Home page logo

interesting-people logo Interesting People mailing list archives

IP: two more Re: Another take on Microsoft-specific worms from Poor Richard
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 29 May 2000 12:13:54 -0400

Date: Mon, 29 May 2000 10:00:26 -0600
From: Gerald Shifrin <gerald.shifrin () wcom com>
Subject: RE: Re: Another take on Microsoft-specific worms from Poor Richard
To: farber () cis upenn edu
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal

Just one brief comment on this --
As an ordinary non-attorney consumer of computer products, I seems
reasonable to me to expect that my software should ask permission before
sending email to everyone in my address book or performing a mass deletion
or modification of my files. If vendors like Microsoft allow or assist
unsolicited foreign email to perform these acts, they they are, at least in
my mind, guilty of gross negilgence.

Date: Mon, 29 May 2000 12:06:16 -0400
To: farber () cis upenn edu, Gene Spafford <spaf () cerias purdue edu>
From: "David P. Reed" <dpreed () reed com>

To further agree with Gene's point about tobacco and "what consumers 
want", let me suggest that at any one point the market offers only a tiny 
subset of what is possible to create for consumers.  Mere selection cannot 
create possibilities that are not developed or invented.  Monopolies 
distort the creation of selections - in particular in systems' properties 
like security.

Because of its installed base dominance, Microsoft's primary drive for 
innovation comes from a need to motivate an orderly "upgrade" revenue 
stream, while at the same time blocking competitors from entering the 
market to take that revenue away.  That means innovations will be small, 
incremental, and extremely easy for customers to adopt.

A new architecture that would be more secure would create interoperability 
problems with prior generations of Microsoft's mail program - thus 
threatening to open the market to competitors by creating a "disruption 
umbrella" because customers see several equally disruptive alternatives to 
getting what they need.  For example, an email competitor like Eudora 
could participate in a new, more secure environment based on end-to-end 
cryptographic authentication of the source of attachments along with a 
Kerberos-based system of authentication - if Microsoft's directory 
services architecture required a similarly disruptive infrastructure 
change.  But if Microsoft can damp down the change rate in its own 
installed base by a series of very small steps, then there will never be 
an opportunity for the Eudora solution to achieve critical mass needed for 

In this completely market-driven scenario, even though customers really 
want security, they will get it only slowly and under control of the 
dominant player.

Thus, to let the market do its work of selecting among alternatives, we 
probably need to look for disruptions that create an umbrella of change 
to  enable those alternatives, such as breaking the business linkage 
between application and infrastructure a la the proposed MS breakup.
- David
WWW Page: http://www.reed.com/dpr.html

  By Date           By Thread  

Current thread:
  • IP: two more Re: Another take on Microsoft-specific worms from Poor Richard Dave Farber (May 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]