IP: two more Re: Another take on Microsoft-specific worms from Poor Richard

[Dave Farber <farber () cis upenn edu>]

Date: Mon, 29 May 2000 10:00:26 -0600
From: Gerald Shifrin <gerald.shifrin () wcom com>
Subject: RE: Re: Another take on Microsoft-specific worms from Poor Richard
To: farber () cis upenn edu
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal

Just one brief comment on this --
As an ordinary non-attorney consumer of computer products, I seems
reasonable to me to expect that my software should ask permission before
sending email to everyone in my address book or performing a mass deletion
or modification of my files. If vendors like Microsoft allow or assist
unsolicited foreign email to perform these acts, they they are, at least in
my mind, guilty of gross negilgence.


> Date: Mon, 29 May 2000 12:06:16 -0400
> To: farber () cis upenn edu, Gene Spafford <spaf () cerias purdue edu>
> From: "David P. Reed" <dpreed () reed com>
>
> To further agree with Gene's point about tobacco and "what consumers 
> want", let me suggest that at any one point the market offers only a tiny 
> subset of what is possible to create for consumers.  Mere selection cannot 
> create possibilities that are not developed or invented.  Monopolies 
> distort the creation of selections - in particular in systems' properties 
> like security.
>
> Because of its installed base dominance, Microsoft's primary drive for 
> innovation comes from a need to motivate an orderly "upgrade" revenue 
> stream, while at the same time blocking competitors from entering the 
> market to take that revenue away.  That means innovations will be small, 
> incremental, and extremely easy for customers to adopt.
>
> A new architecture that would be more secure would create interoperability 
> problems with prior generations of Microsoft's mail program - thus 
> threatening to open the market to competitors by creating a "disruption 
> umbrella" because customers see several equally disruptive alternatives to 
> getting what they need.  For example, an email competitor like Eudora 
> could participate in a new, more secure environment based on end-to-end 
> cryptographic authentication of the source of attachments along with a 
> Kerberos-based system of authentication - if Microsoft's directory 
> services architecture required a similarly disruptive infrastructure 
> change.  But if Microsoft can damp down the change rate in its own 
> installed base by a series of very small steps, then there will never be 
> an opportunity for the Eudora solution to achieve critical mass needed for 
> adoption.
>
> In this completely market-driven scenario, even though customers really 
> want security, they will get it only slowly and under control of the 
> dominant player.
>
> Thus, to let the market do its work of selecting among alternatives, we 
> probably need to look for disruptions that create an umbrella of change 
> to  enable those alternatives, such as breaking the business linkage 
> between application and infrastructure a la the proposed MS breakup.
> - David
> --------------------------------------------
> WWW Page: http://www.reed.com/dpr.html