Re: re: Why Software Will Continue to Be Vulnerable

[Blue Boar <BlueBoar () thievco com>]

Bill Cheswick wrote:

Probably like many of you, I'm the local friends-and-family computer
fixit guy.

> My father has repeatedly asked why he should care that his computer is totally
> owned.  I've told him that his CPU engine is blowing blue smoke all over the Internet,
> but that doesn't help.

I think people would care if they knew, but they don't know.

> An outbreak of user-obvious malware might change the equation, but I am not suggesting
> that someone run the experiment.

I think just about the only time I've been called out to lay hands on
someone's computer in the last two years (with one exception I can think
of), the problem has been malware/spyware.  I.e. it had misbehaved to
the point where it was untolerable.  The browser no longer works, the
machine grinds to a halt, the screen goes wonky (screwed up the video
drivers), it's popping porn ads at the kids, etc...

So my assertion is that much of the malware is very obvious.  I'll avoid
the temptation to rant at the poor quality of the malware/spyware code
itself.  I'll also add that I think this is the current big problem for
Windows users.  Windows itself (XP+) has become reliable *enough*, and
the hardware reliable enough (or cheap enough to suffer a forklift
upgrade), that it works great... except for the damn malware.

The typical reaction I get is incredulity that there are people who sit
around all day writing this stuff (malware/spyware.)  Any consideration
that there's a fault with the OS that allows it in is waaay down the list.

So if MS can find a way to make the effects of malware unobservable,
then they just about have that market sewn up.

                                        Ryan