Re: DOS and Macro Virus Discussion

• To: www-security@ns2.rutgers.edu
• Subject: Re: DOS and Macro Virus Discussion
• From: "John C. Pavao" <pavaojc@rixix.sod.eds.com>
• Date: Mon, 19 Aug 1996 11:31:32 -0700
• Organization: EDS Rhode Island Title XIX
• References: <1.5.4.32.19960818184635.00d0033c@iu.net>

Stephen Cobb wrote:

>    You make a convincing case. Although I have no hesitation criticizing
> Microsoft for what I perceive to be mistakes I also realize that the company
> would not be where it is today if other people had not made bigger mistakes.
> 
>    While I think it is fair to criticize Microsoft for not showing more
> leadership in the area of security, a finger must also be pointed at the
> corporate folks who failed to make security a priority in their software
> wish lists.

Yes, but managers run corporations, not sysadmins.  If sysadmins ran
corporations, I could see that argument.  Managers are thinking about
ease of use and results before security; results are their jobs. 
Managers think about security when something gets compromised.  (I'm not
criticizing managers, I'm just saying what I see.)  Managers see that
the WWW is a way to do all kinds of things that used to require
expensive applications.  They see $$$ being saved.  Managers have no
idea what ActiveX is and shouldn't have to.  What they do know is that
if I tell them they can't use the Web to do what they wanted to because
of security problems, I'm standing between them and $$$.  And I sure
don't like M$ putting me in that position.

John Pavao

(Opinions expressed are solely my own and are in no way to be connected
to my employer.)

• Re: DOS and Macro Virus Discussion
• From: Chris Garrigues <cwg@DeepEddy.Com>

• Re: DOS and Macro Virus Discussion
• From: Stephen Cobb <stephen@iu.net>

• Previous: RE: losers .. Auto remail on a Web server?? how do people get on this list?
• Next: Re: Intranet branch security
• Index(es):
  • Index
  • Thread