Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Permalink for comment 358634
To read all comments associated with this story, please click here.
Who is to blame for being compromised?
by markjensen on Wed 15th Apr 2009 11:19 UTC
markjensen
Member since:
2005-07-26

Who is to blame for being compromised by an exploit for which a patch was released months before?

The admin. (which is quite often also the primary user in home systems)

Sure, Microsoft had code with an exploit. But they found it (or someone else pointed it out to them using responsible disclosure, hopefully) and they released a patch that was pushed out in updates.

There have been similar problems in the Linux world. Slapper, anyone? Who is responsible for getting hit by a Linux worm that has had a patch released months before?

I stand by my answer. The admin is responsible.

(as for who is responsible for repairing the code, if it the bad code is in mysql, then the mysql team is responsible to fix, but that is pretty obvious, eh?) ;)

Reply Score: 10