Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: RADAI@HUJIVMS.BITNET (Y. Radai)
Newsgroups: comp.virus
Subject: FSP and sales figures (was: Into the 1990s)
Message-ID: <0008.9105281939.AA08091@ubu.cert.sei.cmu.edu>
Date: 28 May 91 12:49:00 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 38
Approved: krvw@sei.cmu.edu


  Ross Greenberg writes in response to my posting:
> To paraphrase your past arguments for the readership, I believe you
> commented that FSP's installation was such a pain in the butt that few
>people used the integrity checking feature FSP includes.

Well yes, I was referring to that ... plus the fact that after three
years of existence FSP still has no provision for checking the
partition record (master boot record) ... plus the fact that for any
given file, FSP gives the same checksum for all users, which (imho) is
a security hole.  (At least, these were true the last time I looked.)
But just to show that I don't think your integrity checking is *all*
bad :-) , I found that FSP was faster than any program based on a CRC
over the entire file.

  I gladly accept your suggestion to continue the discussion on these
points at the Virus Bulletin conference.  (In fact, part of my lecture
will deal with weaknesses like the above even if I don't specifically
mention FSP.)  But in my last posting I was concerned with FSP not in
itself, but merely as an *example*: Since the vast majority of users
don't check for weaknesses like these before they buy a program like
FSP, high sales figures do not prove that the software is good.

  I don't deny that quality of software has *some* relevance to sales
volume.  The question is *how much?*.  You didn't react to my
statement that if the correlation were high, "we could completely
dispense with all the quality comparisons that are continually being
made in the literature, and simply quote sales figures."  Is that what
you're suggesting?

  Anyone else in this forum have an opinion on how high the correla-
tion is between quality of software and sales volume (for products in
the same price range)?

                                     Y. Radai
                                     Hebrew Univ. of Jerusalem, Israel
                                     RADAI@HUJIVMS.BITNET
                                     RADAI@VMS.HUJI.AC.IL