Roeland Meyer wrote:
From: William Allen Simpson [mailto:wsimpson@greendragon.com] A check in the mail would be a better incentive to administrators than "automatic" updates.
Now *there's* a thought. However, all software companies carry product liability insurance. It's sometimes called a shrink-wrap license. You might actually try reading it the next time you purchase and install software.
I'm not a party to the EULA. For the sake of argument, ISPs are the party that the SUV hit when it rolled over after the tires exploded.... (actually, because of our proactive action and filtering, we had exactly zero customers that were still infected by Jul 20th. But we had to spend the manpower and technical support -- that's worth something!) Also, you may have noticed that shrink-wrap licenses are valid in only two places: Washington (state) and Virginia. This would be a Federal class action. Joe Shaw wrote:
And with this latest threat of code red, Microsoft would have been covered anyway, because a patch for this exploit existed well before CodeRed hit. They released a patch for the indexing server on June 18, 2001, which as you know is a full month before CodeRed. So, people had a MONTH to prepare for something like this, and it's a sad statement that they did not.
Actually, although the patch was released, M$ lied, saying it was only needed by web servers. We have since learned that *ALL* W2K and XP systems were vulnerable. Fraud and misrepresentation?
human somewhere wrote some bad code. It happens, and continues to happen on a daily basis.
It's long past time that humans were held accountable. Funny, the engine electronics in my car doesn't seem to be vulnerable to these failures.... Maybe it's the extensive (years) of testing and code review? Why should I have to pay for the desire of M$ to be "first to market", or more usually, "last to market but cheaper". There is no other industry where such bad practices would be acceptable. It shouldn't be in ours, either!
Security requires vigilence, and there seems to be too little of it out in the world.
Agreed. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32