Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Thread beginning with comment 358802
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Another car analogy
by blahblah on Thu 16th Apr 2009 07:44 UTC in reply to "Another car analogy"
blahblah
Member since:
2006-03-23

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.

I had a car. I'm reasonably knowledgeable about the inner working of said car. Did some work on it myself. I was moving out of state, and my friend needed a car, so I gave it to him.

Now, I know he doesn't know much (anything at all, zero, completely ignorant) about cars, so I get it checked over and maintained before I give it to him.

One thing I didn't fix was the engine light, coz I know it's just the OBD being annoying, and you just need to unplug & plug the battery to make it go away.

My friend pointed it out a light was on a year earlier, and I said "eh, no problem".

So a few months after I gave it to him, the oil light came on, he said "eh, no problem", and later reported to me that he was driving along the freeway and the car "made some noises, and stopped".

Now, as much as I wanted to just laugh my #$#, I did feel kind of bad, because I knew he didn't know anything, and probably should have took more time to explain how cars work...I tried going over the basic ideas, but failed to emphasize things like "orange light, OK. Red light, BAD", so I did feel somewhat responsible.

Now I had another friend that had built a classic car from the ground up over a period of two years, and took it out for the first time, and had never put oil in it (just forgot). Now, in that situation, I really wanted to feel bad, but just tried really hard not to laugh, and sound sympathetic.

Finally, note that I gave my friend the car for free. Just like you get Linux for free. So he felt silly and bad for not taking care of a free car. Whereas if he had bought the car, he might have been a little mad if the dealer never explained anything about checkups, etc. And I find that totally reasonable.

Windows = I paid for this so I didn't have to think, you didn't give me access to fix anything myself, so you better treat me, the dumb idiot customer, like the dumb idiot customer you made me. And also treat me like you really want to keep me happy, and make sure I can't screw it up too badly. And make me feel good about myself while you do it. I.E, if I have to think, you have an HCI bug!. In other words, If I can't figure it out, or do something wrong, your interface is broken.

Linux = it's free, you have the source. If you really had an issue YOU SHOULD HAVE FIXED IT YOURSELF. And you better not complain.

Reply Parent Score: 1

RE[2]: Another car analogy
by kaiwai on Thu 16th Apr 2009 09:29 in reply to "RE: Another car analogy"
kaiwai Member since:
2005-07-06

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.

I had a car. I'm reasonably knowledgeable about the inner working of said car. Did some work on it myself. I was moving out of state, and my friend needed a car, so I gave it to him.

Now, I know he doesn't know much (anything at all, zero, completely ignorant) about cars, so I get it checked over and maintained before I give it to him.

One thing I didn't fix was the engine light, coz I know it's just the OBD being annoying, and you just need to unplug & plug the battery to make it go away.

My friend pointed it out a light was on a year earlier, and I said "eh, no problem".


So in other words - your mate pointed out a flaw and instead of taking it off to a professional to get it fixed you decided to ignore it.

Lets do a parallel; Imagine we have a software company who makes an operating system, a end user notices something strange occurring - he is noticing that the network icon is flashing extremely fast event though he isn't using the internet or transferring anything over his network. He rings up the software company and notifies them of this strange behaviour - he isn't exactly knowledgeable about computers but assumes (given past experience) that it doesn't seem right. The software company chose to to ignore what he reported by stating that is perfectly normal for that to occur.

Months later there is a massive outbreak of a worm taking advantage of their software and they later find out that the end user whom they were speaking to had it. Instead of taking it further and finding out the nature of the problem they chose to ignore it. Ignoring a false positive and claiming that all positives are false ultimately led to something that could have been controlled becoming a major security issue.

All the rest of what you wrote is completely irrelevant.

1) Microsoft is notified of a security flaw.

2) Microsoft issues a bulletin.

3) Microsoft issues a patch.

4) All computers pre-loaded with Windows receive automatic updates.

5) As the event (1 April 2009) comes closer the media ramp up the effort to educate people.

6) The media inform end users to run Windows update and update your virus detector/cleaner.

Please tell me where my analogy was wrong in the previous post. Information was put out there - end users ignored it; how is it Microsoft's fault?

Edited 2009-04-16 09:31 UTC

Reply Parent Score: 2

RE[3]: Another car analogy
by blahblah on Thu 16th Apr 2009 17:53 in reply to "RE[2]: Another car analogy"
blahblah Member since:
2006-03-23

Um. Exactly. My friend was the end-user, and I was saying I should have been more informative. Thus, it's not the end-users fault.

Where do we disagree?

Reply Parent Score: 1

RE[3]: Another car analogy
by blahblah on Thu 16th Apr 2009 17:54 in reply to "RE[2]: Another car analogy"
blahblah Member since:
2006-03-23

Oh, and btw, the engine light was on because of the OBD.

This has nothing to do with oil.

So in your parallel, the end-user DIDN'T have it.

cheers

Reply Parent Score: 1

RE[3]: Another car analogy
by blahblah on Thu 16th Apr 2009 18:05 in reply to "RE[2]: Another car analogy"
blahblah Member since:
2006-03-23

Oh, and finally what part of "so I get it checked over and maintained before I give it to him." does not constitute taking it to a professional, like you said?

I gave it to a mechanic, and said "look for anything wrong, and fix it". Before I gave him the car. After the engine light comes on.

Read before you speak, man.

Reply Parent Score: 1

RE[2]: Another car analogy
by ari.takanen on Thu 16th Apr 2009 10:45 in reply to "RE: Another car analogy"
ari.takanen Member since:
2009-04-16

Hmmm... Even ignoring the fact that the analogy totally falls apart because, in a malware breach of security, there's an individual actively trying to break the system, this still has issues.


I like car analogies, just because today they (cars) are almost as easy to hack as any other system that runs on software.

Needless to say, whether the car was free or not, if someone hacks your bluetooth interface and makes your car reboot when you are doing 80 miles per hour on a high-way, the car manufacturer would have to pay the damages as you cannot avoid product liability in the car industry.

Edited 2009-04-16 10:47 UTC

Reply Parent Score: 1

RE[3]: Another car analogy
by blahblah on Thu 16th Apr 2009 18:07 in reply to "RE[2]: Another car analogy"
blahblah Member since:
2006-03-23

Gotta give you that one.

Still, my point was that you couldn't really blame the end-user (my friend). He just didn't know any better.

Reply Parent Score: 1