RE: Microsot Liability for vulnerabilities
From: Dozal, Tim (tdozal_at_cisco.com)
Date: 07/22/03
- Previous message: Ansgar Wiechers: "Re: Some 'new guy' questions"
- Maybe in reply to: Ronish Mehta: "Microsot Liability for vulnerabilities"
- Next in thread: Ranjeet Shetye: "Re: Microsot Liability for vulnerabilities"
- Reply: Ranjeet Shetye: "Re: Microsot Liability for vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Jul 2003 11:43:15 -0700 To: "Ronish Mehta" <sf_mail_sbm@yahoo.com>, <security-basics@securityfocus.com>
This is a very old question and most people are entrenched on one side
or the other already but for what its worth.....
MS first gives you the chance to not accept its EULA so when you click
"I Accept" you should have read that MS is no longer liable for what a
virus or hacker is able to do to your system.
This leads to the real issue, is MS code any more buggy than Linux or
Oracle or any other major software maker. Probably not, but the nature
of MS and its massive success in the market makes them the target of
choice. You end up with the vast majority of hackers and virus writers
targeting MS products since they have the largest market % and the coder
can hence have the most impact.
I'm waiting patiently for the day when Linux in some form or another has
a large enough market share to become the new target. All of the Linux
lovers will instantly be shocked by the attacks found in the open source
they have come to love so much. The companies who deployed the open
source will have to internally fund patches and fixes for the exploits
as hackers run rampant through their systems.
From a corporate perspective that paints a pretty scary and expensive
picture. Patches released from a single source look pretty attractive
and the time needed to deploy a corporate wide patch becomes much less
daunting when compared to keeping a fully staffed programming team only
to deal with coding fixes and patches for your internal open source
deployment.
With MS and the other large software/hardware vendors come a massive
support infrastructure and the piece of mind that when problems are
discovered they will be fixed by the experts who wrote the code in the
first place. It's for this reason you will see very few large scale
deployments of open source into enterprise level companies.
So to end my rant: No MS is not liable and I don't believe they should
be. Why not hang (or better yet HIRE) the hackers and virus writers who
create the destructive code, but don't blame MS for being the target of
the efforts of the hacker community.
Tim
-----Original Message-----
From: Ronish Mehta [mailto:sf_mail_sbm@yahoo.com]
Sent: Monday, July 21, 2003 3:19 AM
To: security-basics@securityfocus.com
Subject: Microsot Liability for vulnerabilities
Hi all,
As we all know, M$ licences are very expensive (both
one-time & recurring cost).
We also know that new vulnerabilities are discovered
regularly (we may say monthly just to be kind)
These vulnerabilities are exploited by viruses and
hackers, and these may cause damage to our computer
systems, and may involve additional cost
to protect ourselves against these threats, we have to
apply latest patches, use uptodate antiviruses.
In a large organisation deploying patches may be a
real headache (I know because I'm in this situation ;)
and may involve additional cost
I was just wondering if Microsoft does not have a part
of responsibility in all this? After all we are paying
this company a fortune for OS and applications that
contain vulnerabilities/bugs.
Should we continue to pay Microsoft for its buggy
software packages? Can we sue it for the damages that
it can potentially cause to our company (interms of
cost, reputation, etc)?
Thanks for your views
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Ansgar Wiechers: "Re: Some 'new guy' questions"
- Maybe in reply to: Ronish Mehta: "Microsot Liability for vulnerabilities"
- Next in thread: Ranjeet Shetye: "Re: Microsot Liability for vulnerabilities"
- Reply: Ranjeet Shetye: "Re: Microsot Liability for vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
