J
Joh N.
I'd say a mixture of both, read on:
Judge: Court is now in session. Microsoft, you are charged with negligence and
incompetence. The prosecution will call its first witness.
Prosecution: We call Microsoft to the stand. Do you swear to tell the truth, the
whole truth, and nothing but the truth?
Microsoft: I'm sorry, you used a word in there that I don't completely
understand. Could you rephrase the question?
Prosecution: Never mind. Would you just please state your full name for the
benefit of the court?
Microsoft: You can call me Maynard G. Krebs.
Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I assume you are aware of
the so-called Blaster-B worm that exploits a remote procedure call in Windows
in order to cripple machines. Can you tell the court what happened?
Microsoft: The RPC gives customers the application compatibility they demand,
but the feature wasn't intended for use in a hostile environment like the
Internet. We were caught by surprise when we found out Windows XP customers
were connecting to the Internet. We have since cautioned customers against
doing this. We really can't be responsible if they use our technology
recklessly.
Prosecution: Given that you must have known some people would connect Windows XP
to the Internet, can you tell me why you made it so easy for a malicious coder
to exploit this RPC?
Microsoft: We are committed to the kind of innovation that gives the end user
the best possible computing experience. Now, this is an RPC - the operative
word being "remote," and we want the RPC to be as easy to locate and use as,
say, a television remote.
Prosecution: Are you aware of the fact that infected machines reboot every 10
minutes, which doesn't even give the user time to download the patch that fixes
the problem?
Microsoft: This is actually a brilliant part of our innovative
embrace-and-extend approach to reducing cost of ownership. IT administrators
tell us they need to reboot their Windows machines frequently to keep them
operational. So we responded by making it possible for a worm to force the
machine to reboot automatically on a regular basis, thus relieving
administrators from the costly job of having to reboot the machines manually.
You could say we embraced and extended Blaster-B, which we now call
ActiveReboot. The fact that users can't access the patch in 10 minutes is
deliberate on our part, since it prevents users from installing a patch that
would break ActiveReboot. We always try to stay one step ahead of customer
needs and protect them from themselves.
Prosecution: [sarcastically] Have you also embraced and extended the Sobig
e-mail Trojan horse?
Microsoft: As a matter of fact, we've taken Sobig and produced two new products
from the code. The first, SoFirm, is a privacy-enhancing feature that uses your
address book to make outgoing messages appear to others as if they were sent
from someone other than yourself.
Our next product, SoFullyPacked, packs your in-box with thousands of copies of
the latest version to make it convenient to apply updates whenever they're
released. In fact, we use ActiveTrojan technology to make installation and
updates so easy that it's almost automatic, which is another way to reduce cost
of ownership.
Prosecution: Speaking of cost of ownership, is it true that your own company
employs 3,000 administrators for 7,000 servers worldwide? That's one person for
every 2.3 servers, isn't it?
Microsoft: Yes, and we're proud of this, since we know that with every server we
sell, we're doing our part to reduce unemployment. We like to think of it as
"what's good for Microsoft is good for America."
Prosecution: That's admirable, but how can you calculate a low total cost of
ownership for Windows with one administrator for every 2.3 servers?
Microsoft: Well, I'm not an accountant, but I think it has something to do with
outsourcing. I can call the India office where we did the study and get a copy
for you. . . . You look like you are getting a headache, Mr. Prosecutor.
Perhaps you'd like to rest your case?
***
Nicholas Petreley is a consultant and author in Kansas City, Mo., and founding
editor of VarLinux.org. He can be reached at (e-mail address removed).
Enjoy,
Joh N.
Judge: Court is now in session. Microsoft, you are charged with negligence and
incompetence. The prosecution will call its first witness.
Prosecution: We call Microsoft to the stand. Do you swear to tell the truth, the
whole truth, and nothing but the truth?
Microsoft: I'm sorry, you used a word in there that I don't completely
understand. Could you rephrase the question?
Prosecution: Never mind. Would you just please state your full name for the
benefit of the court?
Microsoft: You can call me Maynard G. Krebs.
Prosecution: Look, Mr. Krebs, er, I mean, Microsoft, I assume you are aware of
the so-called Blaster-B worm that exploits a remote procedure call in Windows
in order to cripple machines. Can you tell the court what happened?
Microsoft: The RPC gives customers the application compatibility they demand,
but the feature wasn't intended for use in a hostile environment like the
Internet. We were caught by surprise when we found out Windows XP customers
were connecting to the Internet. We have since cautioned customers against
doing this. We really can't be responsible if they use our technology
recklessly.
Prosecution: Given that you must have known some people would connect Windows XP
to the Internet, can you tell me why you made it so easy for a malicious coder
to exploit this RPC?
Microsoft: We are committed to the kind of innovation that gives the end user
the best possible computing experience. Now, this is an RPC - the operative
word being "remote," and we want the RPC to be as easy to locate and use as,
say, a television remote.
Prosecution: Are you aware of the fact that infected machines reboot every 10
minutes, which doesn't even give the user time to download the patch that fixes
the problem?
Microsoft: This is actually a brilliant part of our innovative
embrace-and-extend approach to reducing cost of ownership. IT administrators
tell us they need to reboot their Windows machines frequently to keep them
operational. So we responded by making it possible for a worm to force the
machine to reboot automatically on a regular basis, thus relieving
administrators from the costly job of having to reboot the machines manually.
You could say we embraced and extended Blaster-B, which we now call
ActiveReboot. The fact that users can't access the patch in 10 minutes is
deliberate on our part, since it prevents users from installing a patch that
would break ActiveReboot. We always try to stay one step ahead of customer
needs and protect them from themselves.
Prosecution: [sarcastically] Have you also embraced and extended the Sobig
e-mail Trojan horse?
Microsoft: As a matter of fact, we've taken Sobig and produced two new products
from the code. The first, SoFirm, is a privacy-enhancing feature that uses your
address book to make outgoing messages appear to others as if they were sent
from someone other than yourself.
Our next product, SoFullyPacked, packs your in-box with thousands of copies of
the latest version to make it convenient to apply updates whenever they're
released. In fact, we use ActiveTrojan technology to make installation and
updates so easy that it's almost automatic, which is another way to reduce cost
of ownership.
Prosecution: Speaking of cost of ownership, is it true that your own company
employs 3,000 administrators for 7,000 servers worldwide? That's one person for
every 2.3 servers, isn't it?
Microsoft: Yes, and we're proud of this, since we know that with every server we
sell, we're doing our part to reduce unemployment. We like to think of it as
"what's good for Microsoft is good for America."
Prosecution: That's admirable, but how can you calculate a low total cost of
ownership for Windows with one administrator for every 2.3 servers?
Microsoft: Well, I'm not an accountant, but I think it has something to do with
outsourcing. I can call the India office where we did the study and get a copy
for you. . . . You look like you are getting a headache, Mr. Prosecutor.
Perhaps you'd like to rest your case?
***
Nicholas Petreley is a consultant and author in Kansas City, Mo., and founding
editor of VarLinux.org. He can be reached at (e-mail address removed).
Enjoy,
Joh N.