Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!mips!pacbell.com!att!news.cs.indiana.edu!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: microsoft!c-rossgr@uunet.uu.net Newsgroups: comp.virus Subject: re: FSP and sales figures (was: Into the 1990s) Message-ID: <0001.9105291438.AA09086@ubu.cert.sei.cmu.edu> Date: 29 May 91 00:51:21 GMT Sender: Virus Discussion List Lines: 60 Approved: krvw@sei.cmu.edu >From: Y. Radai >... after three >years of existence FSP still has no provision for checking the >partition record (master boot record) ... Well, yeah: you're right, there. I've been busy with Virex-PC, but it probably *is* time for that feature to be added. > plus the fact that for any >given file, FSP gives the same checksum for all users, which (imho) is >a security hole. (At least, these were true the last time I looked.) Well, it is a single user system, after all....:-) No, I know what you mean and that you feel it should give different "seeds" for each system. I recall that discussion and that I felt (and still feel!) it's a good idea, but a tech support nightmare. > Since the vast majority of users >don't check for weaknesses like these before they buy a program like >FSP, high sales figures do not prove that the software is good. Actually, I think that very high sales figures causes inertia in a product: I really can't simply change the functionality of FLU_SHOT+ (or of Virex-PC) without pissing off a lot of people or adding in extra layers of backwards compatability. There are a buynch of things I'd love to change in each of the programs to make them far better programs, but that would break > 75K current users of the products. > You didn't react to my >statement that if the correlation were high, "we could completely >dispense with all the quality comparisons that are continually being >made in the literature, and simply quote sales figures." Is that what >you're suggesting? Not quite. However, a real dog of a product that simply doesn't work is, eventually, gonna be found out and will have zero sales volume. So, it would be safe to say that -- after enough time has passed -- sales volume would indicate that a bunch of people are happy with the program, and that this *may* be an indication that the product is of high quality (Hmmm, maybe this is turning into a submission for RISKS...) It's tough to decide on what determines the relative quality of a product, though: if a scanner does 500 viruses and scans your disk in two minutes and another scanner does 600 viruses and scans your disk in three minutes, which one is a "better" product? Does making it pretty, with a cool/spiffy GUI make it a "better" product? I would think that using the sales volume of a product along with *other* factors could help to decide what products to take a look at. But the quality *comparative* reviews are what makes a product's quality easy to see -- and relative to boot. It is this relativeity that changes, making quality a moving target. High sales figures indicates that what somebody is offering, somebody is buying. This must be taken into account in the equation, no? Ross