[LINK] Rampaging bugbear

Sat, 5 Oct 2002 17:55:28 +1000

Mmmm ...

As I said in an earlier post ... I also deliberately break the app 
chain on the Net, using non-MS mailers and browsers .. and have had 
no problem at all with e-mail and other viruses. I get the infected 
e-mails, but they're essentially harmless. And those I've recommended 
this solution to have been amazed at how many problems went away when 
they adopted non MS alternative applications.

Having a non-standard Windows setup is something I also recommend to 
people ... as script viruses in particular rely on default setups to 
do their stuff.

Ultimately it comes down to problems of homogeneity, market 
dominance, and insecure technologies ... although I'd probably class 
the latter as MS's major problem ... and many threats can be 
eliminated by a little forethought.

With respect to MS, I think Roger Clarke hit it on the head in that 
article on software producer liability that he mentioned in an 
earlier post ... and wrote so long ago. Unless and until MS is held 
legally accountable for losses due to security breaches, they have no 
reason to plug the gaping security holes in their basic architecture.

				Regards,

At 8:15 AM +1000 5/10/2002, Chirgwin, Richard wrote:
>Ultimately, Frank, 'Don't use Outlook' is more convenient, safer and cheaper
>than 'keep up with the patches on a 56k modem when the patch uses up about
>20% of your monthly bandwidth allowance'.
>
>Work it out: 60 patches in ten months. Six patches per month. In other
>words, it's feasible for an ordinary user to consume his/her entire download
>allowance just maintaining functionality - not actually doing anything. What
>utter B.S. - it's much easier to use Netscape Messenger, and my download
>allowance can be used on porn and gambling, just like Sen Alston says it is!
>(Sorry, that's Korea).
>
>RC
>
>-----Original Message-----
>From: Frank O'Connor
>To: Malcolm Miles
>Cc: link@www.anu.edu.au
>Sent: 10/5/02 2:47 AM
>Subject: Re: [LINK] Rampaging bugbear
>
>Hi Malcolm,
>
>Do you have any idea:
>
>1. How many patches and service packs MS has released this year?
>
>2. How aware the AVERAGE user is of same, and how much the AVERAGE
>user likes keeping up with same?
>
>3. The limited amount of bandwidth that the AVERAGE user has on the
>Net, and the amount of time it would take them to find and download
>each and every update in 2002 that was pertinent to them.
>
>4. How many users eventually turn off the auto-update 'feature' in
>various versions of MS Windows and other software because it is
>consuming inordinate amounts of the above-mentioned bandwidth and
>their valuable time on the Net?
>
>The bottom line is that when on the Net people tend to have a view
>that it is not just for updating software. They want to check out
>little number slike news, sport and entertainment. They want to check
>out what's for sale and where. They want to use e-mail or peruse
>newsgroups. They want to do stuff other than spend their precious
>bandwidth allocation downloading interminable and never-ending MS
>software updates, bug-fixes and service packs. In short ... they want
>computing without the aggravation.
>
>But they're not getting it.
>
>Excusing MS because it has made something like 60 bug fixes and
>Service Packs available in the last 9 months is not what I'd call the
>winning position of all time.       :)
>
>Excusing MS when it has now flatly said it will no longer support
>older software for these security, bug fix and Service Packs in the
>hunt for more license monies isn't what I'd call very tactful.
>
>A little more in-depth consideration before replies are bulleted off
>may be in order.      :)
>
>					Regards,
>
>At 8:11 PM +1000 4/10/2002, Malcolm Miles wrote:
>>On Fri, 04 Oct 2002 12:23:28 +1000, you wrote:
>>
>>>Given that Windows users have put up with this badboy behaviour on
>>>their PCs for
>>>years, one wonders when
>>>
>>>(a) Microsoft is going to close off the myriad and multiple paths
>through its
>>>      buggy and dangerous operating system in order to stop once and
>>>for all these
>>>      malicious attacks;
>>
>>Microsoft released a patch for the security hole that both bugbear and
>>klez exploit back in May 2001. Current versions of IE do not have this
>>security hole.
>>
>>--
>>Best wishes,
>>Malcolm
>>
>>----------
>>For Link list information see http://sunsite.anu.edu.au/link/
>
>----------
>For Link list information see http://sunsite.anu.edu.au/link/

----------
For Link list information see http://sunsite.anu.edu.au/link/