Re: secure installation

It would be a great risk to a company TO offer a warranty, especially since most of us either:

1. don't read warranties anyway, so they (e.g. M$) can say whatever they want,
2. don't really care.

I happen to fix PC's for people for some cash on the side (being 17 and in the U.S. with our crappy child labor laws, I can't get a job doing it). 90% of the people I fix computers for are cases of viruses and/or trojans that teenage or slightly younger children have downloaded from some page listed on Google. License agreements on these things, where it has 4 pages+ of legal jargon (incomprehensible to most people), a simple button to "accept" (frequently the default button where your mouse goes) and some fine print near the bottom stating that "we can download anything we want onto your computer", effectively do nothing. How often does a windows user just click 'accept' without even knowing //what// they are accepting?

In windows, this happens because people will gladly shoot themselves in the foot and dump security out the window to keep convenience. It's why microsoft has remained so popular, and it's why Apple can't compete on Microsoft's grounds. The same would happen to Linux if we start producing binary-only applications and distributions.

This is why a firewall during the installation is a bad idea. It's obvious to anyone that crackers and other malicious individuals DO exist, and DO try to do things. But to an expert, the automatic firewall will be setup all wrong no matter how you set it up (and thus create work for them). To the beginner, it gets in the way, and they'll throw it out the window when it does (and thus defeat the purpose). A default firewall simply can't work, even if we had some way to implement it perfectly for all packages (without breaking any, which we undoubtedly would).

On Monday 20 August 2007 09:42, Jose Marrero wrote:
> I believe Microsoft software comes with NO WARRANTY as well.
> Hell, we should read the small print on all software...
>
> On Mon, August 20, 2007 8:18 am, Izak Burger wrote:
> > On 8/20/07, paddy@panici.net <paddy@panici.net> wrote:
> >> Software failures *are* in the worst cases life threatening, and
> >> everyday non-safety-critical systems can easily be a very serious
> >> nuisiance to other users.
> >
> > I propose we stick a label on: This software is not meant to be run in
> > life support systems.
> >
> > Oh wait, tis already there... Debian comes with ABSOLUTELY NO
> > WARRANTY, to the extent permitted by applicable law.
> >
> > Settled then?
> >
> > :-P
> >
> > regards,
> > Izak
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
>
> --
> -JM.
>
> &#x201c;Estos días azules y este sol de la infancia.&#x201c;(Antonio Machado-1939)

-- 
Sincerely,
Jack
jakykong@theanythingbox.com

My GPG Public Key can be found at:
https://www.theanythingbox.com/pgp.htm (top link is current)
I appreciate signatures, but if you only know me online,
please use the --lsign-key, not the --sign-key.
I appreciate trust -- but too much makes it less valuable.

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org