Re: Hotmail security vulnerability (viruses)

[Dan_Schrader () TRENDMICRO COM (Dan Schrader)]

Nick FitzGerald wrote:

> Now, what does this really say?  It seems that Start Internet (and
> its customers?) holds Hotmail responsible for the *content* of the
> Email Hotmail's customers send.  It also suggests that Star
> Internet's own Email scanning technology is far from adequate if
> Hotmail really was "the biggest source of macro viruses in their
> [Star's] business customers' networks".

The question isn't whether Hotmail can be held accountable for email
content.  The question is can Hotmail be held accountable for the quality of
a service that they offer as a way to promote their business.

If you provide virus scanning - you should make reasonable efforts to ensure
that the virus scanner works.  Hotmail obviously has known about this issue
for months - yet they have never warned users that the virus scanner will
not detect common viruses.  Hotmail should either withdraw the service or
replace it with one that works.  Continuing to provide a known seriously
flawed service is not acceptable.

No virus scanner can guarantee 100% detection of past, present and future
viruses (though a few vendors have tried:) - but the scanner employed by
Hotmail fails to detect dozens of in the wild viruses - including wide
spread and widely publicized ones such as Melissa and Freelink.

I know nothing about Star or its anti-virus service.  Taking shots at them,
however, is clearly shooting the messenger.  I'm no lawyer - but I feel that
Hotmail is both ethically and legally accountable for viruses that pass
undetected through their service - if they know that the service is
seriously flawed and fail to take basic steps to remedy it in a timely
manner.

Daniel Schrader
Trend Micro