Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Windows Can Earn From Bugs

__/ [rapskat] on Tuesday 11 October 2005 17:54 \__

> On Tue, 11 Oct 2005 15:48:50 +0100, Roy Schestowitz wrote:
>> Allow me to say more while the thoughts stir in my mind.
>> A secure and stable operating system should not be perceived as a Utopia.
>> If I can keep a Linux box and Palm handheld up for months, this implies
>> that Windows gives a discouraging illusion, thereby falsifying any reason
>> to trust an operating system and data integrity that it's liable for.
> There is an implicit trust involved when submitting your personal data to
> an information system.  The trust is the same as when you commit your
> personal thoughts and feelings to a diary or journal.  You know that the
> journal won't just tell anyone all by itself what personal info it has
> within it's pages. However, if the journal itself is not secured, then
> anyone could find and read whatever is enscribed therein.
> It stands to reason that any system whose basic purpose is to hold
> sensitive data should have the means to secure said data.  Even journals
> that are oriented for this purpose come with various locking mechanisms to
> keep the casual reader out.
>> How /dare/ M$ change for what should be XP SP3? And how can they not be
>> guilty for delivering a faulty operating system 'out of the box'? Why
>> need I spend several hours patching up my mother's /fresh/ installation
>> of Windows (she insisted on using that garbage)?
> Continuing with my analogy from above, while more recent versions of
> Windows do have the capability to secure the data that they hold, this is
> not the default configuration.  A good lock will in it's default
> configuration automatically engage without having to be expressly
> configured to do so.  This means that when the door is closed, it
> automatically locks.  By contrast, a bad lock has to be manually and
> expressly engaged every time.  Windows defaults to the bad lock scenario,
> purpotedly for the reasons of ease of use.  It is assumed that the user
> will engage the builtin security mechanisms if they desire them.
> The glaringly evident problem with this is that people often aren't aware
> that these mechanisms are present or howto even engage them.  From the
> user's point of view, they assume that their computer should be like a
> good lock, where it will default to whatever security being engaged by
> default so they don't have to worry about it.  No effort is made to tell
> people otherwise.
> Recently, M$ has attempted in some small way to correct this blatant lapse
> by implementing a "security console".  The purpose of this is to inform
> people that the door is ajar, however it does nothing to actually
> engage any security functions on it's own or even inform the user what to
> do. Everything is again left up to the user to manually install and
> configure according to the nagging of the console.
> Despite M$ closing a few door and windows (NPI), still it's products are
> inherently insecure and in truth unsuitable for general use by the public
> in any semblance of a secure fashion.  It can be said with all assurance
> that any person who uses any version of Windows on the Internet with it's
> default settings will at some point shortly be compromised with various
> malware.

Yes, this only took a few minutes to happen last week when I installed
Windows (see above). I didn't know if I should laugh or whine. I was at the
dashboard at the time, I may remind you, so it was unpleasant. Nonetheless,
it re-assured my choices so it's a double-edged sword.

> This indicates a violation of trust.  Despite the various EULA's that
> accompany M$ products and their claims of no or extremely limited fault,
> consumer laws provide a guarantee to persons that purchase products that
> said goods will do what they are advertised to do.  If one purchases a car
> that is sold under the pretense that it runs and is in good condition, and
> then said vehicle conks out down the road from the dealer, then the
> dealership is liable.
> Windows does not do what it is advertised to do, ie provide safe and
> reliable computing out of the box.  As such, M$ is legally liable to every
> person that has become victim to their shoddy products.  A vendor has a
> legal obligation to their customers that the products that they sell are
> safe, secure and suitable for use as is.
>> The ironic thing is that Microsoft now have financial incentive when it
>> comes to software bugs. If they cleansed their O/S from bugs, they would
>> lose business.
> This is insult to injury.  Not only are M$ products self-admittedly
> insecure and unsuitable for online use by default, but now M$ intends to
> extort even more money from consumers by offering add-on security products
> in order to secure their insecure products!  It's like selling someone a
> car, but selling the brakes and seatbelts separately!  It is common
> knowledge that Windows cannot be used online securely without some form of
> 3rd party protection, just like a car cannot be driven securely without
> seatbelts and brakes.  As such, anything that is needed in order to
> provide a complete basic system should be included by default with the
> product without any extra expense.

I like this analogy. I'll try to make a mental note of it.

> How they continue to be able to get away with this criminal regime is
> absolutely despicable.

Has it ever not been despicable?


Roy S. Schestowitz      | "No, I didn't buy that from eBay"
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  5:55am  up 47 days 18:09,  4 users,  load average: 0.75, 1.42, 1.23
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index