On Mon, Aug 13, 2001 at 10:30:14AM -0400, Trei, Peter wrote:
If MS ever decided that they were losing money due to poor security, they would get good at it, fast. How many fewer copies of WinXP will they sell due to Code Red I, II, and III? Not many. A few (a very few) sysadmins may decide to go with Apache instead of IIS. It's not like many home or corporate users are going to switch to Linux purely due to security issues.
Especially with the press constantly telling them "Linux is hard". Most people know that MS software is buggy and inecure. But they think that it is normal to have to reboot your computer daily and to get infected with worms through your email. After all, it's the same for all their friends and co-workers, how can they even know to expect anything else? Almost all the press tells them that MS is the only way to go and that anything else is wierd and hard to run. The unreliability and security holes are just a burden to be borne... it's remarkable how much people can tolerate if it's done to them gradually.
I'm aware of exactly two datapoints - Skipjack (which wasn't good enough that anyone wanted to use it), and the recent 'dual counter mode' snafu. That's not enough to draw broad conclusions.
SHA-2? Still not enough to draw conclusions. Eric