Ah, oo, uh, ie.

["Williams, James K" <James.Williams () ca com>]

> I'm sure your tongue is somewhat in your cheek so I hope I'm not being
too
> pedantic, but saying "who cares" about shutting down malicious sites
is a
> bit like saying "who cares about arresting petty criminals with
handguns
> when you can be killed by snipers with fancy rifles."
>
> It's true that shutting down these malicious sites doesn't fix the
> vulnerability or make targeted attacks any less likely, but it does
reduce
> the overall probability that joe user will be donating his DSL line to
a
> botnet for the foreseeable future.
>
> Solving 50% of the problem isn't as good as solving 100% of the
problem, but
> it's a lot better than solving 0%..  When dealing with the messy real
world,
> you can't let the perfect be the enemy of the good.
>
> -Bryan

So true.  The concept is much easier to understand if you have a) been
the 
network admin for a 1,000+ user network, b) worked in a large scale 
software development env w/ shareholders and lots of Fortune 500
customers 
to answer to, or c) worked in the IT dept at a large public university.

I'm willing to bet that most of the people who flame MS on Bugtraq and
FD 
have not done a, b, or c.

Regards,
                                                           
Ken Williams