It's no more of a conflict of interest than it is for Symantec to sell
firewall products that protect Veritas backup software (which everyone knows
has had multiple, serious security issues).
t
----- Original Message -----
From: "Mark Litchfield" <Mark@xxxxxxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>; <vulnwatch@xxxxxxxxxxxxx>;
<full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Friday, March 16, 2007 3:10 PM
Subject: Your Opinion +
A common comment being made is that a Vendor who creates and sells and OS,
and then sells security applications to protect their OS is a conflict of
interest.
Consider the Anti-Trust law suits filed against MS by AOL regarding IE and
RealNetworks regarding Windows Media Player back in 2003, lets say for
discussion, MS now turn around and offer up their 'Security Applications'
for free. You know exactly what is going to happen.
(I believe the main issue with AOL and Real Networks was that IE and WMP
were bundled within the OS.)
I guess my point is, whilst I appreciate the common comment, what other
options are available to an OS vendor. Offer it up as a free download
(not bundled within the OS) allowing the end user to make the decision, or
to carry on charging for it ?
Another common theme has been, that the OS should be secure in the first
place. Again I agree with this, but as someone indicated developers
schedules are being dictated by their marketing departments with shipment
dates, so regardless of their intentions to code securely a vulnerability
is likely slip through.
With regard to third party security solutions outside of the OS vendor, in
reality how many new security issues does their software introduce to a
fully patched OS.
Cheers
Mark
