[Mimedefang] Viruses: Bounce or Discard?

Mon Sep 29 16:16:00 EDT 2003

The general history of litigation goes something like this:

Company makes product and sells it without warranty. Product has major
flaws but no one (important) really cares as it makes things better.

Product takes a larger market share, and more people start caring about
the problem.

Middlemen try to charge for the time/space/etc that the problem is
taking on their companies lives towards their customers and get pushback
from the customers. [Well I think sometimes it suceeds.]

Either the customers or the middle agencies ask for insurance against
the problem occuring as it is costing them time. Insurance companies
make estimates etc etc and then issue policies at big prices.

Customers start yelling at original manufacturer that their insurance is
going up because of faulty product. OM says 'too bad.. not our problem.'
and then gets sued by Middlemen and Customers to cover the rising
insurance rates. OM usually finds its own insurance rates going up or
that it can no longer get bonds/insurance because of poor ratings.

OM fixes problems after government legislation, court cases, no
insurance, and bad bond ratings.

I think in the manufacturing world this is a 20 year cycle from when a
product becomes ubiquitous to when it is fixed. Lets hope computers take
less time.

In the end, insurance companies have the final say in getting faulty
products off the markets. When companies can't afford their various
insurances because they run bad software.. then we will see changes.

On Mon, 2003-09-29 at 13:44, Ben Kamen wrote:
> Well - hmmm... so I would blame my mom/dad and charge her/him $0.10 for 
> every virus they send out because some script-kiddie wrote malware on a 
> platform from a company that's known for thumbing up their nose at the 
> concept of security.
> 
> Too bad we can't charge back M$ with the problem in terms of wasted 
> bandwidth. I think if we were fair and charged it per byte against the 
> charge for a line's given monthly bandwidth, it would add up to some 
> real party money.
> 
> As for poor Dan Geer... that boy needs a job! And something does need to 
> be done about licensing schemes from software companies.
> 
> I'm not one to say that people don't make misteaks (grin)... but I think 
> M$ abuses the priveledge as so many critics have said.
> 
> But blaming the user for using an OS they almost "have" to... that's 
> tough. There is a responsible party.. I just don't think it's the end user.
> 
>   -Ben
> 
> David F. Skoll wrote:
> 
> > On Mon, 29 Sep 2003, Jeremy Mates wrote:
> > 
> > 
> >>The ISP dutifully bounces the malware at the forged sender,
> >>
> > 
> > I used to advocate bouncing viruses, but now I've crossed over to
> > the "discard" viewpoint.
> > 
> > However, my absolutely preferred way to handle viruses would be:
> > 
> > 1) Do a WHOIS lookup on the sending relay's IP address
> > 
> > 2) Send a complaint to the contact point for the netblock containing the
> > relay.  (Unfortunately, doing this properly is difficult and time-consuming.)
> > 
> > This would p*ss off ISP's, which would cause them to get tough with
> > users who propagate viruses.  I believe that ISP's should write into
> > their terms of service that users will be liable for 10 cents for each
> > and every virus transmission from their machine.  This isn't
> > censorship; it's merely charging different rates for different
> > "classes" of e-mail.  It also pushes the true cost of viruses onto
> > those responsible (people who run M$ software in spite of warnings
> > from the likes of Dan Geer and Bruce Schneier.)
> > 
> 
> 
> 
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
-- 
Stephen John Smoogen		smoogen at lanl.gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --