Re: Anti-MS drivel

[Bart.Lansing () kohls com]

This perhaps needs some clarification.  My response to Tobias should in no
way be construed as an MS Apologista defending their record vis-a-vis
software design/secure coding.  Far from it.  It was, rather, an effort to
point out that  >>When a customer "makes a mistake" then it's not his own
but the vendor's<< does not even remotely survive the test of extending a
statement/arguement to even logical extremes.

When we have users who, within 5 minutes of receiving and reading an email
from IS Security that says "XXXXX Email may be landing in your
inbasket...with this subject...from this address...DO NOT OPEN THE
ATTACHMENT IN THAT EMAIL, please delete it immediately" decide that it did
not really mean them, and proceed to open said attachment anyway, they are
making mistakes...period.  (NOTE:  Yes we should be stripping all
potentially executable attachments, my shop does...hope yours does
too...but, I'm also willing to bet that if we are honest...I am damned sure
not in the minority of people who have had this scenario play out in the
past...and who are still very concerned about hundreds of laptop users who
are garbbing email from ISP-based sources while they are on the road)

It's wonderful to pontificate about how the world ought to be...but there
are more than a few of us who get to deal with it the way it is.  People
make mistakes.

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin () lists netsys com wrote on 01/24/2004 05:57:25 PM:

> Bart.Lansing () kohls com wrote:
>
> > Tobias, I have to tell you that >>Customer is king. mistake.<< is
getting old.
> > 1.  If the customer decided to  make a sharp left turn at 120 kph on an
icy
> > mountain road and slid his car off the side of the cliff...or...
> >
> > 2.  If the customer decided to ignore the product warnings and popped
that
> > can of beans in the microwave then stood there with his face against
the
> > window to watch...or...
> >
> > 3.  If the customer decided to go scuba diving at 100 meters, ignored
the
> > guages that told him he was out of air, then decided to rocket to the
> > surface as fast as he could so he could get a breath...
> >
> > THE CUSTOMER MADE A MISTAKE
>
> True, but in all those cases it is reasonable to expect that a
> (reasonable) customer _should_ know better.
>
> The problem -- at least with "consumer computers" -- is that typical
> consumers do not (and, it seems, for quite some time to come yet, will
> not) "know better".  However, we keep selling them computers as if the
> mismatch between the devices' capability and the user's ability to use
> them safely are in harmony.
>
> This assumption clearly does not even hold for much of the corporate
> world (or at least _has not_), where supposedly "expert" folk are
> responsible for running the computer systems much of our financial
> systems, and thus our commerce, now depends on.  Despite this, the
> computer industry was allowed to expand and expand and expand to the
> point where any attempt to regulate it would have had massive negative
> social, economic and political repercussions, meaning we ended up in
> the situation of self-sustaining (commercial) madness that produced
> Windows XP Home...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html