The argument being made isn't that people should get hacked, so this should be released. The argument being made is that by withholding this information corporate complacency will allow whoever is ALREADY using this exploit to continue to do so (as it has for the past 8 months). Your argument falls down from the point of view that releasing the information will force the company to promptly issue a fix for the vulnerability. In fact, your point of view is only valid if the company cannot or will not patch the exploit. Security through obscurity is a joke, plain and simple, trying to strengthen security via ARTIFICIAL obscurity is just plain desperate. If you really care about your accounts, push for fixes not whitewashes.

So, I say, for the sake of protecting the customer, this should be released.

Well, yeah, sometimes. You'll NEVER engineer perfection, but you can do your best to make the ease-of-use / ease-of-misuse comparison as unbalanced as possible.

There isn't a PERFECT solution to any social problem, but much like requiring keys for cars, there are steps you can take to mitigate the issue, maybe not to nonexistence, but it's better than nothing. Imagine being able to tell the stereotypical PC-ignorant grandmother that she can click on whatever she wants to out there in the web, but to never touch that switch without instructions from you (or your patch-Tuesday checking robomailer). It wouldn't be perfect, there would still be viruses, but I'd be willing to bet that we also wouldn't have botnets competing for "world's biggest supercomputer" status.

You can't see a way to make flipping a hardware switch feasible, just because it's a home PC? Not even by putting the toggle within reach of the user behind a little door or something? C'mon, think!

*raises hand*

I'm a 6 digit UID with an old 5 digit UID floating around somewhere, in the 40ks IIRC, back from when I used to live in Ypsilanti. Some theme on The Reaper (my BBS handle back in the day) or Mister Grimm or something like that... good times, good times.

Then those people should read the source, or ask/hire someone they DO trust to do it for them.

Linux isn't GOOD by nature. It's not BAD either.

It's like The Force, you see. All around us, binding our processes behind the scenes in ways it takes an enlightened eye to perceive. There is always Linux prodding along the information swirls and eddies that make up our modern lives, unconcerned with the nature or usage of said information.

Windows is like The Force too, except I've never heard a Windows acolyte preach any path other than the quicker, easier, more seductive one...

Presumably by the tech flipping a hardware rw/ro switch on the drive after proper isolation conditions are met.

Yes it's a pain, but much like dentistry it's a preventative pain that spreads a small controlled annoyance over a planned schedule as opposed to a big problem cropping up all at once unexpectedly (and usually at the worst possible time).

Hey kid, check out how well DRM does it's job and then come back and let us know new job you want to grow up and make money doing some day.

And seriously now, just because YOU hope to make money doing something some day none of us are obligated to change our lives in any way to accommodate you. Come to think of it, with the "okay, you exercised your rights, now face my wrath!" attitude you ARE going into the right profession... Look into record company exec and movie producer too.

Now you're just shilling, and you're doing it with that "edgy" attitude that indicates you watched too much powerpuffgirls as a child.

It's cool, I won't get in the way of your little crusade to take on facts while wielding your mighty ability to use the word fail as a noun. You can make up all the personal anecdotes you'd like about your uber-cheap uber-skillful programming, I'm just going to wander back over into the real world, where the malware problem is almost exclusively a Windows issue.

Have fun with your "more productive" tools, and if you keep sprinkling that mixture of fairydust and powdered unicorn-horn your Windows installations will be secure forever.

You do realize that you come off sounding like a guy in a pedobear suit when you say it like that, right?

I'm very curious as to whether that shop you mentioned fits within Microsoft's "TCO" calculations. I'd be willing to be that the company you're talking about goes far above and beyond what Microsoft says an outfit of that size and function should cost. Yes, it is possible to secure a Windows working environment, but as soon as you do you start to find that the other arguments Microsoft relies upon begin falling down. As soon as you start to build effective security your system starts to get harder to maintain compatibility, it starts to get more expensive to hire/train staff, and it starts being less user friendly.

This is just my personal experience matched up to yours, and it's worth just as much (nearly nothing). You want to know the real truth of the matter? Step the anecdotes back for a second and look at things more generally. HOW much is spent per year by businesses in general (not your pet data point) cleaning up malware? HOW much business is lost before it can be cleaned up properly? These numbers are so obnoxiously larger than the 0 you're subtly suggesting that I find the "IQ of a sponge" comment amusingly ironic.

I'm sorry, but the savings you get from hiring inexpensive (read: incompetent) staff is being reflected in Microsoft's TCO calculations (represented by charging more for *nix admins). If you want to ignore the costs of malware, you're going to have to REDUCE the costs of malware, and that's going to increase the cost of staff, as they will need to be better trained, and thus, more expensive.

Your arguments come across to me as someone who wants to do something they know has a significant chance of failing, but only count the successes when someone asks how well that something works. Malware is a real cost, and by that I mean costs real money. All the foot stomping in the world isn't going to pay these real costs, so counting how much it's going to cost (or at least estimating on past experiences) when planning your budget is the only rational way to do things. You might get away with proclaiming that malware costs just don't count in some Marketing department some where, but if you went to Accounting with that same line, they'd point and laugh at you.

Oh, c'mon. Zombies would not be nearly as ubiquitous in modern culture without MJ's groundbreaking documentary on the subject.

Posting to undo accidental redundant mod...

A first post that expresses an opinion other than letting us know the temperature of some urine, and I go and hit redundant of all things. Sorry.