Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Code patches and maintenance contracts 1

Status
Not open for further replies.
sleipnir214

sleipnir214

Programmer
May 6, 2002
15,350
0
0
US
The "Witty" worm, which targeted the RealSecure and BlackIce products of Internet Security Systems (ISS), hit two days after vulnerabilities were reported. The "Witty" worm is a destructive worm which writes bytes in random locations of an infected computer's hard-drive, eventually trashing the system. Around 12,000 computers were affected by this worm last week.

ISS only provided patches to those customers which had purchased maintenance agreements (
What are the ethical responsibilities a software company has to fix bugs found in the software it publishes?

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Sort by date Sort by votes
Ah - and that was a marvellous irony. All these MS critics kicked up a fuss about how insecure Outlook was in the wake of...um...<fx: googles to check which virus it was>...LoveLetter; MS reacted by providing the patch to address that criticism. And then lo and behold if all the critics (yes, many of the same ones) started complaining that the patch stopped them using Outlook the way they wanted to...

 
Upvote 0 Downvote
Dimandja

KnowledgeBase does me proud on most occasions, although I sometime have to use EventID.net or TT for assistance, depending on the problem.
With OSL licencing, you get free telephone support for Windows and Office as well.

Also, I can't say I've had any problems with patches screwing up software. Then again, the software I used is either signed by MS or has come from a vendor like Sage where its throughly tested before hand.

Maybe its just me, but I really haven't got any issues with MS support.

But this isn't about MS, its about support in general; and I agree with the general issue - bloody scandelous. (Feel free to correct my spelling!)

Saying that, its the same with most cars. When was the last time you purchased a 2nd hand car (or even new) and got free serving or breakdown assistance on it?!

Steve.
 
Upvote 0 Downvote
Really this is an issue of not getting what you did not pay for. I don't see how you can complain about a costing model that you accepted.

1. It does no more harm to the software makers, shouldn't cost much to allow all users of the product to download the patch.
Click to expand...

It cost them the maintenance contracts that they could have gotten and maybe even the ones they have. To me a company that breaks out the maintenance contracts is providing a better costing model in some cases.

Say I'm using product x in a internal network that has been deem no risk to hacking and I know that product x does what I need it to do. I also know that 90% of the patches for said product where security patches and the remaining 10% of the patches are issues that do not effect my site. I have the option to purchase the product with and without maintenance contracts. Why would I want to pay for maintenance that my employees have deemed unneeded for our situation? If you force these companies to include the maintenance it doesn't disappear. It goes into the purchase price of the product. Thus I'd be, once agian, paying for something that I don't need and under the old costing model I would not have to pay for.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
SemperFiDownUnda makes an excellent point. It may be better to have the option of not carrying maintenance to save money than to pay the maintenance as part of the purchase price. With maintenance contracts you have a choice.
 
Upvote 0 Downvote
I still see the product as being defective. It would be one thing if a certain combination of clicks made it crash, or if it had a small memory leak.

And basically what I was saying is if the company is going to spend the money to fix it, they are not saving money by only allowing their contractual customers to download.
 
Upvote 0 Downvote
And basically what I was saying is if the company is going to spend the money to fix it, they are not saving money by only allowing their contractual customers to download.
Click to expand...

If they didn't spend the money to fix a known issue then they would certainly have liability issues. However if they were to give the patch to those who had no service contract then they would be doing a disservice to those who had invested in purchasing a service agreement.



&quot;Shoot Me! Shoot Me NOW!!!&quot;
- Daffy Duck
 
Upvote 0 Downvote
You may be right, MDXer. I was under the impression that the service agreement would have been for technical support, and known maintenance, not to fix major security flaws.

Basically, if someone purchases a product and a service agreement (that is used to fix major security flaws), then I wouldn't want the product. I don't want to pay extra just in case the manufacturer discovered he introduced new security risks to my network. I want to pay extra in case I mess up the product, or need technical support, or want new features and upgrades as they are added.

Unlike virus protection, the article does not mention that these products (I don't think I've ever used them, forgive my ignorance if need be) are subscription-based to to scan for flaws already existant in systems. The article lead me to believe that the products themselves caused a security threat.

It is similar to buying a special type of air cleaner for your car that promises longer engine life. You can pay more to have it cleaned or replaced at not charge. But you find out that metal compenents regularly break off and fall into your carburetor. You shouldn't have to be a contractual customer so you can get assurance that the air cleaner won't mess up your engine.
 
Upvote 0 Downvote
RiverGuy,

A bit of further reading revealed that the witty worm is was not introduced by the ISS software but rather, a worm that exploited a security hole in the ISS software. The following article also points out that simply blocking a UDP port can also prevent the virus, making the patch although desirable not a a necessary.


&quot;Shoot Me! Shoot Me NOW!!!&quot;
- Daffy Duck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RojGebriel
  • Locked
  • Question
IT business owners and IT Supports, need your help
Replies
0
Views
91
RojGebriel
RojGebriel
johnherman
  • Locked
  • Question
FBI wants to know your make-up: both DNA and appearance
Replies
0
Views
88
johnherman
johnherman
johnherman
  • Locked
  • News
US Government still running Windows 3.1, XP, and other obsolete stuff
Replies
0
Views
96
johnherman
johnherman
TN94z
  • Locked
  • Question
Starting a small key/pbx installation maintenance business....questions
Replies
0
Views
36
TN94z
TN94z
sircles
  • Locked
  • Question
New customers in the UK and worldwide
Replies
1
Views
51
Welshbird
Welshbird

Part and Inventory Search

Sponsor

Back
Top