how-to block ads
|
|
Share Topic
 |
 |
|
|
|
1 edit | reply to keith2468
Re: Where are the FTC and FCC in all this? First and foremost, I want to acknowledge Eric Howes and Ben Edelman for their excellent work and undoubtedly costly efforts (at very least in terms of their time) in pursuit of this issue.
They're both bang on the mark. It's a real issue for millions of users, and but for Microsoft's grave errors (which are fully in character with past history), it would never have existed.
Keep the pressure on, guys.
Keith 2468, you make a very good point...
said by keith2468:This vandalism isn't a purely technical issue. There are also criminal acts involved. Computers are not writing the malware themselves. Computers aren't selling the advertising. Computers aren't buying the advertising. Criminals are. So where are the FTC and FCC in all this? Why aren't they prosecuting those who use fraud to install software on systems? Why aren't they prosecuting those who pay others to use fraud to install software on systems? I agree completely with that, but your analogy:
A paint engineer might observe that it is technically possible to create auto paint jobs that can't be vandalized with a simple hand-held nail.
And a glass engineer might observe that it is possible to create auto glass that cannot be vandalized with a mere punch-press. ... doesn't really hold up, because it is couched in terms of cost. The cost of improved software, at least in this particular respect, is essentially zero to the user.
Also this reasoning...
And if consumers could those upgrades, wouldn't the vandals simply go after other parts of the car: the tires, the mirrors, etc.? ... while it has merit, is a fact of life in the worlds of software and cyberspace regardless. And also regardless of other known or as-yet unanticipated vulnerabilities, it remains Microsoft's responsibility to correct its software. And again you point to cost:
So those aspects of the car would have to be upgraded, and vehicle cost would go up even more. Could consumers afford that? Though relevant at times, in the current case it is not. The WMP software is essentially free of charge, provided (albeit arguably in violation of antitrust law or principles) free of charge to users.
The very least Microsoft can do if it's going to be allowed [to] leverage its monopoly to foist this software (not to mention its scary "rights management") upon literally the entire world, is to make it a safe product to use.
I agree nonetheless that the spyware criminals -- and that's exactly what most of them are -- are at least as valid a target as Microsoft.
These entities manage, on the whole, to escape the wrath of the users they victimize; in part by abuse of EULAs, but also for lack of regulation and enforcement by such as the FTC. It is a shameful situation. Users are at an enormous disadvantage, and there's no end in sight, while those who should act do nothing.
It's up to us to be vigilant, to help and inform one another, and to demand better of those responsible.
pchelp | |
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Maybe people could email their federal politicians on this issue.
There is also the point that these vandalism activities, developing adware for covert installation, running the covert installation servers, paying for the covert ads, paying for spam, are all tax deductible expenses -- so long as companies can claim they reasonably believe they are legal.
------------
There are 2 reasons I see no "free lunch" in software improvement costs.
1. In the past consumer has paid for the additional planning, programming, testing, and maintenance when they need to buy the next version of the software. So you're right it was free, but only until we needed to upgrade.
Now that they have some experience, software makers know they will be providing this "free service" and are building the cost into the purchase price of new products.
2. The AVs, ATs, ASW, firewalls (defensive software), and checks to prevent "buffer overflow exploits" and "escape character exploits" require additional tests by programs while they are executing.
Even if consumers didn't have to pay for the upgrades to their existing software, they do have to provide a computer powerful enough to run the extra checks.
Which means that even if we continue to run Windows 98, or Windows XP, more patches and more defensive software will eventually overload our existing machines, forcing us to spend money to upgrade the machine.
In this sense, there is no free lunch. The consumer does pay in the end. The consumer pays for the additional manpower, and the consumer pays for continued MS profits.
---------
There is one other thing.
I suspect that if MS, HP, Sun, IBM, or any other maker of software that can be vandalized were to push it in the courts, they probably wouldn't actually have to patch their products at their own cost except where there were real safety concerns (where things would accidentally go wrong in a dangerous way).
Product makers in the physical world have not been held liable for damage caused by vandalism. So far as I know, product makers in the physical world have never issued a vandalism motivated recall notice.
So why courts say makers of software have to fix vandalism vulnerabilities for free? (And if they did, would contributers to open source be compelled to fix their contributions at their own expense?)
