Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Permalink for comment 358814
To read all comments associated with this story, please click here.
RE[2]: Another car analogy
by kaiwai on Thu 16th Apr 2009 09:29 UTC in reply to "RE: Another car analogy"
kaiwai
Member since:
2005-07-06

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.

I had a car. I'm reasonably knowledgeable about the inner working of said car. Did some work on it myself. I was moving out of state, and my friend needed a car, so I gave it to him.

Now, I know he doesn't know much (anything at all, zero, completely ignorant) about cars, so I get it checked over and maintained before I give it to him.

One thing I didn't fix was the engine light, coz I know it's just the OBD being annoying, and you just need to unplug & plug the battery to make it go away.

My friend pointed it out a light was on a year earlier, and I said "eh, no problem".


So in other words - your mate pointed out a flaw and instead of taking it off to a professional to get it fixed you decided to ignore it.

Lets do a parallel; Imagine we have a software company who makes an operating system, a end user notices something strange occurring - he is noticing that the network icon is flashing extremely fast event though he isn't using the internet or transferring anything over his network. He rings up the software company and notifies them of this strange behaviour - he isn't exactly knowledgeable about computers but assumes (given past experience) that it doesn't seem right. The software company chose to to ignore what he reported by stating that is perfectly normal for that to occur.

Months later there is a massive outbreak of a worm taking advantage of their software and they later find out that the end user whom they were speaking to had it. Instead of taking it further and finding out the nature of the problem they chose to ignore it. Ignoring a false positive and claiming that all positives are false ultimately led to something that could have been controlled becoming a major security issue.

All the rest of what you wrote is completely irrelevant.

1) Microsoft is notified of a security flaw.

2) Microsoft issues a bulletin.

3) Microsoft issues a patch.

4) All computers pre-loaded with Windows receive automatic updates.

5) As the event (1 April 2009) comes closer the media ramp up the effort to educate people.

6) The media inform end users to run Windows update and update your virus detector/cleaner.

Please tell me where my analogy was wrong in the previous post. Information was put out there - end users ignored it; how is it Microsoft's fault?

Edited 2009-04-16 09:31 UTC

Reply Parent Score: 2