__/ [rapskat] on Tuesday 11 October 2005 17:54 \__
> On Tue, 11 Oct 2005 15:48:50 +0100, Roy Schestowitz wrote:
>> Allow me to say more while the thoughts stir in my mind.
>> A secure and stable operating system should not be perceived as a Utopia.
>> If I can keep a Linux box and Palm handheld up for months, this implies
>> that Windows gives a discouraging illusion, thereby falsifying any reason
>> to trust an operating system and data integrity that it's liable for.
> There is an implicit trust involved when submitting your personal data to
> an information system. The trust is the same as when you commit your
> personal thoughts and feelings to a diary or journal. You know that the
> journal won't just tell anyone all by itself what personal info it has
> within it's pages. However, if the journal itself is not secured, then
> anyone could find and read whatever is enscribed therein.
> It stands to reason that any system whose basic purpose is to hold
> sensitive data should have the means to secure said data. Even journals
> that are oriented for this purpose come with various locking mechanisms to
> keep the casual reader out.
>> How /dare/ M$ change for what should be XP SP3? And how can they not be
>> guilty for delivering a faulty operating system 'out of the box'? Why
>> need I spend several hours patching up my mother's /fresh/ installation
>> of Windows (she insisted on using that garbage)?
> Continuing with my analogy from above, while more recent versions of
> Windows do have the capability to secure the data that they hold, this is
> not the default configuration. A good lock will in it's default
> configuration automatically engage without having to be expressly
> configured to do so. This means that when the door is closed, it
> automatically locks. By contrast, a bad lock has to be manually and
> expressly engaged every time. Windows defaults to the bad lock scenario,
> purpotedly for the reasons of ease of use. It is assumed that the user
> will engage the builtin security mechanisms if they desire them.
> The glaringly evident problem with this is that people often aren't aware
> that these mechanisms are present or howto even engage them. From the
> user's point of view, they assume that their computer should be like a
> good lock, where it will default to whatever security being engaged by
> default so they don't have to worry about it. No effort is made to tell
> people otherwise.
> Recently, M$ has attempted in some small way to correct this blatant lapse
> by implementing a "security console". The purpose of this is to inform
> people that the door is ajar, however it does nothing to actually
> engage any security functions on it's own or even inform the user what to
> do. Everything is again left up to the user to manually install and
> configure according to the nagging of the console.
> Despite M$ closing a few door and windows (NPI), still it's products are
> inherently insecure and in truth unsuitable for general use by the public
> in any semblance of a secure fashion. It can be said with all assurance
> that any person who uses any version of Windows on the Internet with it's
> default settings will at some point shortly be compromised with various
Yes, this only took a few minutes to happen last week when I installed
Windows (see above). I didn't know if I should laugh or whine. I was at the
dashboard at the time, I may remind you, so it was unpleasant. Nonetheless,
it re-assured my choices so it's a double-edged sword.
> This indicates a violation of trust. Despite the various EULA's that
> accompany M$ products and their claims of no or extremely limited fault,
> consumer laws provide a guarantee to persons that purchase products that
> said goods will do what they are advertised to do. If one purchases a car
> that is sold under the pretense that it runs and is in good condition, and
> then said vehicle conks out down the road from the dealer, then the
> dealership is liable.
> Windows does not do what it is advertised to do, ie provide safe and
> reliable computing out of the box. As such, M$ is legally liable to every
> person that has become victim to their shoddy products. A vendor has a
> legal obligation to their customers that the products that they sell are
> safe, secure and suitable for use as is.
>> The ironic thing is that Microsoft now have financial incentive when it
>> comes to software bugs. If they cleansed their O/S from bugs, they would
>> lose business.
> This is insult to injury. Not only are M$ products self-admittedly
> insecure and unsuitable for online use by default, but now M$ intends to
> extort even more money from consumers by offering add-on security products
> in order to secure their insecure products! It's like selling someone a
> car, but selling the brakes and seatbelts separately! It is common
> knowledge that Windows cannot be used online securely without some form of
> 3rd party protection, just like a car cannot be driven securely without
> seatbelts and brakes. As such, anything that is needed in order to
> provide a complete basic system should be included by default with the
> product without any extra expense.
I like this analogy. I'll try to make a mental note of it.
> How they continue to be able to get away with this criminal regime is
> absolutely despicable.
Has it ever not been despicable?
Roy S. Schestowitz | "No, I didn't buy that from eBay"
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
5:55am up 47 days 18:09, 4 users, load average: 0.75, 1.42, 1.23
http://iuron.com - next generation of search paradigms