Full Disclosure mailing list archives
RE: New therad: sasser, costs, support etc alltogether
From: "Bill Royds" <full-disclosure () royds net>
Date: Fri, 14 May 2004 18:51:48 -0400
You are making the assumption that Microsoft knew of the bugs that caused Sasser before they released the software. If any manufacturers of any goods had to be sure that there were no possible defects before they started selling it, you would never have anything on sale. There is no such thing as bug free software. So MS was not at fault for releasing it. It even did the correct thing and replaced the version with a bug with an update for free and made it widely available. So MS did not try to hide the fact that there was software that needed to be replaced. There are two guilty parties in the spread of the Sasser worm. 1. the person who first spread it into the Internet. 2. People who did not patch their systems when the patch was made available, or else didn't their systems from they Internet if they could not patch. An analogy: An automobile manufacturer is told that a particular model has a gas tank that will leak gasoline all over the road if gasoline with a particular additive is put into the tank and it is liable to set on fire nearby vehicles if it does leak. They advertise widely that they will replace the gas tank and do so for many of their customers. Oil companies stop using that additive. But someone decides to figure out a way to add that corrosive additive to all gasoline being piped though New Jersey. Hundreds of cars blow up and lots of people are killed. Who is to blame? The car manufacturer, the car drivers who didn't get their cars repaired, or the criminal who attacked the oil pipeline? Fault is not absolute. The fault of the criminal who spread the destruction is not diminished because there were other mistakes made. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Radule Soskic Sent: May 14, 2004 11:28 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] New therad: sasser, costs, support etc alltogether I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New therad: sasser, costs, support etc alltogether Radule Soskic (May 14)
- Sasser & Hackers Against America Bradford Shedwick (May 14)
- RE: New therad: sasser, costs, support etc alltogether Larry Seltzer (May 14)
- Re: New therad: sasser, costs, support etc alltogether Mihai Christodorescu (May 14)
- Re: New therad: sasser, costs, support etc alltogether Exibar (May 14)
- Re: New therad: sasser, costs, support etc alltogether Tobias Weisserth (May 14)
- Re: New therad: sasser, costs, support etc alltogether Chris Locke (May 14)
- Re: New therad: sasser, costs, support etc alltogether Gregory A. Gilliss (May 14)
- RE: New therad: sasser, costs, support etc alltogether Bill Royds (May 14)
- Re: New therad: sasser, costs, support etc alltogether Georgi Guninski (May 15)
- Re: New therad: sasser, costs, support etc alltogether Nancy Kramer (May 15)
- Re: New therad: sasser, costs, support etc alltogether cikasole (May 15)
- Re: New therad: sasser, costs, support etc alltogether James Bliss (May 15)