Replies
@kain preacher 22:24 GMT: "Explain how they would be criminally liable ?"
Don't know about the UK, but in the US if you are aware your product has a flaw and you ignore it, and that flaw causes a criminal act, *you* can be held "criminally negligent" (ie, car-maker knows car model has brake problems, doesn't fix it, person dies in car accident when brakes fail due to problem, company is held "criminally negligent")
If virus-passing is a crime in the US (I believe it is, but IANAL) then companies which wilfully ignore vectors *can* be held "criminally negligent".
@vincent himpe 22:22 GMT: "So according to you its a crime to try to make computers more user friendly and easier to use."
Your examples are comparing pears and oranges (I do not mention the other fruit in case I inadvertently start a flamewar ^_^ ) Each of your example uses a device which has one purpose, and one purpose only. They are also not intended to be able to modify other equipment's behaviour except via very narrow and rigid guidelines.
A computer, on the other hand, is a truly multi-purpose device which does more than play music. It also interacts with a multitude of other multi-purpose devices via guidelines intended to be wide and flexible. And that communication design feature means the death-knell for that "user convenience" you so espouse. Security *has* to occur at some point - either at the communication or at the data-entry end. A system which is open *everywhere* is insecure by definition.
So if you want the convenience of playing a movie or music as soon as you pop the tape/CD/DVD in, stock with devices with secure communication. If you want a device with wide and extensive communication, expect it to challenge the stuff you plug into it.
@Mike 22:44 GMT: "(for those who think autorun from a CD is a bad idea... did you know that these days you can actually boot an entire operating system from one? that's autorun taken to the extreme! i doubt you still use floppies to bootstrap your OS install CDs "for security" though)"
I disable autorun and *still* manage to boot my machine from an install CD. Why? Because the former is the province of the OS, and the later of the BIOS. Please do not confuse the two. Anyone trying to "boot" while in an OS should really think about that they are doing. And if they *really* want to do it, then trigger the boot software manually - it's not that hard.