Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Thread beginning with comment 358626
To read all comments associated with this story, please click here.
Comment by parentaladvisory
by parentaladvisory on Wed 15th Apr 2009 10:05 UTC
parentaladvisory
Member since:
2006-12-18

Can only answere for my self...

Ultimatly it is the people behind the software that are responsible for developing the patch.

After that it is the distributions responsibility to package the patch and distribute it through appropriate channels(its own package repos).

If then the idiots behind the keyboard(end users) doesnt install the updated package, it is there own fault...

Reply Score: 3

RE: Comment by parentaladvisory
by gustl on Wed 15th Apr 2009 14:40 in reply to "Comment by parentaladvisory"
gustl Member since:
2006-01-19

I would agree to that.

On the other hand, I would say there is nobody to blame.
Microsoft made clear in their EULAs that it cannot be held liable for any damage which may be done by their software or by their lack of providing security patches.
Open source software also makes the same statement in their various licenses.

Having finally handled a security hole the way it should be handled (proactively) is a great thing for Microsoft. I hope they will continue on this path in the future.

In general, security is a process, so there are minor issues, major issues and occasionally a zero-day exploit will occur.
Whatever happens if such a thing comes to pass will have to determine how we judge the ones who can close the hole.

Ultimately the majority of people seem to be OK with the mediocre level of security Windows XP provided, so I guess they should be rather relaxed if such a thing happens in the Linux world.
On the other hand, there never was a really successful virus/worm written for Linux before, so it would certainly make BIG news if someone could pull it off.

Let's wait and see if it happens, and when it happens what happens.

Reply Parent Score: 2

k1773r37f Member since:
2009-04-17

I would agree to that.

On the other hand, I would say there is nobody to blame.
Microsoft made clear in their EULAs that it cannot be held liable for any damage which may be done by their software or by their lack of providing security patches.
Open source software also makes the same statement in their various licenses.


That may make them not legally responsible. I would still like to see some major corporation with the fiscal resources, legal resources and cajones to do so try that in a court of law.

But it does not negate their moral or ethical responsibility. Oh wait! Were talking Microsoft. Nevermind, I'll hush now.

Reply Parent Score: 1