Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Thread beginning with comment 358649
To read all comments associated with this story, please click here.
Another car analogy
by kaiwai on Wed 15th Apr 2009 12:47 UTC
kaiwai
Member since:
2005-07-06

Lets say you own a car, there is a oil warning light that goes on - instead of doing something about it you ignore it till the point that it results in the engine seizing up. This oil light had be blinking for months, the manual in your car stated that if the light goes on you need to take it in to get serviced. When the engine seized up - whose fault is it?

The driver had all the warnings, all the knowledge and the window of opportunity to do something about it - but chose not to. Is it the car companies fault or the fault of the driver? If there is a fault with the car that results in the oil light going on - there is a recall of those cars but the driver chooses not to, is it the fault of the car company or the driver who refused to take it in to get fixed?

Before people start criticising Microsoft - the fix has been out since the 28 October 2008. End users have had over 5 months to install it; the 'warning light' has been on for a long time and yet they chose to ignore it. The media in New Zealand on both TV3 and TV1 had segments talking about how you can be safe - and yet we have end users ignore this.

So could someone please explain to me why Microsoft should be blamed after doing all the right things as so far as issuing a security alert, providing a patch, and the media explaining what you as an end user can do to protect yourself.

Edited 2009-04-15 12:53 UTC

Reply Score: 3

RE: Another car analogy
by sbenitezb on Wed 15th Apr 2009 13:29 in reply to "Another car analogy"
sbenitezb Member since:
2005-07-22

Wow, you really like car analogies ;)

Reply Parent Score: 2

RE: Another car analogy
by Bill Shooter of Bul on Wed 15th Apr 2009 15:30 in reply to "Another car analogy"
Bill Shooter of Bul Member since:
2006-07-14

When the engine seized up - whose fault is it?

My f*&king brother's fault. Who did that same thing on a long trip, and just ignored the light. The good thing is that he learned his lesson. Now he's like a self made mechanic or something.

Reply Parent Score: 1

RE[2]: Another car analogy
by Tuishimi on Wed 15th Apr 2009 22:08 in reply to "RE: Another car analogy"
Tuishimi Member since:
2005-07-06

That b*stard. It's all his fault! Does he have money? Can we sue him?

Reply Parent Score: 2

RE: Another car analogy
by blahblah on Thu 16th Apr 2009 07:44 in reply to "Another car analogy"
blahblah Member since:
2006-03-23

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.

I had a car. I'm reasonably knowledgeable about the inner working of said car. Did some work on it myself. I was moving out of state, and my friend needed a car, so I gave it to him.

Now, I know he doesn't know much (anything at all, zero, completely ignorant) about cars, so I get it checked over and maintained before I give it to him.

One thing I didn't fix was the engine light, coz I know it's just the OBD being annoying, and you just need to unplug & plug the battery to make it go away.

My friend pointed it out a light was on a year earlier, and I said "eh, no problem".

So a few months after I gave it to him, the oil light came on, he said "eh, no problem", and later reported to me that he was driving along the freeway and the car "made some noises, and stopped".

Now, as much as I wanted to just laugh my #$#, I did feel kind of bad, because I knew he didn't know anything, and probably should have took more time to explain how cars work...I tried going over the basic ideas, but failed to emphasize things like "orange light, OK. Red light, BAD", so I did feel somewhat responsible.

Now I had another friend that had built a classic car from the ground up over a period of two years, and took it out for the first time, and had never put oil in it (just forgot). Now, in that situation, I really wanted to feel bad, but just tried really hard not to laugh, and sound sympathetic.

Finally, note that I gave my friend the car for free. Just like you get Linux for free. So he felt silly and bad for not taking care of a free car. Whereas if he had bought the car, he might have been a little mad if the dealer never explained anything about checkups, etc. And I find that totally reasonable.

Windows = I paid for this so I didn't have to think, you didn't give me access to fix anything myself, so you better treat me, the dumb idiot customer, like the dumb idiot customer you made me. And also treat me like you really want to keep me happy, and make sure I can't screw it up too badly. And make me feel good about myself while you do it. I.E, if I have to think, you have an HCI bug!. In other words, If I can't figure it out, or do something wrong, your interface is broken.

Linux = it's free, you have the source. If you really had an issue YOU SHOULD HAVE FIXED IT YOURSELF. And you better not complain.

Reply Parent Score: 1

RE[2]: Another car analogy
by kaiwai on Thu 16th Apr 2009 09:29 in reply to "RE: Another car analogy"
kaiwai Member since:
2005-07-06

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.

I had a car. I'm reasonably knowledgeable about the inner working of said car. Did some work on it myself. I was moving out of state, and my friend needed a car, so I gave it to him.

Now, I know he doesn't know much (anything at all, zero, completely ignorant) about cars, so I get it checked over and maintained before I give it to him.

One thing I didn't fix was the engine light, coz I know it's just the OBD being annoying, and you just need to unplug & plug the battery to make it go away.

My friend pointed it out a light was on a year earlier, and I said "eh, no problem".


So in other words - your mate pointed out a flaw and instead of taking it off to a professional to get it fixed you decided to ignore it.

Lets do a parallel; Imagine we have a software company who makes an operating system, a end user notices something strange occurring - he is noticing that the network icon is flashing extremely fast event though he isn't using the internet or transferring anything over his network. He rings up the software company and notifies them of this strange behaviour - he isn't exactly knowledgeable about computers but assumes (given past experience) that it doesn't seem right. The software company chose to to ignore what he reported by stating that is perfectly normal for that to occur.

Months later there is a massive outbreak of a worm taking advantage of their software and they later find out that the end user whom they were speaking to had it. Instead of taking it further and finding out the nature of the problem they chose to ignore it. Ignoring a false positive and claiming that all positives are false ultimately led to something that could have been controlled becoming a major security issue.

All the rest of what you wrote is completely irrelevant.

1) Microsoft is notified of a security flaw.

2) Microsoft issues a bulletin.

3) Microsoft issues a patch.

4) All computers pre-loaded with Windows receive automatic updates.

5) As the event (1 April 2009) comes closer the media ramp up the effort to educate people.

6) The media inform end users to run Windows update and update your virus detector/cleaner.

Please tell me where my analogy was wrong in the previous post. Information was put out there - end users ignored it; how is it Microsoft's fault?

Edited 2009-04-16 09:31 UTC

Reply Parent Score: 2

RE[2]: Another car analogy
by ari.takanen on Thu 16th Apr 2009 10:45 in reply to "RE: Another car analogy"
ari.takanen Member since:
2009-04-16

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.


I like car analogies, just because today they (cars) are almost as easy to hack as any other system that runs on software.

Needless to say, whether the car was free or not, if someone hacks your bluetooth interface and makes your car reboot when you are doing 80 miles per hour on a high-way, the car manufacturer would have to pay the damages as you cannot avoid product liability in the car industry.

Edited 2009-04-16 10:47 UTC

Reply Parent Score: 1