Again, no. This is a standard argument, but it.........
But, if you consider that the value of software increases exponentially as the number of users increases, then 'gifting' that software is a reasonable way of increasing it's user base. Then you may also receive 'investment' by those users in the form of patches/features/etc. Thus, you have received a ROI... just not in cash.
So, the original opportunity cost may not be that great of a concern. And, I might point out.... quality of software != value of software. 'Quality' is a programming issue, 'Value' is based on demand (user base + marketing)
Looking over the press release and the FAQ at activestate's web site, I find a couple of interesting things. 1. "We are very pleased to continue this relationship with Microsoft," said Dick Hardt, CEO of ActiveState.
2. Microsoft funded the first port of Perl version 5 to Windows in 1993.
Doesn't sound like this is any new deal, just renewing an old arrangement. It's too early to tell what this will mean, but let's see what happens.
full thickness burn ( 3rd degree ) does not mean 'charred' skin, It just means that the skin is dead. There is not a specific temperature that does this, it depends on the thickness of the skin at a certain location on the body. i.e. not all skin is the same.
Severe 2nd degree burns may have required skin grafts for scarring.
I use word97 occasionally. I have it set to default to saving as.rtf - Rich Text Format. It's cross platform, and not dependant to any changes MS may make to the.doc format. And it doesn't save scripts. With a 'properly' setup install of Word, the user has to consciously choose to save as.doc. So, your users that don't understand file formats won't know to save in another format.
BTW, the same users that don't understand file formats are the same ones that probably never use any of the macro / scripting features in Word.
I know that people send executable attachments all the time. How many of those attachments are really 'work' related? How many are entertainment (holiday graphics, macromedia files, simple games, jokes, etc)?? I agree that the systems need to be designed to minimize these problems. But, we are talking about Microsoft, and Word macro viruses have been around long enough that if Microsoft wanted to fix them, they could. There is not a simple answer to these problems. Maybe, I oversimplified my opinion. The issues are: 1. MS products that are poorly designed from a security stand point. (MS is just one example here, and takes the stage because of Melissa) 2. IT/IS departments that purchase these security problems, and don't take precautions to plug these holes. 3. End users aren't provided sufficient training on security. 4. Rogue programmers that write viruses / worms / trojan horses.
The responsibility has to be shared between all these parties. You can't isolate one and place all the blame there. If the vendor wrote better software, if the admins filtered attachments, if the users knew about macro virii, if programmers didn't write viruses. If people assume responsibility instead of trying to blame someone else, and take the security precautions they are responsible for, then these incidents would be better controlled.
If I had been infected with the Melissa virus, I would blame myself, because I know better. I don't blame the author (even though he shouldn't have written it). I don't blame MS (even though the security should be better). I don't blame my mail admin. I am the only one that can stop a virus from infecting my PC. If I choose not to, it's my own fault. If a user chooses not to know about virii or worms, that is also a choice. They should understand the consequences of that choice.
Using a computer and it's applications should not be considered 'common knowledge'. An 'average' user should understand somethings about the system. And I would not expect that person to learn the basics without some formal education / inservice / training.
A good sysadmin could have deflected Melissa, that's true. But, Melissa is not the point, it was just one example of a email worm / virus. The end user must assume some responsibility for the security of their system. You may feel that's expecting too much from an 'average' user.... if so then the definition of an 'average' user needs to be raised.
It's also a mistake to assume that the end users don't know what they are doing. You never know, that 'clerk' on the second floor may be a kernel hacker at home.
Word can be configured to use.rtf formats or others that don't contain macros. So, while you may not be able to discard MS products, you as the user can choose how it's used.
In addition, your IT/IS department has obviously choosen that your company should be vulnerable to this kind of attack. If you choose not to lock the front door, don't be surprised when someone walks in.
Don't mistake my intention, whoever started this worm should be caught and slapped on the hand. But, the 'damage' (downtime, flooded servers, lost productivity) is the result of poor choices on the user and corporate level.
Melissa just takes advantage of people that rely on binary executable attachments to email. MS users are of course much more vulnerable to this. How many times have you saved an attachment, set it chmod 700, and executed it?
Contrast that with an attachment in Outlook, Outlook Express, Eudora, etc. Attachment - double click -.. oops!
Just as windows users should learn not to execute email attachments that are *.exe, they shouldn't execute *.doc files.
The automatic response I expect is : "but, that's how our users work". That's not acceptable. Ignorance shall not become a defense. If a user becomes infected with Melissa, it's their own fault. They were too trusting. (perhaps sad, but true)
Any company or government agency that was hit by Melissa needs to do some serious re-education of their users and implement some policy about email attachments. For example: 1. No *.exe attachments to email (maybe even filter them out) 2. No *.doc (or other macro containing formats) 3. All attached files should be in *.rtf or *.txt format.
Safe Computing like Safe Sex depends on EDUCATION.
