Contributed by Dengue on from the oops dept.
Great title, and good analysis of the threat widespread infection by worms and trojans poses broadband connected users of less secure operating systems . The analysis is driven largely by Code Red, Nimda, et. al.
(Comments are closed)
By RC () on
Comments
By elmalstard () on
I often hear people saying that MS is bullshit and linux is god. Hey, wake up, a standard linux box is full of security holes...
By RC () on
Of course, if there's no patch for the hole, the responsibility passes to Microsoft, et al.
It's so simple that I can't imagine why it isn't the case. It seems like the internet is the wild west as far as congress is concerned, and they only pass the laws that will allow them to pass the buck to companies, and let them do as they please...
Comments
By Anonymous Coward () on
By edu () on
Comments
By Anonymous Coward () on
Also, something that is free immediately gets an image of 'low-quality' with these shortsighted people, especially when the commericial counterpart costs several 100$!
There's not much one can do against a company which clearly has a monopoly and has by far the greatest budget for advertising. Free software (hardly) has the budget to do any advertising at all.
So maybe a law like that would be a little harsh, but it would certainly open up some eyes, and enlighten minds.
By Devil's Advocate () on
Maybe you'll get the death penalty if you left your door unlocked.
DA
Comments
By Anonymous Coward () on
Yes.
If you leave your gun laying around the house, then you are responsible when your kid's friend steals it and kills his dad.
If you let people caring knives pass throug airport security - you should be held responsible after they hijack an airplane and kill few thousand people.
People should be held responsible not only for committing the crime, but for not preventing the crime when they could.
Comments
By Anonymous Coward () on
> Yes.
Only if you took no measures or obviously insufficient measures to protect your car. If you left your car door locked, kept the car alarm on, and put an anti-theft device on the steering wheel anyway, I don't think anyone could reasonably claim that you're responsible. Securing your car completely and thorougly is just as impossible as securing a computer system completely and thoroughly, and I don't think anyone is willing to lock their car in a safe, cover it in concrete, and bury it at the bottom of the Mariana Trench.
> People should be held responsible not only for committing the crime, but for not preventing the crime when they could.
There's a big difference between preventing the crime when you can, and preventing it when it's reasonably possible. Holding people liable for not doing the former when they did the latter is unethical.
Comments
By David () on
> Only if you took no measures or obviously insufficient measures to protect your car.
Just like using OpenBSD over Windows for your internet servers. :-)
This raises an interesting point though, what if the administrators of all of the Windows computers responsible for Code Red 1/2 where held liable for damage to other's systems? A patch was out there, so you could say it's their responsability, and it would wake the world up to security, the moment you become exposed.
By Anonymous Coward () on
someone breaks into my house while i'm on vacation and sells drugs out of it for a week. why should i be held responsible? because i couldn't afford armed guards?
By mirabile () misc@openbsd.org on mailto:misc@openbsd.org
If Joe operates some insecure system
and does not ensure privacy and protection
for data etc. he is going to be held
responsible.
There are even ways to protect some
Microsoft(R) systems, such as putting
them behind a OpenBSD firewall and
running some "personal firewall"
programme on them, alongside with
a decent antivir programme, which
both come for free.
As for servers, there are measures, too.
Lately I got flamed on http://www.symlink.ch/
by P2501 for this opinion, but luckily,
I'm not alone out there ;)
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
-ISPs could remove alot of the garbage on the net.
-However
Holding a software company financially responsible
for the laziness of the people that use its software
is a VERY bad idea. To keep it to the point.
Microsoft could afford the lawsuits.
OpenSource companies could not.
-
-
Yes Microsoft made some very bad design decisions that
left their software vulnerable. Yes I have a problem
with MS.
But. WHO CARES?
Until the general population wises up these kinds of
things will be possible.
Until somebody notices that the people using a secure
OS can sit back and laugh while the rest of the
computing world has to run around like a chicken that
just lots its head, with every new virus and worm.
WHO CARES.
No lawsuits. No lawyers. Buyer beware. End of story.
By Anonymous Coward () on
The real solution is for every leaf node to filter at its internal border, but the logistics of educating and convincing every dumb admin that he needs to filter, and of then having him convince his bosses that he should be allowed to filter, and of then actually doing it, are immense. Some day I think it might happen, but that day is probably ten or twenty years in the future. In the meantime we're all screwed.
By Anonymous Coward () on
as such, filtering by ingress/egress isn't a help from that perspective. filtering needs to be done, but its not the end-all-be-all solution. additionally, i tend to lobby for traffic shaping on a per host basis, as no single host should be able to consume a pipe. lastly, smart filtering practices and local proxies on well controlled networks can remedy a lot of this.
By Gimlet () on
What universe do you live in?
Customers don't pay for security, they pay for performance. Until that changes, I wouldn't hold my breath.
Comments
By Anonymous Coward () on
> performance. Until that changes, I wouldn't
> hold my breath.
Customers pay a lot for poor performance and even worse security. (M$)
If they would pay less (OpenBSD), they'd get far better performance, and enormously better security.
They would have to re-educate their staff, but I think that costs less than the money you save by not buying 10 windows licenses, but some OpenBSD cd's ;-)
So in the end, it's a win-win situation ;-)
Only too bad people are so sensitive to advertising :-(
Comments
By Anonymous Coward () on
MicroSoft gives good performance and much, much, MUCH better value to the average user. Sure, if you're some zealot weenie you can go "oh but we've gone through audits and blah blah etc..." but that's not what people are looking for. They want usability, which OpenBSD is *not* without taking the security down to about level with MS. The biggest difference between the two is default settings. MS goes for the lowest common denominator while OpenBSD goes for locking everything down.
The training time, frustration, plus the switchover time for admins is IMMENSE.
I hope this will help clear up some of your problems, but others just seem too big for this sort of forum.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
I'm not an experienced admin, though I am not a complete newbie either. I have far more experience with Microsoft OSes (about 8 years now) than with Open Source OSes (about 3 years) or OpenBSD (only a year or so).
Though I got a (very) basic OpenBSD webserver up&running in only 30 minutes (that includes installing OpenBSD, setting up Apache (yeah, edit one line), ftpd, and transfering my files).
I wouldn't be able to install a windows box in that time. Just a standard installation already takes far longer (depending on the speed of the machine of course), and they you don't even have the server-software running ;-)
And that server is a 486 with 16mb ram and a 230mb hdd. I doubt windows would be able to achieve a performance anywhere near OpenBSD on that box.
Admitted, on high-end systems, the performance difference is less noticeable, but on low-end systems, you do notice it!
By Anonymous Coward () on
it's like saying "we should give guns to anyone who wants one, and not require licenses, since that is what the customer wants".
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Marc Espie () espie@openbsd.org on mailto:espie@openbsd.org
By Chris () on http://www.dejection.org.uk/
Comments
By Chris () on http://www.dejection.org.uk/
its just MCSEs are incompetant by default ;-)
By Anonymous Coward () on