Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750

From: Me2 (nospam_at_nospam.com)
Date: 10/05/03 

Date: Sun, 5 Oct 2003 12:17:31 -0700

Jim,

somewhat I agree with what you are saying, but I think the scenario (for me)
goes something like this:

The lock on your front door has a defect, but you don't know it! And a
thief is going around breaking into houses using a special key that takes
advantage of the defect. The lock manufacturer know about the defect, the
thieves know about the defect, but the lock owners do not.

Is it prudent or irresponsible for the manufacturer to notify lock owners
that their houses are in danger of being burglarized because their locks
have a defect?

If I got a notice from my lock manufacture that my lock is vulnerable, I
could at least close the dead bolt or change the lock, put a chair behind
the door or whatever to secure my house. If I did not get a notice from my
lock manufacture that my lock is vulnerable, then the next thief could just
walk in.

I know what you will say: "The manufacturer should say nothing until they
have a fix." What the heck - its better to have a few thousand houses
broken into than to alert more thieves of the broken lock. But YOU will not
be happy when it's YOUR house that was broken into because you were not
alerted to block access to your house with something more than just the
defective lock. YOU will be screaming bloody murder that someone did not
let you know about the defective lock!

Me out

"Jim Eshelman" <newsgroups@aumha.org> wrote in message
news:uGTF%23N2iDHA.2172@TK2MSFTNGP10.phx.gbl...
> Me2 wrote:
> > Jim, George,
> >
> > I don't get it! Are you advocating that if a new Trojan/virus/worm is
> > starting to infect thousands of machines in a serious way that
> > Microsoft should NOT notify its customers just because they don't
> > have a fix yet!!! I don't get it - where is this coming from?
>
> Pretty close, yes. It's coming from prudence. It's coming from not making
> the world a more dangerous place.
>
> If the lock is broken on your front door, you won't be able to fix it for
a
> couple of days, and someone burgles your house, you don't hang a sign on
the
> front door that says, "Warning, my lock is broken and burglars can get
in."
>
> One new Trojan using a particular exploit won't necessarily be the last.
> Every new sentence Microsoft makes public is further information that is
> more valuable to the exploiters than to the end users. I believe they
> shouldn't say a bloody thing to the public until they are ready to deliver
> the fix. It is well established that virus makers watch Microsoft's
notices
> of such things as a good source of information on what they can exploit.
>
> What Microsoft *should* do, though -- and I believe they in fact do -- is
> make the information immediately available to the major antivirus makers.
> That's where the fix should come from. People should rely on teir
antivirus
> software, and not on news bytes from Microsoft, to stay protected from
> viruses including Trojans.
>
> --
> Jim Eshelman, MS-MVP Windows
> http://aumha.org/
> http://WinSupportCenter.com/
>
>
> Did you find this newsgroup on the web? A newsreader like Outlook Express
> will make your online life a lot easier. Get better help! See:
> http://aumha.org/win4/supp1b.htm and
> http://support.microsoft.com/support/news/howto/default.asp
>
>

Relevant Pages

  • Re: gone without a trace
    ... >> manage to lock himself out of the house while putting clothes in the ... Wearing only a towel wrapped around his waist. ... My brother managed to lock himself out of a hotel room while travelling on ... set the tray back outside the door. ...
    (rec.pets.cats.anecdotes)
  • Re: Shooting (OT)
    ... his house and he got his gun," an officer said. ... If he shot a person who accidentally walked in through a door ... got to be a total moron not to lock the front door. ... warning at a genuine burglar who proceeded to book out fast. ...
    (rec.motorcycles)
  • Re: Cat alerts owner to intruding sex offender
    ... hollow-core door. ... a strong door with a bad lock isn't good - you're really reaching ... Nobody is talking about 'guard dogs' here Bo. ... They need to be free in the house, running from window to window, ...
    (alt.true-crime)
  • Re: Shooting (OT)
    ... his house and he got his gun," an officer said. ... If he shot a person who accidentally walked in through a door ... got to be a total moron not to lock the front door. ... warning at a genuine burglar who proceeded to book out fast. ...
    (rec.motorcycles)
  • Re: Wi-Fi question
    ... I'd kick down the fucking door because the lock is a feel-good item in most houses, and everyone spends so much time thinking about the lock they forget that the door and it's frame is often the weakest point. ... WEP is like a lame lock and door that you can subvert by jiggling the handle and sliding some sort of item into the jamb. ... you might still pick the lock of the house with fancy jewelry. ...
    (comp.sys.mac.system)