----- Original Message ----- From: <Valdis.Kletnieks@vt.edu> To: "Henry Linneweh" <hrlinneweh@sbcglobal.net> Cc: <nanog@merit.edu> Sent: Monday, March 01, 2004 12:59 Subject: Re: Possibly yet another MS mail worm On Mon, 01 Mar 2004 10:35:05 PST, Henry Linneweh <hrlinneweh@sbcglobal.net> said:
Everyday there is a new, news article on this and every day everyone panics and eeryday some one says tell the government to make a law, it is time to realize that no law is going to do anything for anyone soon. In the past we just took care of the problem and we can do the same now by sharing the solutions we shared then for FREE.
The basic problem is that for the average ISP, requiring the users to have a clue and to use secure software is financial suicide. <insert obligatory Randy Bush reference here>. Until something happens to change the cost/benefit ratios, we're stuck with it. Remember that vendor lock-in is an issue - why should the user spend all the time/money of obtaining new software and learning how to use it if they're currently not experiencing high amounts of cost/pain? Many users will write off "I'm only losing 2 or 3 days of work a year due to virus/worms" and balance that against "Moving to <anything else> would screw things up for 2 weeks while I relearn and reconfigure", and decide it's not worth changing...
I am kind of torn between new legislation to force users to clean up their machines when infected vs letting things go becuase I don't like government intervention, in general. I guess if society deems it a big enough problem, they'll push for legislation. Right now, folks don't seem to mind absorbing the cost of these worms. Till this changes, I don't think anything will get done, either on the technical or legal side.