Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security as a Profit Center?

Posted by ryuzaki0 on from the we're-already-experiencing-the-alternative dept.

Harry Erwin writes "This article seems to suggest Microsoft is now considering charging for security. I don't mind vendors like Counterpane Internet Security selling security services, but I would prefer operating system vendors to treat security as part of the core functionality of their products, if only because effective security has to be designed into the operating system from the start. This proposal would create a two-tier Internet and probably make things worse rather than better. Security is like public health and education--if you think it's expensive, consider the alternative."

5 of 468 comments (clear)

  1. Re:They're asking for it. by rodgerd · · Score: 3, Informative

    NT 4 and Office 97 are no longer officially supported, and Microsoft no longer recognise qualifications for such. You can no longer purchase them, and you'll have a hard time finding replacement hardware that has drivers (indeed, it's already getting hard to run Win2K on some new lines of laptops).

    Once you've upgraded some systems in the office to the next most recent systems because you can't buy NT4, then put on a newer version of Office with incompatible file formats, you'll find it to hard to leave everyone else behind.

    Too many people pontificate on the topic of leaving the old stuff in place without having a fucking clue what the real world implications of this are.

  2. Re:is there going to be any posts on this topic by rworne · · Score: 2, Informative
    Yeah, we found that bug that cost you $250,000 in downtime, and we have this service pack that you need to apply. Will that be cash or charge?
    This is the very reason EULA's claim the program you are pur^H^H^Hlicensing has no fitness for any purpose whatsoever.

    Some MS EULA's give purchase price or $5.00 limitations on damages (whichever is greater) as their limit on liability.

    Finally, here's a great excerpt from the MS Messenger license:

    Disclaimer of warranties: Microsoft and its suppliers provide the software "as is" and with all faults, and hereby disclaim all other warranties and conditions, either express, implied or statutory, including but not limited to any (if any) implied warranties or conditions of merchantability, of fitness for a particular purpose, of lack of viruses, and of lack of negligence or lack of workmanlike effort.
    It speaks volumes about what MS thinks of their own work. MS Word has a disclaimer that states the product you licensed isn't a word processor: the product has no warranty for "fitness for a particular purpose".

    Yes, that even includes "word processor." So does that mean it's unfit for any purpose?

    --
    I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
  3. Funniest misinterperetation thread ever... by El+Camino+SS · · Score: 3, Informative

    Look at the posts on this thread. They are all talking about cost inflation and the price of autos. Hilarious.

    Guys... they meant proper tire inflation. If you are not a citizen of the USA, then you are of course pardoned. If you are a US citizen, I can assure you that where you live the news usually comes on at 5, 6, and probably also 9, 10, and 11.

    SO HERE'S a little history.

    The real reason why everyone else modded this joke up was that at the a certain point in the debauchery that caused so many Expedition/BIG Ford SUV deaths, both Ford and Firestone tried to shift the blame on the consumer stating that most of these roll over deaths could have been prevented by the driver having proper tire inflation.

    This, in a sense is the equivalent of saying that if a consumer does something so benign as not change their VCR remote batteries on a regular basis, then they deserve to be electrocuted the moment they try to turn the TV off manually.

  4. Re:Quality, not security by Frater+219 · · Score: 3, Informative
    Every time a vulnerability exists, it is because of some sort of an error. This is true almost by definition.
    This is a very good point -- indeed, an essential one. As anyone who's as much as lurked on Bugtraq or other security-oriented fora can tell you, the discovery of many vulnerabilities begins with the discovery of a way to crash the affected service.

    This is particularly the case with buffer and stack overflows: if I can crash your FTP server by sending it a huge string of junk, that means that your FTP server is doing something invalid (such as smashing the stack) with that input. To crash a service entails getting it to execute nonsense code -- to crack it entails getting it to execute my code.

    What does this mean for Microsoft's code -- or anyone else's? Well, any means to get a network-facing program to crash should really be considered a security vulnerability waiting to happen. Bug reports of the form "I can crash your program by sending it gubbish" should not be answered "Well, don't do that!" They should be treated almost as seriously as vulnerability reports themselves. While there are classes of remote crashes that don't lead to vulnerabilities, that's not the safe way to bet.

  5. Re:MS security? by geordie · · Score: 2, Informative

    Let me guess... Netscape 4.x?

    Check in the task manager to make sure Netscape isn't still running. I get the exact same problem here and 99% of the time it's because Netscape hasn't closed properly.
    If you see it in the task manager, kill it, then try double clicking on an html file... it should open.
    If you open one HTML file in Netscape by double clicking on the file, chances are, the next HTML file you try double clicking on won't open.

    I'm pretty sure it's a Netscape 4.x problem... Netscape 6/7 or Moz work fine when set as the default browser for opening HTML files.