Well, it provides huge utility and thus, presumably, value to them and
as it is sold as a consumer electronics item, they assume that Billy
Boy has their best interests (rather than the best inerests of his
wallet) at heart because they reasonably presume that the usually
"hidden" rules and expectations of due care (that apply to all other
consumer electronics products, in fact most other products and
definitely to your apples, through product liability law) apply here as
well. Hence, Billy Boy could only be that rich if he made a product of
truly stellar quality. (Actually, I don't think (m)any consumers make
that last assessment, and certainly not as if it were a buying point
for Windows...)
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] Anti-MS drivel"
- In reply to: Gregh: "Re: [Full-Disclosure] Anti-MS drivel"
- Next in thread: Andreas Bischoff: "RE: [Full-Disclosure] OT: was Anti-MS drivel; SCO fights GPL"
- Reply: Andreas Bischoff: "RE: [Full-Disclosure] OT: was Anti-MS drivel; SCO fights GPL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
