[thelist] New Critical Security Patch for Windows....

Fri Feb 13 04:58:38 CST 2004

On Thursday 2004 February 12 21:17, Jeff Howden wrote:
> shawn,
>
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > From: Shawn K. Quinn
> >
> > I would say this is of dubious relevance, when the
> > exploits for them choke down entire networks and the
> > fallout affects everyone, [...]
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
> how did i know you'd be one that was quick to reply to my post?
>
> it seems everything these days has some sort of network capability
> built into it.  it also seems that the majority of net-connected folk
> are running some flavor of windows.  most are not computer experts,
> let alone security experts. 

I'm not expecting the average user to be a security expert. What I do 
think is reasonable to expect is that the average user knows basic safe 
computing practices and common sense, namely that Microsoft will not 
e-mail the patch to its users. Microsoft could have chosen to be part 
of the solution by including this information with new copies of 
Windows; it's obvious that some people need to get it from somewhere.

> therefore, the likelihood that one individual makes an ill-advised
> decision regarding an attachment in  their email and suddenly their
> computer is infected and it attempts to do the same to every other
> computer it can find, most of which are running windows. 

Which is itself part of the problem, IMO.

> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > [...] even those of us who have long since ceased
> > trusting Microsoft. [...]
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
> i'm not interested in your personal trust issues.

It's a shame, because you probably could learn something if you knew the 
reasons why I quit trusting Microsoft.

> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > Also, Microsoft is not exactly known for brutal honesty
> > when it comes to owing up to a bug in their software,
> > in particular if it is security-related, and even if
> > they acknowledge it the impact is ridiculously
> > downplayed. Contrast this with, say, OpenBSD's same-day
> > update owning up to the one remote hole in the default
> > install after four years (and the exploitability of that
> > hole was still in question).
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
> imo, your good vs evil attitude that's resonated in the statements
> above does nothing to sway my opinion.  of course a large corporation
> is going to downplay things.

Not necessarily. I haven't really seen Ford, Chrysler, or GM try to 
downplay safety defects in their automobiles, for example; they are a 
lot more honest than Microsoft ever has been.

> of course they're going to try to keep the details of the entire issue
> under wraps.  sure, it makes some people uneasy.  you still see a
> patch or update available though don't you?

Maybe, though usually not in a timely fashion.

> so, you say, why doesn't everyone use something better
> (security-wise)? well, cause the choices that are more secure are far 
> less user-friendly to the majority of computer users. computers are 
> scary enough to most.  put them in front of something they'll never
> see in the office or at a friend's house, etc, and they'll flip.

I would say a new user should easily be able to figure out how to use 
KDE and probably GNOME as well, even if they are used to the "Windows 
way" of doing things. And I wouldn't be so quick to say they would 
"never see" something besides Windows "in the office or at a friend's 
house".

You seem to imply there's something really scary about GNU/Linux and 
other Unix-like operating systems; could you elaborate? Have you used 
them before?

-- 
Shawn K. Quinn