Re: [SLUG] Insight on Code Red II

From: Robert Haeckl (rhaeckl@tampabay.rr.com)
Date: Wed Aug 08 2001 - 15:03:29 EDT


Wyly Wade wrote:
>
> ***Disclaimer***
> I am not a windows advocate
> ***end Disclaimer***
>
> Bugs and exploiting of bugs is a fact of software.

>>>cut

What isn't a "fact of software" is the control you or your company has
over correcting the exploits. This is the heart of the problem with MS
products. When MS products are exploited, businesses have little
recourse but to sit on their hands and hope for a patch. Even if a
patch is available (which it was for Code Red), some are reluctant to
apply it because of the fear that the patch might bring the system down
and create more havoc. And you can't call MS to the mat and take
responsibility because you've already signed a disclaimer freeing MS
from liability.

The fact is, using open-source software both gives you the opportunity
to apply fixes, home grown or not, and gives you the RESPONSIBILITY for
taking care of it. Freedom of choice caries this responsibility;
closed-source takes this freedom away and puts it in the hands of a
party who is ultimately not responsible. MS deserves the tough media
attention. And the cheerleading that you refer to, is a cheer from those
willing to take the responsibility for the freedom that open-source
software provides. Tyranny is a tough thing to defend, even implicitly.

As for the "harmless windows exploits" and the "extreme Linux
weaknesses" I care to differ with you on this. Code Red II not only
publicizes which machines are infected, it provides a backdoor and
invites anyone in. Hardly something that a CTO would call harmless to
business. He/She could be heard murmuring, "we could've patched it
ourselves if it was open-source - we can tell the media and blame MS but
that won't solve the problem for us or next time either".

Robert



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:52:53 EDT