[thelist] New Critical Security Patch for Windows....

Jeff Howden jeff at jeffhowden.com
Thu Feb 12 21:17:47 CST 2004


> From: Shawn K. Quinn
> I would say this is of dubious relevance, when the
> exploits for them choke down entire networks and the
> fallout affects everyone, [...]

how did i know you'd be one that was quick to reply to my post?

it seems everything these days has some sort of network capability built
into it.  it also seems that the majority of net-connected folk are running
some flavor of windows.  most are not computer experts, let alone security
experts.  therefore, the likelihood that one individual makes an ill-advised
decision regarding an attachment in their email and suddenly their computer
is infected and it attempts to do the same to every other computer it can
find, most of which are running windows.  the cycle repeats itself over and
over again.  it's no wonder your statement "choke down entire networks and
the fallout affects everyone" is true.  it doesn't prove anything damaging
to my claims though.

> [...] even those of us who have long since ceased
> trusting Microsoft. [...]

i'm not interested in your personal trust issues.

> Also, Microsoft is not exactly known for brutal honesty
> when it comes to owing up to a bug in their software,
> in particular if it is security-related, and even if
> they acknowledge it the impact is ridiculously
> downplayed. Contrast this with, say, OpenBSD's same-day
> update owning up to the one remote hole in the default
> install after four years (and the exploitability of that
> hole was still in question).

imo, your good vs evil attitude that's resonated in the statements above
does nothing to sway my opinion.  of course a large corporation is going to
downplay things.  of course they're going to try to keep the details of the
entire issue under wraps.  sure, it makes some people uneasy.  you still see
a patch or update available though don't you?

> Something else to ponder: Before Microsoft Windows was
> Internet-capable, there was talk about *the* Internet
> worm, as in the ONE Internet worm.  These days, if you
> try to refer to *the* Internet worm, people will reply
> somethign like "Huh? Which one? You mean there's another
> one out there now?"

see my comment above about everything being network capable.  enough said.

> As far as your "uninformed" comment, I've been using
> computers for quite a long time. I taught myself BASIC
> and 6502 assembler language before I was out of
> elementary school, and have studied computer network
> security ever since getting my first dialup Internet
> account back in 1996. I'm about as informed as they
> come.

it also puts you in the rarest percentage of overall internet users.
therefore, what works for you, is *highly* unlikely to work for most in
their day to day interaction with computers.  face it, you're an
uber-power-user in a world of neophytes.  you'll likely always be ahead of
the curve and they'll always be playing catchup.  so, because corporations
desire to be profitable, they're going to be catering to the majority.  the
desires of that majority will drive what the corporations focus on.  things
that are lower priority won't get as much funding.  i personally agree that
security is an important factor, but many less knowledgeable users do not.
it isn't even on the radar.

anyway, aside from the rambling, i'm really just trying to say that your
priorities are not the same priorities that most computer users have.  so,
you'll likely always be frustrated by companies like microsoft who place
emphasis on things you don't think are important.

so, you say, why doesn't everyone use something better (security-wise)?
well, cause the choices that are more secure are far less user-friendly to
the majority of computer users.  computers are scary enough to most.  put
them in front of something they'll never see in the office or at a friend's
house, etc, and they'll flip.

> I think it's safe to say just about every unbiased
> computer security expert [...]

such a creature does *not* exist.


Jeff Howden - Web Application Specialist
Résumé - http://jeffhowden.com/about/resume/
Code Library - http://evolt.jeffhowden.com/jeff/code/

More information about the thelist mailing list