Slashdot Mirror
Again, no. This is a standard argument, but it.........
But, if you consider that the value of software increases exponentially as the number of users increases, then 'gifting' that software is a reasonable way of increasing it's user base. Then you may also receive 'investment' by those users in the form of patches/features/etc. Thus, you have received a ROI... just not in cash.
So, the original opportunity cost may not be that great of a concern. And, I might point out.... quality of software != value of software. 'Quality' is a programming issue, 'Value' is based on demand (user base + marketing)
Looking over the press release and the FAQ at activestate's web site, I find a couple of interesting things.
1. "We are very pleased to continue this relationship with Microsoft," said Dick Hardt, CEO of ActiveState.
2. Microsoft funded the first port of Perl version 5 to Windows in 1993.
Doesn't sound like this is any new deal, just renewing an old arrangement. It's too early to tell what this will mean, but let's see what happens.
full thickness burn ( 3rd degree ) does not mean 'charred' skin, It just means that the skin is dead. There is not a specific temperature that does this, it depends on the thickness of the skin at a certain location on the body. i.e. not all skin is the same.
Severe 2nd degree burns may have required skin grafts for scarring.
I use word97 occasionally. I have it set to default to saving as .rtf - Rich Text Format. It's cross platform, and not dependant to any changes MS may make to the .doc format. And it doesn't save scripts. With a 'properly' setup install of Word, the user has to consciously choose to save as .doc. So, your users that don't understand file formats won't know to save in another format.
BTW, the same users that don't understand file formats are the same ones that probably never use any of the macro / scripting features in Word.
I know that people send executable attachments all the time. How many of those attachments are really 'work' related? How many are entertainment (holiday graphics, macromedia files, simple games, jokes, etc)?? I agree that the systems need to be designed to minimize these problems. But, we are talking about Microsoft, and Word macro viruses have been around long enough that if Microsoft wanted to fix them, they could. There is not a simple answer to these problems. Maybe, I oversimplified my opinion. The issues are:
1. MS products that are poorly designed from a security stand point. (MS is just one example here, and takes the stage because of Melissa)
2. IT/IS departments that purchase these security problems, and don't take precautions to plug these holes.
3. End users aren't provided sufficient training on security.
4. Rogue programmers that write viruses / worms / trojan horses.
The responsibility has to be shared between all these parties. You can't isolate one and place all the blame there. If the vendor wrote better software, if the admins filtered attachments, if the users knew about macro virii, if programmers didn't write viruses. If people assume responsibility instead of trying to blame someone else, and take the security precautions they are responsible for, then these incidents would be better controlled.
If I had been infected with the Melissa virus, I would blame myself, because I know better. I don't blame the author (even though he shouldn't have written it). I don't blame MS (even though the security should be better). I don't blame my mail admin. I am the only one that can stop a virus from infecting my PC. If I choose not to, it's my own fault. If a user chooses not to know about virii or worms, that is also a choice. They should understand the consequences of that choice.
Using a computer and it's applications should not be considered 'common knowledge'. An 'average' user should understand somethings about the system. And I would not expect that person to learn the basics without some formal education / inservice / training.
A good sysadmin could have deflected Melissa, that's true. But, Melissa is not the point, it was just one example of a email worm / virus. The end user must assume some responsibility for the security of their system. You may feel that's expecting too much from an 'average' user.... if so then the definition of an 'average' user needs to be raised.
It's also a mistake to assume that the end users don't know what they are doing. You never know, that 'clerk' on the second floor may be a kernel hacker at home.
Word can be configured to use .rtf formats or others that don't contain macros. So, while you may not be able to discard MS products, you as the user can choose how it's used.
In addition, your IT/IS department has obviously choosen that your company should be vulnerable to this kind of attack. If you choose not to lock the front door, don't be surprised when someone walks in.
Don't mistake my intention, whoever started this worm should be caught and slapped on the hand. But, the 'damage' (downtime, flooded servers, lost productivity) is the result of poor choices on the user and corporate level.
Melissa just takes advantage of people that rely on binary executable attachments to email. MS users are of course much more vulnerable to this. How many times have you saved an attachment, set it chmod 700, and executed it?
Contrast that with an attachment in Outlook, Outlook Express, Eudora, etc. Attachment - double click - .. oops!
Just as windows users should learn not to execute email attachments that are *.exe, they shouldn't execute *.doc files.
The automatic response I expect is : "but, that's how our users work". That's not acceptable. Ignorance shall not become a defense. If a user becomes infected with Melissa, it's their own fault. They were too trusting. (perhaps sad, but true)
Any company or government agency that was hit by Melissa needs to do some serious re-education of their users and implement some policy about email attachments. For example: 1. No *.exe attachments to email (maybe even filter them out) 2. No *.doc (or other macro containing formats) 3. All attached files should be in *.rtf or *.txt format.
Safe Computing like Safe Sex depends on EDUCATION.