Jim Mercer wrote:
actually, i don't think this is strictly microsoft's fault.
the companies that "lost" that $8,000,000,000 are responsible for their own actions. they ignored the vulnerability reports as well.
I don't accept this argument. You are saying that we need to sue our customers for using a faulty product, rather than the vendor of the faulty product. My understanding of product liability doesn't jibe with that illogic. Very few customers follow security digests, and fewer have the resources to enforce installation of patches and non-default setup. The product is functioning as delivered. The only recourse for our customers would have been to use a non-M$ product. M$ has been using a monopoly position to leverage Internet services. While we encourage our customers to use better products, time and time again, we find that they install M$ anyway. Their accounting runs on 98+NT, their patient record system run on 98+NT, heck, their constituent mail tracking package runs on 98+NT.... They use NT for "firewall", NAT, etc.
how long would they keep a voice mail system that automatically dialed the return number, regardless of local or long distance charges?
Speaking from past experience, they would keep a Rolm PBX that fails to record such things -- because it's too expensive to replace the system in lost time and business -- then sue Rolm for the consequential damages (resulting in near bankruptcy for Rolm, which was bailed out by IBM). But, this case is even worse, the equivalent of incurring a long-distance conference call to every previous caller, upon picking up the phone without dialing anything!
one would hope that incidents like this would help educate the decision makers, but, alas, they are just sheep being gobbled up by the microsoft wolf.
Your BSD signature reveals your bias. While I may agree with the sentiment, suing our customers for ignorance would likely be counter-productive for regaining lost revenues.... WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32