Broadband Tech > Security > Security > Blaming the User: MS & WMP Adware Installations

reply to eburger68

Where are the FTC and FCC in all this?

perfectly put. Keith

Software authors writing legitimate software cant be held 100% responsible for bugs that crop up in the software. I made a point useing calulator one of the smallest apps included with windows. There have been 1 or 2 exploits to crash calc these were exploitable with plain old html based on 1.0 spec. It didnt matter what browser was used if it followed html 1.0 spec it would cause calc to crash. There have been many other examples of such things not all crash triggers were aimed at ms products. One could cause a little messenger app wrote in vb to crash app was called powerpager. Has been other examples as well. So who in this case would be to blaim MS beause vb is a crappy programing language? The people who made the browser that read the code that caused the crash? Or the people who came up with the html 1.0 spec? Who should be held responsible for the crashes? None of those listed thats for sure. The people who Knowingly exploit the flaw should be the ones held responsible for their actions.

Now should ms do something about it? Sure they should when they have the time to do so.
The ones who should be takeing imidiate action is as you said ftc and fcc. Simple fact unless these gov agencies do something even when this sec hole is patched by ms another will be found and used. Windows code base is huge as is wmps and any thing related to windows.

Heres a example for you im a mmorpg gamer currently playing rubies of eventide. If i found a exploitable bug and used it to help my char out and make him in to a god in the game and then got susspended for my use of that exploit who is to blaim. Me or the developers for not finding that bug that i used to cheat? Obviously it would be me not the developers.
Infact bugs that are exploited in games can damage all the chars on a game server in some cases. So not only would i be able to get suspended i could infact be in deep legal trouble.
Personaly if i was microsoft what i would do is file suit agaisnt these companies useing exploits and the like to infect other peoples computers. And i would make a huge show of it to i would get it all over the media tv radio and print (print includeing internet mags).

Id say hey look the bug is there we know it is a bad one but there are other bugs that are much more important that need to be addressed first.

The above statement is most probably true. Unless you work for ms as a programer and are privy to that knowlage you have no way of knowing what they are doing.

Even if ms lost such a suit it would still be enough to scare some spyware authors to the point where the would stop writing the applications.

MS tells us to not visit sites we dont trust great advice. Im bettign most of these video clips that are trying to install this stuff are infact porn sites. Every one should know by now not to download any thing from porn sites they are not trust worthy in any way shape or form period.

Again ms should fix this as soon as possible. But the blaim does not fall only to them it is ours ms in some small way and the authors of the sites and apps.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php

reply to keith2468
First and foremost, I want to acknowledge Eric Howes and Ben Edelman for their excellent work and undoubtedly costly efforts (at very least in terms of their time) in pursuit of this issue.

They're both bang on the mark. It's a real issue for millions of users, and but for Microsoft's grave errors (which are fully in character with past history), it would never have existed.

Keep the pressure on, guys.

Keith 2468, you make a very good point...

Maybe people could email their federal politicians on this issue.

There is also the point that these vandalism activities, developing adware for covert installation, running the covert installation servers, paying for the covert ads, paying for spam, are all tax deductible expenses -- so long as companies can claim they reasonably believe they are legal.

------------

There are 2 reasons I see no "free lunch" in software improvement costs.

1. In the past consumer has paid for the additional planning, programming, testing, and maintenance when they need to buy the next version of the software. So you're right it was free, but only until we needed to upgrade.

Now that they have some experience, software makers know they will be providing this "free service" and are building the cost into the purchase price of new products.

2. The AVs, ATs, ASW, firewalls (defensive software), and checks to prevent "buffer overflow exploits" and "escape character exploits" require additional tests by programs while they are executing.

Even if consumers didn't have to pay for the upgrades to their existing software, they do have to provide a computer powerful enough to run the extra checks.

Which means that even if we continue to run Windows 98, or Windows XP, more patches and more defensive software will eventually overload our existing machines, forcing us to spend money to upgrade the machine.

In this sense, there is no free lunch. The consumer does pay in the end. The consumer pays for the additional manpower, and the consumer pays for continued MS profits.

---------

There is one other thing.

I suspect that if MS, HP, Sun, IBM, or any other maker of software that can be vandalized were to push it in the courts, they probably wouldn't actually have to patch their products at their own cost except where there were real safety concerns (where things would accidentally go wrong in a dangerous way).

Product makers in the physical world have not been held liable for damage caused by vandalism. So far as I know, product makers in the physical world have never issued a vandalism motivated recall notice.

So why courts say makers of software have to fix vandalism vulnerabilities for free? (And if they did, would contributers to open source be compelled to fix their contributions at their own expense?)

In other words, I suspect software makers are simply providing the patches to maintain consumer good will, and out of habit.

But what would happen to consumer good will if they stopped doing this?

Lots of people have bought GMs, Fords, BMWs, etc. experienced having someone vandalize them. The auto vendors don't repair the vandalism damage under any kind of warranty. And auto vendors don't recall other cars of the same model to install vandal proof paint and windshields.

Inspite of this, car owners blame the vandals for the vandalism, and not the car makers. Car sales are virtually unaffected.

Software makers have actually hurt their customer relations by implying that they themselves are responsible for the damage caused by vandals. Makers implied this to consumers by creating and distributing free enhancements to protect against vandalism.

Of course I want software makers to keep distributing the free fixes and enhancements, and if they stopped there would definitely be a backlash in the hobbiest and techie community, at least in the short term. But long term, I think their sales would be unaffected.

Look at when AV makers went from prepetual licenses to annual licenses. Upset consumers for a couple of years. And then back to normal.

---------

And I like Nova Flare's idea of MS suing the companies involved in commiting the crime. Excellent example with cheating in the massively multiplayer game.

All this said, for now MS should fix the exploit. As Eric rightly notes, MS is leaving its customers vulnerable.

MS should make the fix, while they and law enforcement discuss and sort-out their respective public duties. MS is in the best position to make an immediate fix to the immediate short-term problem.

A way has to be found to get the FCC and FTC into action prosecuting domestic companies involved in using fraud to get software installed on our computers for advertising purposes.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC)

reply to keith2468