In other words, I suspect software makers are simply providing the patches to maintain consumer good will, and out of habit.
But what would happen to consumer good will if they stopped doing this?
Lots of people have bought GMs, Fords, BMWs, etc. experienced having someone vandalize them. The auto vendors don't repair the vandalism damage under any kind of warranty. And auto vendors don't recall other cars of the same model to install vandal proof paint and windshields.
Inspite of this, car owners blame the vandals for the vandalism, and not the car makers. Car sales are virtually unaffected.
Software makers have actually hurt their customer relations by implying that they themselves are responsible for the damage caused by vandals. Makers implied this to consumers by creating and distributing free enhancements to protect against vandalism.
Of course I want software makers to keep distributing the free fixes and enhancements, and if they stopped there would definitely be a backlash in the hobbiest and techie community, at least in the short term. But long term, I think their sales would be unaffected.
Look at when AV makers went from prepetual licenses to annual licenses. Upset consumers for a couple of years. And then back to normal.
---------
And I like Nova Flare's idea of MS suing the companies involved in commiting the crime. Excellent example with cheating in the massively multiplayer game.
All this said, for now MS should fix the exploit. As Eric rightly notes, MS is leaving its customers vulnerable.
MS should make the fix, while they and law enforcement discuss and sort-out their respective public duties. MS is in the best position to make an immediate fix to the immediate short-term problem.
A way has to be found to get the FCC and FTC into action prosecuting domestic companies involved in using fraud to get software installed on our computers for advertising purposes.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) | |
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
 ·Frontier Communi..
| said by keith2468:I suspect that if MS, HP, Sun, IBM, or any other maker of software that can be vandalized were to push it in the courts, they probably wouldn't actually have to patch their products at their own cost except where there were real safety concerns (where things would accidentally go wrong in a dangerous way). Product makers in the physical world have not been held liable for damage caused by vandalism. So far as I know, product makers in the physical world have never issued a vandalism motivated recall notice. Uhmmm... maybe this was true 25 years ago, but things have changed. Now gun manufacturers (as well as owners from whom guns were stolen) have been successfully sued by shooting victims. A chain-link fence maker has been successfully sued by parents of a drowned child after he and his playmates dismantled a fence panel protecting a pool while the owners were on vacation - the owners were successfully sued as well. There are many more. I think you overly minimize the trend against "deep pockets" in a modern courtroom.
An even more ominous legal trend can be seen when certain eBusiness computers have been hacked and the companies are being held liable, at least in part, for damages from stolen credit card numbers and customer identities. It's only a tiny step further to hold software manufacturers equally liable, especially where security holes can be demonstrated.
Courts are consistently finding that manufacturers have long-term responsibility to protect their products against improper usage. Sometimes that realm of responsibility can interpreted to be quite far-reaching.
Please note: I'm NOT stating such decisions are right or fair, I'm merely pointing out what a lot of lawyers will advise: "do whatever it takes to stay out of a courtroom!" I suggest similar counsel is regularly given by Microsoft's legal department regarding the need to security-patch MS products. It's not the only reason they patch, but I believe it is a growing factor in their decisions. | |
BPremium,MVM
join:2000-10-28 | reply to keith2468
said by keith2468:Maybe people could email their federal politicians on this issue. There is also the point that these vandalism activities, developing adware for covert installation keith, you've used this car "vandalism" analogy again and again here.
But it doesn't hold at all!
These DRM-related spyware drive-bys occur when MS's products are USED AS DIRECTED.
"Vandalism" against a car isn't related to the USE of that car. The car and driver are non-participatory innocent victims. A very different analogy might be apropos if the user's own actions were involved; if, say, driving a car on certain private roads resulted in flat tires. The owners of the private road (and the driver) might be responsible, not the auto manufacturers.
Because of the user's participation, crudware purveyors are arguably guilty of fraud, not vandalism, although as you imply there hasn't been much legal ruling on it.
But there's a clear problem with the way IE and WMP "drive". They are unsafe to use on the public streets, even when used as intended (e.g., viewing media). (Further auto analogies would be strained, but I'm envisioning something to do with simply driving by a squeegee guy and having a hole open in your windshield.) And while I enjoy a show of MS's true colors as much as anyone, they should fix the problem.
-- B
--
In a realm outside causality and function | |
|
