nanog mailing list archives
Re: Nato warns of strike against cyber attackers
From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 9 Jun 2010 00:26:55 -0400
Problem is there's no financial liability for producing massively exploitable software. No financial penalty for operating a compromised system. No penalty for ignoring abuse complaints. Etc. Imagine how fast things would change in Redmond if Micr0$0ft had to pay the cleanup costs for each and every infected system and any damage said infected system did prior to the owner/operator becoming aware of the infection.
It isn't Microsoft. It once was, but Vista and Windows 7 are really solid, probably much better than Linux or Mac OS. (Note that I run NetBSD and Mac OS; I don't run Windows not because it's insecure but because it's an unpleasant work environment for me.) Microsoft is targeted because they have the market. If Steve Jobs keeps succeeding with his reality distortion field, we'll see a lot more attacks on Macs in a very few years. It's also Flash and Acrobat Reader. It's also users who click to install every plug-in recommended by every dodgy web site they visit. It's also users who don't install patches, including those for XP (which really was that buggy). There's plenty of blame to go around here.... A liability scheme, with penalties on users and vendors, is certainly worth considering. Such a scheme would also have side-effects -- think of the effect on open source software. It would also be a lovely source of income for lawyers, and would inhibit new software development. The tradeoff may be worth while -- or it may not, because I have yet to see evidence that *anyone* can produce really secure software without driving up costs at least five-fold. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: Nato warns of strike against cyber attackers, (continued)
- Re: Nato warns of strike against cyber attackers Paul Ferguson (Jun 08)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
- Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 08)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
- Re: Nato warns of strike against cyber attackers Joe Greco (Jun 09)
- Re: Nato warns of strike against cyber attackers Gregory Edigarov (Jun 09)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 09)
- Re: Nato warns of strike against cyber attackers Joe Greco (Jun 09)
- Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 09)
- Re: Nato warns of strike against cyber attackers Alexander Harrowell (Jun 10)
- Re: Nato warns of strike against cyber attackers Steven Bellovin (Jun 08)
- Re: Nato warns of strike against cyber attackers Patrick W. Gilmore (Jun 08)
- Re: Nato warns of strike against cyber attackers Paul Ferguson (Jun 08)
- Re: Nato warns of strike against cyber attackers Mark (Jun 08)
- Re: Nato warns of strike against cyber attackers Valdis . Kletnieks (Jun 09)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
- Re: Nato warns of strike against cyber attackers Henry Linneweh (Jun 09)
- Re: Nato warns of strike against cyber attackers Dorn Hetzel (Jun 08)