nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FBI tells the public to call their ISP for help

From: "Scott Weeks" <surfer () mauigateway com>
Date: Fri, 15 Jun 2007 13:17:07 -0700




: Most ISPs recommend using Microsoft software or
: provide software for the Microsoft platform, and 
: require to turn on JavaScript


I've never heard of an ISP requiring this.  They might provide it for you if you want to use their branded 
Micro$loth-oriented software, but it's not a requirement.  Any ISP requiring folks to use a particular OS is doomed to 
fail.

scott




--- fw () deneb enyo de wrote:

From: Florian Weimer <fw () deneb enyo de>
To: Owen DeLong <owen () delong com>
Cc: Sean Donelan <sean () donelan com>, Jack Bates <jbates () brightok net>, nanog () nanog org
Subject: Re: FBI tells the public to call their ISP for help
Date: Fri, 15 Jun 2007 22:06:42 +0200


* Owen DeLong:


Wrong... Most of them are subject to the problems they have because
of their contractual relationship with Micr0$0ft.  Specifically,
they made the unfortunate mistake of purchasing software from
Micr0$0ft, agreeing to the Micr0$0ft End User License Agreement
(contractual relationship) and then running the Micr0$0ft software,
which lead directly to their system getting owned (or pwn3d if you
prefer) due to the enormous number of design flaws, well known
exploits, and other deficiencies in the code purchased from
Micr0$0ft.


In most parts of the world, the Microsoft EULA is not enforceable.
Most users don't buy their software from Microsoft, either.  It's
preinstalled on their PC, and Microsoft disclaims any support.


In what way, exactly, is this in any part the ISPs fault?  Why
should their ISP bear the brunt of the costs for Micr0$0ft's poorly
written code?


Most ISPs recommend using Microsoft software or provide software for
the Microsoft platform, and require to turn on JavaScript, which makes
browsers much more vulnerable.  (Obviously, this doesn't matter in
practice, but still.)  They don't exist in a vacuum.

But the whole thing underlines a very difficult problem compromised
end users face: they haven't got anyone to turn to.  Someone quoted
rates for some services, and these aren't acceptable (you can almost
get a newer, faster PC for that price).  Part of the problem is
piracy, which makes it difficult to reinstall everything from scratch.
Another one is the lack of an audit trail which would tell *why* the
customer got infected, so that you could get some learning effect.
Previous By Date Next
Previous By Thread Next

Current thread: