RE: Bill Gates blames the victim

["C. David Wilde" <cdw () mylinuxguy com>]

On Wed, 2003-09-03 at 09:02, Robert Ahnemann wrote:
> > "Richard M. Smith" <rms () computerbytesman com> writes (quotes):
> > >    ;;    Q. "The buffer overrun flaw that made the Blaster worm 
> > >    ;;    possible was specifically targeted in your code reviews 
> > >    ;;    last year. Do you understand why the flaw that led to 
> > >    ;;    Blaster escaped your detection?"
> > >    ;; 
> > >    ;;    A. "Understand there have actually been fixes for all of 
> > >    ;;    these things before the attack took place. The challenge 
> > >    ;;    is that we've got to get the fixes to be automatically 
> > >    ;;    applied without our customers having to make a special
> effort."
> > > "Don't trust our software. But do trust our patching/update 
> > > process..."
> >
> > Don't trust software but trust our software patches...
> >
> > We can continue the sentence by adding that the special effort is 
> > needed because new bugs are generated by these patches.
>
> Let's relate this to real life (flame that line if you want).  Your car
> has a defect that causes the oil pan to leak.  Ford (I drive one, I can
> talk) issues a recall saying they know about the leak and are offering
> you a free fix, if you would just take the time to take the car to the
> shop.  You decide that you know better and that you would rather not
> invest the time.  You engine is lying on the ground three weeks later.
> Whose fault is it?  They told you it was a problem.  You neglected to
> address it.  I can tell you who will be paying for the engine.   Today's
> society is about dissolving accountability.  I'm all for changing this
> around.

While I agree with that argument to a point, I've had several parts on
several vehicles recalled, Ford does still hold some responsibility as
to the quality of the car that they released.  Take the Pinto for
example, since we're talking about Ford, Ford released a faulty product
that caused injury and death to some of their consumers, and they had to
pay for that mistake.  A company is liable for the damage that it's
product causes, even if they issue a recall or a fix.  I think that this
issue is a little different, system admins have a responsibility and an
obligation to patch their systems and it's their fault if they get
rooted, but the software vendor also must share in that responsibility. 
If Ford, or any car manufacturer for that matter, had been allowed to
escape punishment for some of the damage that they caused by selling a
faulty product then we could all be driving cars that explode when rear
ended.  If a company is hit where it hurts because they messed up then
they will be that much more careful the next time around to release a
product that is safer/better.

My second point is that in the car business certain models of cars can
be declared a Lemon if a certain percentage of that model is deemed
faulty.  Consumers are entitled to compensation for Lemon cars, why are
they not compensated for Lemon software?  Microsoft has a well
established  track record of releasing insecure and buggy software, many
software companies that we rely on also share that track record.  I for
one believe that it's time we start exposing and punishing those
companies for not keeping the wellbeing of their consumers in mind while
creating their products.  Other industries have that burden, why should
software be exempt?  I hold Microsoft especially accountable for this
because through their business practices they have maneuvered themselves
into nearly every industry in one form or another.  Their software,
whether we like it or not, affects a great majority of the worlds
population on a daily basis, and for them to blame the consumer is
utterly ridiculous.  Automatic patching is not the answer either,
creating a product that can withstand the test of time and pressure is. 
That's why I drive a 1963 Pontiac :)

> (forgot to send to the list poo)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html