Why security must be available to everybody (better if it is for free as Comodo)

A recent new made me think about the Comodo’s policy of delivering security for free.
What does Melih think about that?

i couldn't make new topic at section "off topic" so i post it here

For the drop of a Spanair plane of two years ago seems to have played an important role Trojan had infected a server of the airline. This refers to an article in the Spanish newspaper ‘El Pais’ which cites an internal document of the company.

The lawyers of the victims asked the court to order the Spanair to disclose all information about the state of the computer systems of the day of the crash.

The computer seems to be related to the incident located in Palma de Mallorca. That was entrusted with the task to examine numerous information security systems of the airplane. And beating the system alarm if at least three sensors discovered a similar problem.

The warnings were never on the day of the crash, including a technical problem in the system has made possible the activation. And the problem was associated with impairment of the central computer by a Trojan. If the computer has been running since probably the plane crash might not have ever happened.

The plane had crashed in the ground shortly after takeoff from the Madrid airport, killing 154 of the 172 passengers.

source= http://tro-ma-ktiko.blogspot.com (the best blog at greece)

Source: That's really sad :(
Also: News and Advice on the World's Latest Innovations | ZDNET

Without having Melihs reply here, I think he would be ready to offer security to any airplane industry complex asking for it (if the software was up for it). Maby even for free.

But the question is, would it matter if it was for free or not? I think not. For many home users 49$ a year may be a “notable” investment that would rip a hole in an otherwise very tight budget. And comodo is offering security to those that can’t afford it else is great, and of hughe benifit to all. But comodo need some sort of investment to pay off all the coders (and other people) who got a rent to pay.

Without knowing the excact cost, but paying some money to secure a hughe investment - as planes really is. Not to talk about the trust that the air industry is currently fighting with all people afraid to flight. Do you really think “money” was the reason the virus got there? They were probably running some special designed setup (from M$?), that probably wouldn’t even support CIS.

But just like Nasa, it “can” get hacked. If CIS would provide better security and be the better pick is a question worth asking. But to be honest as much as I like CIS, I wouldn’t like to know that the airplane I’m flying with is using it for its security. For instance: what could the “100%CPU usage bug” have meant for a critical system like that? It would probably result in a system crash, the same with the corrupt databases that has been released throughtout the history of CIS. CIS don’t belong in a critical system like that. Its not designed or tested enought to be running in that sort of enviorment.

At the day speaking, the investigation is not closed, and no one can take as certitudes the propsective arguments of attorneys concerning what happened on the said flight.

Happily enough, the server computer of whatever company does not pilot planes, but only records flying parameters and feedbacks the ones found to be not correct (including, yes, real-time failures, but planes also have onboard standalone computers…and pilots).
We only know that precedent failures of the said aircraft were delayed 24 hours before being entered in the server’s database (http://translate.googleusercontent.com/translate_c?hl=en&ie=UTF-8&sl=es&tl=en&u=http://www.elpais.com/articulo/espana/Spanair/tardaba/24/horas/anotar/ordenador/fallos/aviones/elpepiesp/20100511elpepinac_12/Tes&prev=_t&rurl=translate.google.com&usg=ALkJrhjEHS8jOSJD5ikLsP5THE-lSjhW7A).
It does not, as far as we know today, account for the crash, excepting the defense theory stating that, if the failures, altough said to be resolved, had been registered in the database, the plane would not have been cleared for take off.

…and we also know that almost no large server is running windows, and particularly that Spanair is not, making some doubt in an attorney “trojans theory”, adding the fact that, even if the company server was contaminated, no one is able to relate this eventuality with the crash.

The preliminary report, the only official source at the day speaking (ASN Aircraft accident McDonnell Douglas DC-9-82 (MD-82) EC-HFP Madrid-Barajas Airport (MAD)), speaks of the improper position of the flaps during the take off procedure:
if confirmed, it would be a human error, the only computer error, if any in this situation, would have been not warning of this event.

The same newspaper reports this flap human failure (without these flaps, the aircraft has no portability and no other solution then to crash):

and this same cause is also invoked in one of the security forums linked by the OP:
That's really sad :(, reply #4.

More dangerous then computer malwares are blogs themselves: note that they are informal discussions, almost never quoting their sources and, speaking of trojans, repeated from one to another like some epidemy, while no one ever does anything else then plainly pasting without ever using his own judgement or checking what is being said from authorized sources.

But, coming back strictly on topic, stating that CIS, or whatever firewall could have had some weight in avoiding this tragedy is, from what we know today, nothing but still another urban myth and a further example of the systematic alteration of the information in the blog world.

Sure they can pay.

Well… I don’t think so, although I do not know the server solutions of Comodo.

Yeah, seems a bit overlooked all this thing.

Were they with Linux?

Sorry, it was not my intention to bring a hoax. I quoted the source thinking they were serious ones.

Could be.

Were they with Linux?

I don’t know strictly speaking.

Public site is running windows, but we are not speaking here of flight control server:

Spanair has installed Red Hat for some of its activities:

I have no formal proof of what their central server is running, but for historical reasons, large companies with large datebases (and proprietary programming) were running Unix, they now most probably have “translated” for compatibility sake into some professionnal Linux version.

Could also use Novell, Unisys, Siemens… servers, and the said servers are most certainly redundant, but there’s no chance to see them run “open world” microsoft software.

Whatever the situation might be, the deal in whatever prosecution is to find a culprit, going from the central server to the airport maintenance services, as the aircraft had suffered from previous failure.
But the only implication of these two would have been to forbid take off, and the onboard aircraft computer (most probably also not running windows and with only proprietary software) function would have been to warn of an enormous human fault whose ocurrence in a private pilot flying school or in whatever air force would have got the student pilots to be fired for life:
There was no visual or instrumental checklist before taking off, and even if the onboard computer should have warned of the flap situation, no one knows why the pilots (said to be in a hurry after a first take off delay) did not obey the procedure, and tried to take off without visually controlling and manually setting the flaps and slats not to be retracted, even if there was no computer “echo” of this procedure, therefore making the crash 100% certain.

The MD-82 has been documented for such a computer failure before (but in the said event with no victim), leading some commentators to incriminate the airplane itself and Mc Donnell Douglas for not having done some modifications.
Some very severe incidents ocurred with the first flights of the Airbus A320, the first plane to fully integrate command automation (and as a consequence make the economy of the third man in the cockpit, the electronics officer).
But the A320 remains today one of the most largely used and safest plane in the world, and we could relate the 2 situations in the same inexperience and over-confidence of the crew in onboard electronics.
To make a good flight is like what is being said with movies and their scenario, you need 3 things:
a good pilot, a good pilot, and a good pilot.