Andrew Plato wrote: >>My parents would be shocked to discover that you think the 31 >>unpatched vulnerabilities in internet explorer are THEIR fault: >> http://xev.us/dg (google cache of PivX's list, which seems to be >> down at the moment.) >> >> >I don't think users are responsible for the vulnerabilities, they're >responsible for their machines. > >How about an analogy: You walk into a public space with a radio that is >softly playing music and not bothering anybody. The radio malfunctions > A similar analogy that is actually in the law: it is actually an offense (or so I'm told) to leave your car in the street with the keys in it. The rationale is that it invites thieves to steal the car, consuming police resource to chase them, and potentially allowing the thieves to commit other offenses using the stolen car. Cops on the list can correct me if it is mis-information that leaving your car vulnerable like that is an offense. >Hence, the logical way to resolve the "monoculture risk" is: > The relationship between responsable machine ownership and the monoculture risk is strained. Automobiles are a monoculture: thieves can pretty much steal them all the same way. But cars are not internetworked: you cannot write a worm (yet) that will simultaneously infect 5 million cars and cause all of them to halt in the middle of traffic and start honking. So the threat of monoculture combined with the threat of common irresponsible machine ownership is much, much worse in an internetworked environment. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
This archive was generated by hypermail 2b30 : Sun Oct 12 2003 - 22:35:51 PDT