Date: 06 Mar 1997 07:20 EST
From: "Christopher Rath" <crath@nortel.ca>
Subject: Another view of what Bob Atkinson said on Authenticode (RISKS-18.85)

If I may be so bold as to re-state Bob Atkinson's arguments, here is
my understanding of what he wrote:

    Since the earliest days of the down-loading of software from BBSes,
    most users have typically down-loaded software just because it is
    there and they want to run it.  Users have not refrained from
    down-loading and executing software because of security concerns.

    Therefore, given that most users simply want to down-load and run
    whatever choice software offerings they encounter, Microsoft has
    endeavoured to make this process as transparent and unencumbered as
    possible.

In my view, Microsoft had two possible avenues of development and marketing
to choose from, as they developed their browser: 1) to move the security
benchmark forward, as Java has done, or 2) to leave it where it is, or even
allow it to slip a bit, in order to garner market share and further control
of network-based software interests.  Is it, then, any wonder that they
chose the latter!

The issues surrounding the consumer demand that Microsoft is responding to
are the same issues which surround many other activities in society.  To
state this another way, there are many pursuits which have risks associated
with them, and large numbers of people choose, every year, to
rationalize-away those potential risks; smoking, promiscuity, obesity, and
many other socially acceptable behaviours are all examples of the same
phenomena we see manifesting itself in the view Bob Atkinson propones.

Christopher Rath, Northern Telecom Ltd., Box 3511, Station `C', Ottawa, 
ONTARIO K1Y 4H7 CANADA crath@nortel.ca  (613) 765-3141  FAX: (613) 763-4101