New Crypto-Gram

TRingstad writes: "The newest issue of Bruce Schnier's Crypto-Gram is out and available here. It has more on Microsoft's Bastardization of Kerberos, and includes their request to Slashdot to remove the postings. He also threw in another link to a mirrored copy of the Kerberos specification. Funny. Also good is an article on why companies like Microsoft aren't held responsible for pushing out poor products, the way a company would be in any industry other than the Software industry, and another article about "ILOVEYOU" and the problems with scripting languages like VB."

Customers ask us to

[jeroenb]

From "ILOVEYOU Virus":
Do these "customers" really specifically ask for fully general scripts that attachments can execute, or do they only ask for certain features that can be implemented in many ways, some of which involve attachments that execute scripts? Do the customers who supposedly ask for these crazy things understand the consequences of them?

I think this is an underestimation of Microsoft's users. Sure, this stuff is dangerous to have and some of the things Melissa and ILOVEYOU have done should have been anticipated by the original designers of VBA and the ones integrating it into their product. But still, I have used scripting a lot to automate all kinds of tasks in a Windows-environment and I have to say it actually works quite well. People here don't just run attachments in an e-mail called "ILOVEYOU" and consequently turn off macros in a document unless they know beforehand what they do. But once you know what you're doing, the scripting environment that allows all these things is very powerful.

I think the main problem of Windows is that the design goal is to create an OS that is easy for everybody but turns out only to be safe for experienced users. Because apart from the occasional hole that turns up in the software directly (but that happens in all software), a Windows NT or 2000 box can be customized and used very safely.