RE: [wlug] The Microsoft Antivirus Reward Program
Sure, but if there's an unknown potential flaw in a window of your house, which causes it to break if tapped three times or somesuch, and a thief uses this to break in and steal all your stuff. Regardless of the fact that the window company may or may not be fixing the issue in future, would you make such snide comments if the police etc still hunted the thief and the window making company put up some incentive to assist this? I don't think so.
Not trying to defend MS here or anything like that, just that the whole "it's cool to bash microsoft without thinking about it, because we're linux people and therefore we're so much smarter/better than them" attitude grows tiresome at times.
But at the end of the day, using the scenario here, the job of the window company is to fix this flaw and stop producing windows with this flaw, not go around and knee-cap someone because they discovered and exploited this flaw. Believe it or not, Chubb international have a safe somewhere with a wod of cash in it, and if someone successfully breaks into that safe, providing they tell Chubb how they broke into that safe, the money is theirs. I'm not trying to defend criminals, but I don't think it's Microsoft's place to knee-cap people who exploit their vulnerabilities, it's their job to proactively find and fix vulnerabilities and not make any vulnerabilities public knowledge without a solution to fix the problem.
But at the end of the day, using the scenario here, the job of the window company is to fix this flaw and stop producing windows with this flaw, not go around and knee-cap someone because they discovered and exploited this flaw.
I'm not trying to defend criminals, but I don't think it's Microsoft's place to knee-cap people who exploit their vulnerabilities, it's their job to proactively find and fix vulnerabilities and not make any vulnerabilities public knowledge without a solution to fix the problem.
You are right in that it is Microsoft's first responsibility should be to correct the flaws in its products and commercial behaviour that allow these problems to propagate. It is however in their interest to also try and find and prosecute these individuals. A few high profile convictions may send a "message" to virus writers that what they do isn't so smart. The only problem we have is that the "good guys" could get painted with the same brush as the "bad guys". The "good guys" being those grey and white hats who find bugs and write proof of concept exploits and post them to forums such as bugtraq. These guys help make the software safer. However as a side effect they also help the morons who write 800k VB viruses cause havoc. Which is unfortunate. But it is ultimately the moronic VB virus coders who are the problem not the people who find the software flaws in the first place. Regards -- Oliver Jones » Director » oliver(a)deeperdesign.com » +64 (21) 41 2238 Deeper Design Limited » +64 (7) 377 3328 » www.deeperdesign.com
* Oliver Jones <oliver(a)deeper.co.nz> [2004-11-09 00:00]:
A few high profile convictions may send a "message" to virus writers that what they do isn't so smart.
Only script kiddies will buy that message.
However as a side effect they also help the morons who write 800k VB viruses cause havoc.
You're a few years behind the times. Nowadays, worms contain proxies, and the services of botnets so created are sold to spammers at high prices. Half the world wide spam originates from zombie PCs. Worm writers are now professional criminals who make a good profit on their activities. Offering bounties for their heads will not deter them, particularly if you consider how incredibly slim the chances of actually capturing a perpetrator are. We live in a different world now. The days of innocence are over. Regards, -- Aristotle "If you can't laugh at yourself, you don't take life seriously enough."
participants (3)
-
A. Pagaltzis -
Lindsay Druett -
Oliver Jones