--On 31. juli 2001 09:41 -0700 Ian King <[EMAIL PROTECTED]> wrote:
> The "folks who caused it" are the sociopaths who would rather use their
> not inconsiderable technical skills to hurt other people. I'm not aware
> of any software that comes out of the box with a "launch nasty virus"
> option; irresponsible people seek out and exploit weaknesses that are
> unfortunately present in any non-trivial software product. (Sendmail,
> as a relevant example, has had its share of security issues over the
> years; having been around for a long time in substantially the same
> form, many of its problems have been discovered and patched.)
I must agree with your point, but not with your conclusion.
I had the joy of reading the source of the original Melissa virus with some
experienced Windows programmers; what caused us all to fall over laughing
was that we never realized there were so MANY ways to embed yourself in a
Windows system without the need for any privilleges. But they were
DOCUMENTED FEATURES of the platform, not bugs; until the Melissa virus came
along, we simply hadn't thought of applying them in that particular way.
Sendmail's buffer overflows were bugs. (OK, the WIZ command wasn't.)
Windows' any-user-writable registry was intended as a feature, and the
functions to which these keys were put were intended as features.
> DISCLAIMER: Yes, I work for Microsoft. No, I'm not speaking on behalf
> of Microsoft, only myself. So there.
A good starting point for a debate.
