Re: DOS and Macro Virus Discussion

• To: rshirey@bbn.com (Robert W. Shirey)
• Subject: Re: DOS and Macro Virus Discussion
• From: Stephen Cobb <stephen@iu.net>
• Date: Mon, 19 Aug 1996 09:53:50 -0400
• Cc: www-security@ns2.rutgers.edu

Is DOS and Macro Virus Discussion off topic?

To recap: Some of the "scary" things that can be done with Microsoft ActiveX
led to discussion of the role of Microsoft in computer security in general
(for example, should Microsoft be held responsible for the fact that viruses
can spread via DOS). This is a very interesting discussion in terms of "do
technology companies have a responsibility to lead/educate the market?" but
clearly peripheral to WWW security...

However, the extent to which Microsoft "does the right thing" is important
to WWW security in several ways:

1. Most users of the web, numerically speaking, use Microsoft products on
the client side.

2. Microsoft is gaining web server share by giving away its server (which,
like most large complex programs, has holes in it)

3. Attacks on web servers can be made via holes in the OS and in some cases
that OS is made by Microsoft (apparently some people are actually
establshing web servers on machines running Windows 95, the holes in which
are numerous, and Microsoft is not offering T-shirts to people who download
Win95 service pack 1, which fixes some, but not all, of the holes).

Maybe we should retitle the discussion "The extent to which the seucrity
posture of Microsoft impacts WWW security."

Of course, we could just move on to something else :-)

Respectfully...Stephen

"The best tool with which to defend information is information."

• Re: DOS and Macro Virus Discussion
• From: batie@aahz.jf.intel.com (Alan Batie)

• Previous: Re: ActiveX security hole reported.
• Next: RE: losers .. Auto remail on a Web server?? how do people get on this list?
• Index(es):
  • Index
  • Thread