Re: Call to arms - INFORMATION ANARCHY

From: Sil***, Stephen (stephen_sil***@CLEANAWAY.COM.AU)
Date: 11/05/01 

Message-ID:  <86F341295371F54D8B2C420314B09CE59F0349@319nt3.cleanaway.com.au>
Date:         Mon, 5 Nov 2001 11:30:03 +1100
From: "Sil***, Stephen" <stephen_sil***@CLEANAWAY.COM.AU>
Subject:      Re: Call to arms - INFORMATION ANARCHY
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Nice long thread... my POV:

The "Call to Arms" is long overdue - I see the script kiddies and worms in
my logs just like everyone else. If the software was better written in the
first place they wouldn't have a niche. If every little hole ever found is
published quickly and completely the vendors will either patch it promptly
or the users of their software will be compromised, crashed or robbed and
the vendor will rapidly be out of business. Or they could implement better
QA as suggested...

But this is NTBugtraq so let's just dispense with the generic "commercial
vendors" and talk about Microsoft. They have a primary responsibility - to
make money for their shareholders. That's fair enough and a good thing.
But unfortunately they've ruthlessly bullied themselves into a monopoly
position and now they have a more important obligation. The world runs on
Windows to a large extent and that brings with it a civic obligation - maybe
they need to be regulated like the health or power industry. But the
governments of the world seem to lack the spine to turn down all that money
so if "Information Anarchy" is what it takes to stiffen it then so be it.

Sooner or later the poor quality of software in the world today is going to
bring it all crashing down... CodeRed was tame. Hundreds of thousands of
compromised boxes in the space of a single day and for what? Squat.
Imagine if that worm had beem programmed to erase HDD's after 24 hours...
and there are many many worse things it could have done that. Sooner or
later the combination of a truly malicious black hat and a hole in Windows
is going to bring the web to a screeching halt. Unless Microsoft can be
made to get it's act together. I've seen many good points raised in this
thread - poor QA, pushing upgrades to new(still buggy) OS's rather than
fixing current ones, bells and whistles rather than basics... but the
disclosure argument is dead. If the public isn't aware of the holes
commercial vendors won't fix it because it costs money; it's that simple.

So go for it I say... better to have this war now than in ten or twenty
years when there really are crucial things linked by humming wires. Like
banks. Or hospitals. Or power plants. Or traffic lights. Or weapons
systems. Or space craft. Or even people.

S. :)

PLEASE NOTE:

This email transmission is confidential and intended solely for the
addressee. If you are not the intended addressee, you must not use,
disclose or print this transmission and you should delete it from your
system.