Re: Your Opinion +

["Thor (Hammer of God)" <thor () hammerofgod com>]

It's no more of a conflict of interest than it is for Symantec to sell 
firewall products that protect Veritas backup software (which everyone knows 
has had multiple, serious security issues).

t


----- Original Message ----- 
From: "Mark Litchfield" <Mark () ngssoftware com>
To: <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org>; 
<full-disclosure () lists netsys com>
Sent: Friday, March 16, 2007 3:10 PM
Subject: Your Opinion +


> A common comment being made is that a Vendor who creates and sells and OS, 
> and then sells security applications to protect their OS is a conflict of 
> interest.
>
> Consider the Anti-Trust law suits filed against MS by AOL regarding IE and 
> RealNetworks regarding Windows Media Player back in 2003, lets say for 
> discussion, MS now turn around and offer up their 'Security Applications' 
> for free.  You know exactly what is going to happen.
>
> (I believe the main issue with AOL and Real Networks was that IE and WMP 
> were bundled within the OS.)
>
> I guess my point is, whilst I appreciate the common comment, what other 
> options are available to an OS vendor.  Offer it up as a free download 
> (not bundled within the OS) allowing the end user to make the decision, or 
> to carry on charging for it ?
>
> Another common theme has been, that the OS should be secure in the first 
> place.  Again I agree with this, but as someone indicated developers 
> schedules are being dictated by their marketing departments with shipment 
> dates, so regardless of their intentions to code securely a vulnerability 
> is likely slip through.
>
> With regard to third party security solutions outside of the OS vendor, in 
> reality how many new security issues does their software introduce to a 
> fully patched OS.
>
> Cheers
>
> Mark