Dr. Frederick B. Cohen wrote:
I respectfully disagree. Netscape claims to be "secure" - hence it is Netscape's job to be secure - regardless of the user's use of their product. Otherwise, the ads should read:
"Netscape can be used securely by sufficiently knowledgeable users who have emasculated their postscript interpreters before using them to view files of unknown origin, and who have removed all other known, unknown, and/or undisclosed security holes from their systems. Otherwise, Netscape is insecure and should not be trusted."
Err... If software companies were to follow your line of logic, software boxes (all sorts of software) would become covered with fine print. As would ads for the software. Although I'm sure industry lawyers would welcome that, personally I think it would be quite sad.
The point is, Netscape CLAIMS to provide security - Miscrosoft doesn't.
A stupid example: I can replace copy on your machine so that it does a delete instead. Does that mean that the OS manufacturer has to warn a user about this?
On my machine, if you replace copy with delete, it will be detected before it does the delete, and, unless you are very skilled, when I tell it to copy, the corruption will be automatically corrected. This is because I use an "integrity shell" - something you guys at Netscape probably never heard of.
There's a point at which one has to hand off the assessment to the buyer.
The point I have been trying to make that many on this list seem to ignore again and again, is that Netscape makes the security claims. If you don't provide effective protection, don't make the claim. If you want to make the claim back it up with something other than media hype.
This is my own opinion and also that of anyone who agrees with me. I'm reading this group because it's very interesting for me personally. There.
All of our opinions are our own, and my opinion is that Netscape (not you) is: - making inadequately supported claims about a nebulous thing called "security". - using it as a basis to get people to invest millions (billions?) of dollars. - plans to use it to move millions, and eventually billions of dollars over the Internet, potentially placing a fair chunk of the world economy (I'm mot kidding) as well as individual privacy (and thus freedom) at risk. - may succeed unless people who do understand the implications find a way to fix the thing. These things concern me, so I will stand my ground regardless of the flames and ask, yet again, for someone at Netscape to tell us what you mean by "security" when you make claims about it (I won't repost my questions from a few days ago since you have already ignored them) and why your claims are strong enough for a big chunk of the world economy to rest on it. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236