[geeks] Odd uptick in spam...

Jonathan C. Patschke jp at celestrion.net
Fri Sep 7 08:10:54 CDT 2007 

On Fri, 7 Sep 2007, Geoffrey S. Mendelson wrote:

> I'm not sure that any other operating system would be better. While
> *NIX derived or look-alike operating systems are more secure, if about
> 85% of the computers ran one of them, there would be an enourmous
> effort to break it.

That's only because Unix and Windows share in common that they grew from
toys into something expected to bear the brunt of being multiuser in a
networked environment.  OSes that were designed for that sort of thing
(VMS, zOS) would probably fare just fine.  Of course, the rub is getting
something as robust as VMS in a flavor that the average computer user
would tolerate[0].  NT had real promise before they stretched Win32 over
it in a hurry.

> As we all know there were some glaring holes in things like sendmail
> and telnet, but they were fixed long before enough people cared about
> them to cause a problem of this scale. Unfortunately there are plenty
> of existing holes that no one knows about or have been publicised and
> there are new holes being created every day.

The three major BSD camps tend to do a pretty good job of auditing the
stuff they ship.  OpenBSD and FreeBSD have circumvented bugs in upstream
code (and offered the fix for the "theoretically exploitable" problem)
for things like BIND and Sendmail long before some malcontent caused the
vanilla version of the code to blow up.

It's not like people aren't looking at this stuff.  Unlike the Windows
development team and the various Linux camps, there are some people who
like getting things right instead of painting another layer of gloss
over junk code.

> You also must consider that many of the computers infected are running
> versions of Windows that have not been supported for years.

This is also an argument that doesn't fit in any other market segment.
If Ford or GM or Braun or any other goods manufacturer ships a device
that fails spectacularly and predictably after the warranty expires,
they can still be liable if they had reasonable cause to believe that
such an event was likely.  Apple got slapped with this a few years ago
with iPod batteries that had lifetimes just barely longer than the
warranty period.

Since software doesn't come with a warranty (why?), the closest analogue
continued support.  Remember the big worm (Nimda or Code Red or some
other silly-named thing) that hit media-worthy mass within a month of
Microsoft telling Windows 2000 users that their OS was officially
unsupported and that they'd best get with the XP/2003 game if they
wanted any security patches?  Mighty convenient that.

When a person buys a license for a piece of software, shouldn't it work
as-advertised for as long as it's useful?  It's not like these older
versions of Windows are breaking because they weren't sold as being
Internet-ready.  They were always buggy and exploitable.  Microsoft sold
a defective product; they continue to sell defective products.  Why is
this permitted?


[0] This cloud's silver lining:  If the typical computer user's
     inclination to actually know how to run the magic Internet box on
     his desk continues to decrease, they'll be to the point of needing
     drool-proof set-top boxes in a couple of years, and this whole
     problem will neatly go away.
-- 
Jonathan Patschke     )
Elgin, TX            (      "I detest logging filesystems."
USA                   )                    --Linus Torvalds

More information about the geeks mailing list