 NightfallMy Goal Is To Deny YoursPremium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·Comcast
 ·Callcentric
| Bugs happen I am glad to see Microsoft come out with a statement such as this. However, it wasn't as if they weren't putting security in the backseat anyway. The problem is all software created by humans is always going to have holes, exploits, and bugs associated with it. You give a hacker or a group of hackers enough time and a operating system or piece of software and bugs will always be found. It just takes time.
These hacker groups want to get as much media exposure as possible. So what makes more sense to hack or find exploits in? Netscape or IE6? Windows XP or Linux? Some people believe that being the most used browser or OS doesn't matter, when in fact it does to most hackers who want to make a name for themselves. No one wants to spend hours or days trying to find exploits in software no one uses.
Sure, Microsoft and almost every other software company wants to see zero bugs and 100% security. However, you aren't going to see that kind of software as long as humans write the code. As humans learn from their mistakes, other bugs as yet undetected lurk within. It just takes time and a hacker to find them.
--
Nightfall - »www.nightfall.net |
|
 AkumalDaveLife's A BeachPremium,MVM
join:2001-04-20
Minneapolis, MN | Yes, but... I've always felt that it's not particularly important IF something breaks - it's how the provider/vendor/dealer handles the situation WHEN something breaks.
In this case, MS has a long history of snubbing the "white hat hacker" community and refusing to admit their software had bugs (features, yes - bugs? never!). Their arrogant position has made them a target - just as much as being the number 1 software publisher has.
Yes, all software has bugs and will as long as humans are involved. But when MS makes public statements about their commitment to security, given their past performance, people have a right to be skeptical.
regards,
Dave |
|
NightfallMy Goal Is To Deny YoursPremium,MVM
join:2001-08-03
Grand Rapids, MI Reviews:
·Site5.com
·Comcast
·Callcentric
| Prior to Windows 98 I will agree with you. Microsoft had a really bad standing about not fixing bugs when they pop up. However, I can say as of recently they are a lot better. Example, the Nimda virus. The fix was out for this six months before it started to hit. Who is responsible? Users have to be placed to blame. Same with the administrators who don't apply the patches to their own systems. A responsible user or network engineer will do the best he can to make sure he reads security bulletins and applies patches promptly.
--
Nightfall - »www.nightfall.net |
|
| Agreed!
I am still getting hit 30+ times a day by bone heads that STILL haven't patched their servers.
I even got attacks by rackspace.com yesterday!
I KEEP TOLIN YOU PEOPLES!
USE THE STINKIN PATCHES! =o) |
|
| reply to Nightfall
No offense, but one example of MS being early on a defect fix does not mean they are now up to par; they just read the antivirus mailing list.
They still have items now on their "to fix" list. They responded extremely slow to the SuperCookie issue, plus a couple of other items that escaped my mind at the moment. Also, in Decemeber 2001 they had something like 13 outstanding security defects that have been around for a couple of months.
What needs to happen is MS needs to be proactive about security. They need to get to the point where their security bulletins primarily consist of theoretical attacks. The only OS I know like that right now is OpenBSD. |
|
NightfallMy Goal Is To Deny YoursPremium,MVM
join:2001-08-03
Grand Rapids, MI Reviews:
·Site5.com
·Comcast
·Callcentric
| reply to Nightfall
Re: Bugs happen Keep in mind that by the time a security bulletin is released, there has to be a reasonable amount of time given to release a patch. I am not saying that there isn't a lack of bugs to fix, but I am saying that you fix one bug and others pop up because of the way software is coded. All software packages need patches. I can say Microsoft has been very fast with working on fixes for very problematic bugs or exploits that are found with its software lately.
You also compare OpenBSD with Microsoft, which isn't a very fair comparison. OpenBSD is on maybe 3% of the desktops on the market today. Most kiddie/hacker groups aren't going to spend the time it takes to find exploits in it because of that reason alone. I can also see how OpenBSD fixes the problems quickly...but if OpenBSD was on 98% of the desktop market, how many bugs or exploits would be found by these same kiddie hacker groups? I know most Linux users would say zero...but most educated people know differently. Also, how fast would these problems be fixed? It isn't an excuse for Microsoft...but just a side that most people don't look at.
--
Nightfall - »www.nightfall.net
[text was edited by author 2002-02-07 11:19:14] |
|
