> From: "Geo." 
> "Adam Flinton"  wrote in message
> news:909262.514049{at}harborwebs.com...
>> Ah right so....if MS includes other s/w then heck it's a
"distribution" &
> it's
>> part of Windows as much as say GAIM "is part of Linux"?
> Yes of course, for example if someone found a way to exploit the defrag or
> backup utilities in W2K I would consider that a W2K security issue and
> expect a patch from MS.

Ah right so if the EU makes MS bundle Real Player etc along with windows
then Real Player etc will be part of Windows? How about Mozilla? Or maybe
they might say that MS messenger is squeezing out other IM clients such
that AOL IM, GAIM etc must also be on the CD. Would then the 0.75 GAIM vuln
be a windows vuln?

>> Neither the commission nor Microsoft would comment yesterday, but
> Microsoft
>> believes providing CDs with rival programs could also help resolve other
>> pending allegations of bundling and avoid future litigation.
> Tough question. I would view a free AOL CD provided in the box with Windows
> as an AOL responsibility, mostly because it's obviously an AOL product being
> included.

You can't have it both ways Geo. Either the backup & defrag stuff is
3'rd party along with AOL IM, Real etc or the backup/defrag/Extra competing
3'rd party products are all part of the windows distrib.


> It's not an MS specific version of AOL like in your Dell bundling
> example where they had their own distribution that is restored by their
> restore CD's.

So? Mandrake includes a "non free apps" CD (CD3) where non free =
not OSS (some are to pay for & some are free in a monetary sense).

GAIM is a 3'rd party bundled app on (quite possibly) "CD2" where
nothing on CD2 is vital to runnig Mandrake (as that's all on CD 1).

> HOWEVER, if MS were to include AOL on the windows CD, so that a reinstall of
> windows would place an old version of AOL back on a computer requiring it to
> be patched then I would view that as part of the MS distribution and I would
> consider that product defective and requiring patches.

& If it turned out that say GAIM was on an "optional"
"CD2" for say both
Mandrake & RH? i.e. "in order to install GAIM please put CD2 in
the cd drive now" sort of thing.

> This is why I didn't like your Dell example, in that you have a restore CD
> from dell so you are forced to reinstall from a dell distribution, but if at
> the same time Gateway provided the exact same components but with an Office
> CD from MS and a Photoshop CD from adobe as opposed to a Gateway
> distribution then I wouldn't hold Gateway responsible for providing patches.
> Do you see the logic I'm using to determine these things yet? I'm not having
> any trouble figuring out who I would hold responsible for providing patches
> but I am having trouble explaining how I make that determination.
> Geo.

Yes & no. Part of the reason is this:

Imagine where 

CD1 = the OS. Everything you need to get the OS up but no bundled apps. CD2
= the bundled apps (inc GAIM etc).

OK?

Now think that the dist might come as a couple of CD'es or a single DVD.
Does moving to a single DVD thus alter the entire picture?

So what happens if Dell gets MS to allow it to shove WinXp, Office, WinDVD,
Dell utilities etc.etc.etc. onto a single DVD so as to cut costs. Is MS
then responsible for all the other apps? Are all the other apps now
"Windows vulns" because they're on the same disk as windows?

Adam



--- BBBS/NT v4.01 Flag-5