Re: AV companies better hire good lawyers soon.

[Mister Coffee <live4java () stormcenter net>]

On Tue, Sep 14, 2004 at 10:40:17AM +0200, Jean Gruneberg wrote:
> Yes, I agree - but then don't bitch if the other software (be it AV  or any
> other software) does not work or breaks your software.  Surely it is the
> writers responsibility that the software is compatible with other stuff. Bit
> like reading your writing and making sure it isn't offensive to certain
> groups to people!
In general, yes, it's an author's responsibility to make sure his stuff is compatible with other stuff out there - when 
it's released.  But that works both ways.  If my program works fine with yours, but your new version breaks my program, 
who's fault is it?  Is it mine for not updating to keep up with your new version?  Or is it yours for not being 
compatible with the existing version of mine?  To quote you here: "Surely it is the writers responsibility that the 
software is compatible with other stuff."  So, here, it was your fault for breaking my program.  Or, maybe "you" (I'm 
using the generic you/me here, obviously) don't care that your new version breaks anyone elses code?

Viscious circle.

In the specific case here, with the AV vendor, it was clearly the AV software that released an update that broke 
someone elses sofware.

Making it the other guy's fault doesn't wash.  It's more bad QC on the AV vendor's part.  But as you mentioned 
previously, they'll get pounced if zome 0day gets past them and some clown loses his data.  It's a thankless task.  But 
it's _far_ more reasonable for them to err on the side of "Physician, do no harm" and miss the first day of an outbreak 
than it is for them to rush out and -break existing programs- because they were in such a hurry to "Be first to 
recognize ScatMaster () w32 MM!!"

As for writing, the analogy doesn't really apply.  Writing is subjective, and it's impossible to be 100% inoffensive 
and still say anything.  Software, in this context, is objective.  It either plays nice, or it doesn't.

But we're straying a bit far from fully disclosing anything in this thread, so I bid you adiue.

Cheers,
L4J
> J2
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Florian Weimer
> Sent: 14 September 2004 09:26
> To: Micheal Espinola Jr
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] AV companies better hire good lawyers soon.
>
>
> * Micheal Espinola, Jr.:
>
> > I disagree.  Programmer's should know to submit their code to the 
> > various AV companies in order to avoid false-positives.
>
> This is a ridiculous proposition.  It's like suggesting that you have to
> submit your writings to the Department of Justice before you can exercise
> your free speech rights.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html