Re: Microsoft declares security is NOT its top priority
From: *Vanguard* (reply-to-newsgroup_at_do-not-email.invalid)
Date: 06/22/04
- Next message: thmcg: "Event Viewer Error Messages"
- Previous message: NoNoBadDog!: "Re: settings"
- In reply to: perfb: "Microsoft declares security is NOT its top priority"
- Next in thread: hermes: "Re: Microsoft declares security is NOT its top priority"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Jun 2004 17:41:48 -0500
perfb said in news:775799ec.0406220429.589c1d21@posting.google.com:
> As M$ is refusing to allow all installations of its defective
> OS to be patched, it is apparent that internet security
> is NOT the top priority at M$. Any M$ argument to the contrary
> is thoroughly refuted by this simple fact.
>
> to wit:
>
> -----------------------------------------------
>
> Tuesday, 01 June 2004
>
> Microsoft's actions speak louder than words
> by Bruce Schneier, Network World
> Comment: is security Microsoft's top priority?
>
> The security of your computer and network depends on two things: what
> you do to secure your computer and network, and what everyone else
> does to secure their computers and networks. It's not enough for you
> to maintain a secure network. If other people don't maintain their
> security, we're all more vulnerable to attack.
> When many unsecure computers are connected to the Internet, worms
> spread faster and more extensively, distributed denial-of-service
> attacks are easier to launch, and spammers have more platforms from
> which to send e-mail. The more unsecure the average computer on the
> Internet is, the more unsecure your computer is.
>
> It's like malaria: everyone is safer when we all work together to
> drain the swamps and increase the level of hygiene in our community.
>
> This is the backdrop against which to view Microsoft's Windows XP
> security upgrade: Service Pack 2 (SP2). SP2 is a major security
> upgrade. It includes features such as Windows Firewall, an enhanced
> personal firewall that is turned on by default, better automatic
> patching and other security improvements.
>
> Initial news stories reported that Microsoft would make this upgrade
> available to all XP users, both licensed and unlicensed. To me, this
> was a smart move on Microsoft's part. Think about all the ways the
> company would benefit. Licensed users would be more secure and
> happier. Worms that attack Microsoft products would be less virulent,
> so Microsoft wouldn't look as bad in the press. Microsoft would win,
> its customers would win and the Internet would win. It's the kind of
> marketing move about which best-selling books are written.
>
> Then Microsoft said the initial comments were wrong; SP2 would not run
> on pirated copies of XP. Only legal copies of the software could be
> secured. This is the wrong decision, for all the same reasons that the
> initial decision was the correct one.
>
> Of course, Microsoft is within its rights to deny service to pirates.
> It makes sense for the company to make sure performance or feature
> upgrades do not run on pirated software. Microsoft wants to deny the
> benefits of its products to people who haven't paid for them, and
> entice these people to become licensed users. But security upgrades
> are different. Microsoft is harming its licensed users by denying
> security to unlicensed users.
>
> This decision, more than anything else Microsoft has said or done in
> the past few years, proves to me that security is not the company's
> first priority. Here was a chance for Microsoft to do the right thing:
> to put security ahead of profits. Here was a chance to look good in
> the press and improve security for all its users worldwide. Microsoft
> says that improving security is the most important thing, but its
> actions prove otherwise.
>
> SP2 is an important security upgrade to Windows XP, and I hope it is
> widely installed among licensed XP users. I also hope it is quickly
> pirated, so unlicensed XP users also can install it. For me to remain
> secure on the Internet, I need everyone to become more secure. And the
> more people who install SP2, the more we all benefit.
>
> Schneier is CTO of Counterpane Internet Security and author of Beyond
> Fear: Thinking Sensibly About Security in an Uncertain World. He can
> be reached at www.schneier.com.
For pirated copies of Windows, Microsoft should self-terminate those
installs. The pirated user gets a big fat warning window on every boot
saying that they have N loads left (starting at, say, 50). That's how
many times they can reboot the OS. Don't bother with a timed expiration
which might be circumvented. Just keep an encoded count of the bootup
of the OS and then refuse to boot after the max boots has been reached.
Kill off the pirated copies rather than continuing to support them.
Sure, patch it, patch it good, patch it to incorporate the updates and
also patch it to die! Takes care of getting ALL Windows hosts updated
and also takes care of wiping out the pirated copies. If they want to
keep using their pirated version, they'll never be able to update. Wipe
them out through attrition and, better yet, through expiration.
So what additional taxes do you want to pay to fund Microsoft's support
for pirated copies? I'm sure Microsoft will accept any and all monies
you send them for this purpose. Or maybe they could trace your IP
address on the SP2 download, send a summons to your ISP demanding the
customer be divulged, and then send you a bill for downloading SP2 to
subsidize their additional costs for supporting thieves. When it is YOU
footing the bill for theft, boy, will you sing a different tune.
Obviously those supporting such stupidity have never been programmers
that need to engender sales to provide for their salary. It's always
really easy to say that someone ELSE should pay for YOUR convenience and
safety.
Also, you cannot legally enforce anyone to deploy an update or patch to
their system. In a testing lab, the exact configuration must be known
so you really know what is the platform on which you test. You don't
let it update so you don't know what files, libraries, or functions are
available or have changed. Some critically required programs may not
function after an update. It is more important to get your work done
than worry about a patch that might not help at all and will impair the
use of YOUR platform. Just because you keep your car washed and waxed
doesn't mean you have the legal right to enforce someone else driving
the same model to get their rust spots fixed. That's what THEY want to
use. If someone pirates a copy of software then THAT is what they chose
to use ... and they should never get anything more! Do you really
expect the burglar that stole your television while you were on vacation
to wait until you come back to ask for the remote, too?
-- ____________________________________________________________ *** Post replies to newsgroup. Share with others. *** Email domain = ".com" *AND* append "=NEWS=" to Subject. ____________________________________________________________
- Next message: thmcg: "Event Viewer Error Messages"
- Previous message: NoNoBadDog!: "Re: settings"
- In reply to: perfb: "Microsoft declares security is NOT its top priority"
- Next in thread: hermes: "Re: Microsoft declares security is NOT its top priority"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
