| reply to Nightfall
Re: Yes, but... No offense, but one example of MS being early on a defect fix does not mean they are now up to par; they just read the antivirus mailing list.
They still have items now on their "to fix" list. They responded extremely slow to the SuperCookie issue, plus a couple of other items that escaped my mind at the moment. Also, in Decemeber 2001 they had something like 13 outstanding security defects that have been around for a couple of months.
What needs to happen is MS needs to be proactive about security. They need to get to the point where their security bulletins primarily consist of theoretical attacks. The only OS I know like that right now is OpenBSD. |
