Re: Microsoft's Early Xmas Present.

[David Kennedy CISSP <david.kennedy () acm org>]

At 10:04 PM 12/29/01 -0700, Ryan Russell wrote:
> I'm starting to think more and
> more that a 3-month expiration date on Windows is a good idea.  If you
> haven't patched in 3 months, then your machine will refuse to do anything
> but download patches...

After watching all the NIMDA hit's we're still seeing, this idea has some
appeal but I also seem to recall a great hue and cry from the digerati when
 DCMA and UCITA were interpreted to include a "remote kill" function a
software publisher could trigger that sounds a lot like this.  Think back
to July and September, would we *really* want anyone to have the ability
turn off IIS all over the world in response to Code Red or NIMDA?

I might even suggest Windows has an expiration of sorts, who hasn't
re-installed the OS on 9x just to improve preformance on a box that's been
in use over a year?  Have we (those of us complaining about it) been urging
MS to tweak Windows' performance and reliability in the wrong direction?
-- 
Dave Kennedy CISSP Director of Research Services TruSecure Corp.
http://www.trusecure.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com