Bugtraq mailing list archives
Re: Hotmail security vulnerability (viruses)
From: Dan_Schrader () TRENDMICRO COM (Dan Schrader)
Date: Tue, 26 Oct 1999 16:08:47 -0700
Nick FitzGerald wrote:
Now, what does this really say? It seems that Start Internet (and its customers?) holds Hotmail responsible for the *content* of the Email Hotmail's customers send. It also suggests that Star Internet's own Email scanning technology is far from adequate if Hotmail really was "the biggest source of macro viruses in their [Star's] business customers' networks".
The question isn't whether Hotmail can be held accountable for email content. The question is can Hotmail be held accountable for the quality of a service that they offer as a way to promote their business. If you provide virus scanning - you should make reasonable efforts to ensure that the virus scanner works. Hotmail obviously has known about this issue for months - yet they have never warned users that the virus scanner will not detect common viruses. Hotmail should either withdraw the service or replace it with one that works. Continuing to provide a known seriously flawed service is not acceptable. No virus scanner can guarantee 100% detection of past, present and future viruses (though a few vendors have tried:) - but the scanner employed by Hotmail fails to detect dozens of in the wild viruses - including wide spread and widely publicized ones such as Melissa and Freelink. I know nothing about Star or its anti-virus service. Taking shots at them, however, is clearly shooting the messenger. I'm no lawyer - but I feel that Hotmail is both ethically and legally accountable for viruses that pass undetected through their service - if they know that the service is seriously flawed and fail to take basic steps to remedy it in a timely manner. Daniel Schrader Trend Micro
Current thread:
- Re: Hotmail security vulnerability (viruses) Thejian (Oct 22)
- Re: Hotmail security vulnerability (viruses) Nick FitzGerald (Oct 25)
- predictable ip->id patch antirez (Oct 26)
- <Possible follow-ups>
- Re: Hotmail security vulnerability (viruses) Sweeney, Patrick (Oct 26)
- Re: Hotmail security vulnerability (viruses) Dan Schrader (Oct 26)
- Re: Hotmail security vulnerability (viruses) Elias Levy (Oct 27)