nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: Valdis.Kletnieks () vt edu
Date: Wed, 08 Dec 2010 16:38:14 -0500
On Wed, 08 Dec 2010 07:43:52 PST, JC Dill said:
Why isn't ANYONE going after Microsoft over this? If Microsoft were held accountable for the spam and DDOSs that spew from their crappy software, they would find a way to stop the problem. I've raised this issue before, IMHO Windows OSs are "attractive nuisances" and that legal argument can be used to hold Microsoft responsible for not putting an adequate "fence" around their "attractive nuisance".
Unfortunately, this is one you really don't want to do. Microsoft's current offerings are about as hardened as the competition (Apple and Linux, mostly) right out of the box. And it's not clear that you can *make* a system much harder and still sell it to consumers (try using a Linux box with SELinux turned on in full MLS/MCS mode - quite secure, but *not* the easiest thing in the world to admin, especially if you ever add a third-party program that doesn't have a suitable MLS security policy description already).
If all the big ISPs banded together to file suit against Microsoft, they could share the cost (and pain) of the lawsuit.
And if you win the lawsuit, what does that get you? Microsoft goes broke, quits shipping security updates to everybody - and things are even worse than before, because now *everybody* is unpatched. The second issue is that if you *do* establish a legal precident that software vendors are liable for faults no matter what the contract/EULA says, you're going to see pretty much all the open-source projects pack up and go home unless they find a way to protect themselves. Quite likely some commercial software vendors will bail as well, or charge a *lot* more for their stuff. Be careful what you ask for, for you may surely get it.
Attachment:
_bin
Description:
Current thread:
- Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Jed Smith (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? JC Dill (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Seth Mattinen (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Curtis Maurand (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Greg Whynott (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Simon Leinen (Dec 11)
- Re: [nanog] Re: Over a decade of DDOS--any progress yet? Aaron Peterson (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Valdis . Kletnieks (Dec 08)
- Re: Over a decade of DDOS--any progress yet? JC Dill (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Matthew Petach (Dec 09)
- RE: Over a decade of DDOS--any progress yet? George Bonser (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Lamar Owen (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Rich Kulawiec (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Matthew Petach (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Valdis . Kletnieks (Dec 09)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- Re: Over a decade of DDOS--any progress yet? jim deleskie (Dec 08)