Full Disclosure mailing list archives
Re: Anti-MS drivel
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 24 Jan 2004 09:15:03 +1300
"Gregh" <chows () ozemail com au> wrote: <<big snip>>
I haven't seen a sign on the shrink wrap of Windows XP Home that says "Administrator not included".It is always accepted in the Western world that if something is not SAID to be there and ISNT there, then the people who manufactured it or sold it to you cant be held accountable for it NOT being there.
This is where you go off the rails... You are simply wrong. At least when it comes to "general consumer goods" there are all kinds of _assumed_ properties _that are never or only very seldom mentioned in labelling_. You're in a supermarket or at roadside stall buying apples; they have a big bin of them and you can choose as many and whichever apples you want. The apples are not labelled and any labelling you may find on the bin will not contain a warning something like "Contain less than the minimum acceptable levels of dioxin, PCBs, DDT [etc, etc]". Why not? Because various legal processes "behind the scenes" require that (and, we hope, actually test for it and monitor the situation, at least in some broad scope). Likewise, other "due level of care" requirements specify, either formally or through the court-determined if it ever gets there "expectations of a reasonable person" concept. And there's the rub with computers. They are now (and have been for quite some time) sold as pretty much any other consumer electronics device. The "reasonable person" does not worry, when buying a toaster, or afterwards, while using it, that an entirely unknown and untrackable person on the other side of the world can pillage his bank account while the toaster is plugged in or at least while the toasting mechanism is engaged and the machine is cooking his toast. It is entirely reasonable for the consumer to not have to worry about such things, so there is no need to put a pre-sales warning on the device to that effect. Windows PCs however, are sold into the consumer market to a very large extent because they enable Internet access. They are (by and large) not sold with warnings about the near total lack of any effective "protection" from the kinds of evils just described. Your typical "reasonable person" may or may not be expected to be aware that such dangers lurk at the end of the modem/DSL/cable/WiFi/etc connection, but let's say for the sake of argument that in today's society a "reasonable person" should be aware of such possibilities, at least at some general level (such dangers are, after all reported in the media, depicted in other popular culture materials and so on). The "reasonable person" notes that there are no warnings on the computer sales display stand at their favourite consumer electronics store, notes there are no warnings about such thing inside the box when they get it home, doesn't see any warnings when first turning the device on nor when connecting it to the Internet. The reasonable person, therefore, is quite reasonable in assuming the PC manufacturer and/or Microsoft has taken the necessary precautions to make this machine "safe" for Internet use because it was sold as "Internet ready". If the "reasonable person" knows enough to aware of various online dangers, surely the experts at the PC manufacturer and/or Microsoft do too and given they were allowed to sell the machine and it wasn't plastered with warnings about its unsuitability for Internet use, the reasonable person is entirely within their rights to assume that the machine is, in fact, safe for such use. Of course, we computer experts know that is not the case, but it is not the typical consumer's fault they get bitten. It is the fault of the computer seller who recommended this model given the consumer explicitly said they wanted to "use the Internet", the PC manufacturer for selling self-described "Internet ready" computers that are not "Internet ready" by the reasonable standards of most of the folk who will buy them, it is Microsoft's fault for foisting its OS on the market claiming such high levels of ease of use while ignoring that all the security shortcuts it took to make Windows so easy to use are precisely the things that bite typical users hardest when it comes to the typical uses they are encouraged to make of the machines running the OS ("out of the box" Windows is only "safe" for an entirely standalone, non-networked environment) and it is the regulators fault for perpetuating the travesty of removing from software (or even computer systems as a whole) the same basic consumer protections as every other product manufacturer has to work under (Why is Billy Boy the richest kid in the world and so many of the other computer and especially s/w moguls right up there despite the brief life of their sector? Because they have not had to build their empires under the treat of the huge financial costs of ensuring that they are making products fit for its intended use, due to their lobbying for, and to retain, the almost standalone exemption of software from all the normal product liability legislation...).
You need to know the risks in anything in life. Would you have a child and not bring it up warning it about people who may want to take advantage of it? Parenting doesnt come with a manual either but there are scumbags about who would do harm to an innocent child. Everything has a modicum of risk depending on what the thing is. Computers are no different to that. Ignore the risk at your own peril.
In general I agree. The problem with computers is they are fundamentally complex. In fact, way too complex for a typical user (and even most "computer experts") to understand sufficiently. Way, way too complex for a typical user to understand well enough to do a reasoned risk assessment. In fact, if they were able so to do and we applied your reasoning, almost no "typical consumer" computer users would use Windows (assuming that Windows had kept developing as it has if people had actually been able to make sensible, informed security assessments of it). I have no idea what they would use instead (probably very few of them would exist), but if they could make the kind of security assessment you suggest they should, I know they wouldn't use Windows as it is today. So, why do so many of them use Windows, flawed as we know it is? Well, it provides huge utility and thus, presumably, value to them and as it is sold as a consumer electronics item, they assume that Billy Boy has their best interests (rather than the best inerests of his wallet) at heart because they reasonably presume that the usually "hidden" rules and expectations of due care (that apply to all other consumer electronics products, in fact most other products and definitely to your apples, through product liability law) apply here as well. Hence, Billy Boy could only be that rich if he made a product of truly stellar quality. (Actually, I don't think (m)any consumers make that last assessment, and certainly not as if it were a buying point for Windows...) Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Anti-MS drivel, (continued)
- Re: Anti-MS drivel Harry Hoffman (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Message not available
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel madsaxon (Jan 20)
- Re: Anti-MS drivel ken (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Tobias Weisserth (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Nick FitzGerald (Jan 23)
- RE: OT: was Anti-MS drivel; SCO fights GPL Andreas Bischoff (Jan 23)
- Re: OT: was Anti-MS drivel; SCO fights GPL Jeremiah Cornelius (Jan 23)
- Re: Anti-MS drivel Cael Abal (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Erich Buri (Jan 20)
- Re: Anti-MS drivel yossarian (Jan 20)
- RE: Anti-MS drivel Mike Marshall (Jan 20)
- Re: Anti-MS drivel Jeremiah Cornelius (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 21)
- Re: Anti-MS drivel yossarian (Jan 21)