A Quark of A Different Spin. (adameros) wrote,
A Quark of A Different Spin.

I'm in a debate right now concerning one senetors demand that Microsoft put a warrenty on Windows making it liable for all the bugs and security holes it has.

We would like feed back from the Peanut Gallery (that's you!).

MeHate Microsoft: sweet, I'm going to be interviewing Mr Martin :D
adameros: The guitar maker?
MeHate Microsoft: no, the moron politician demanding a warranty from Microsoft
adameros: He might be a moron, but I think the warrenty is a good idea. I'm sick of all the problems Microsofts poor code has caused me over the years.

adameros: I just don't think Microsoft would agree to it.

MeHate Microsoft is away at 11:16:49 AM.
MeHate Microsoft returned at 11:17:11 AM.
MeHate Microsoft: I can say the same thing about every piece of software in existence
adameros: True. I think if you pay for something, just like anything else I pay for, if it is blatently defective there are laws and warrenties covering my ass. This is not the case for Microsoft.
MeHate Microsoft: that's not the case with any software due to the fact that you can install it and then just demand a refund and keep on using the software
MeHate Microsoft: maybe with the advent of DRM a warranty would be possible

adameros: So you are saying that when version after version of the software has the same security holes that cost American Businesses billions to deal with, the company making the software should not be liable? I think the fact that if you install the latest version on Windows and put that system on the net without a firewall supposedly it will be cracked in a matter of minutes, and this is not a new situation. It's a defective product and I do feel a company should be liable for the short comings of their product. Especially when they company regularly touts how safe and secure their product is.

MeHate Microsoft: No, I am not saying they shouldn't be held liable in any form, but what I am saying is that with current technology is impossible to offer money back for software, simply because every customer in the world could take advantage of that by installing the software, and then returning it for a full refund, claiming "it didn't do what I expected it to do"
MeHate Microsoft: Car manufacturers are required to fix design problems for free, not offer a refund on the car
MeHate Microsoft: Microsoft is doing the same thing, offering patches for problems for free
MeHate Microsoft: kind of like a recall

adameros: But the people who would do that would just steal the software form the net and not worry about Microsoft having their name on file.

MeHate Microsoft: not necessarily, I know a lot of people who would gladly return the software for a full refund, but can't find it on the net.

adameros: Why doesn't Microsoft do penetration testing prior to release? This happens with every release they have and it seems to just be getting worse each time.

MeHate Microsoft: actually, I'd be willing to bet that it is getting better each time, but with each release there is a deeper penetration of broadband and so the holes are exploited quicker

adameros: It's not getting better. It has been shown that Windows runs fine with all it's services turned off. Why is that not the default for a new install and let people open up ports as needed?

MeHate Microsoft: umm, because you can't boot with all of the services turned off

adameros: Why is there not stringent penetration testing? I mean, if a bunch of Russian high schools can manage to slip windows around like a red headed step child with every release... If I was a security programmer for M$, I would be embarrassed that these kids manage to out smart me at every turn. I've long felt that M$ rushs out poorly tested features to try to be on the leading edge of the technology curve, but ends up with egg on their face almost every time because of the lack of testing.
adameros: Actually, if you read slashdot, you can, and it runs just fine.

MeHate Microsoft: I reported on that exact article, and without the winlogon service windows does not boot, at all

adameros: And if it needs that one to boot, keep it. But make that service as safe as possible and turn the rest off. This is common sense security. Only open the ports you need.
adameros: Just to make sure we are speaking of the same article... http://slashdot.org/article.pl?sid=05/07/28/1838235&tid=201

MeHate Microsoft: the problem is average joe is more easily convinced to patch a system than to turn on services
MeHate Microsoft: if they shipped their OS completely stripped down, they might as well not include them period, and that would kill the sales of the OS

adameros: I'm not saying stripped down. I'm saying with the services off. They have the option to use them if needed. But I'm guessing that most people never use a majority of the services unless they doing sharing, in which case they are likely bhind a NAT firewall and pretty safe. But the person with 1 pc and digital cable or dial up don't need the extranious services and are wide open to attack with a base install.

MeHate Microsoft: with the built in firewall enabled by default now, that mitigates a lot of the risk

adameros: Let's say you have a base install not behind a firewall and you do want to patch it. As it take mere minutes on average for an unpatched host to get cracked, and how long does it take to download and install SP2, all the while you are at risk?
I'm just saying common sense says to leave the all the services that can be off in the off state by default untill a user needs that service.
adameros: I think it's time to get "The Internet" involved. Mind if I post this to my LJ and see if we can get commentary from the peanut galley?

MeHate Microsoft: you can enable the default firewall in XP and that will take care of that problem.
MeHate Microsoft: Sure, feel free, but make sure to link to my original commentary as well

adameros: So, is it on by default? If so, how are new installs being cracked so quickly?

MeHate Microsoft: no, prior to sp2 it is not on by default, but if you enable it before you connect to the internet, you are fine
MeHate Microsoft: anybody who buys Windows XP at this point is getting SP2 rolled in for them, and the firewall is enabled by default in that case

adameros: That's what I mean. It should be on by default. And that it is finally on by default is a good step. But now the question is, does the firewall work or are systems still being cracked?
Which is a better firewall, my Linksys NAT firewall with 10yr old technology or the shiny new Windows firewall? If the older Tech is better, would that constitute the Microsofts product being labelled as defective, and should they be liable for damages due to the product being defective?

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded