Slashdot Mirror
Microsoft Blames the Messengers
Roger writes: "In an essay published on microsoft.com, Scott Culp, Manager of the Microsoft Security Response Center, calls on security experts to "end information anarchy" and stop releasing sample code that exploits security holes in Windows and other operating systems. "It's high time the security community stopped providing the blueprints for building these weapons," Culp writes in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them." See the story on Cnet News.com."
In other news, consumer advocate Ralph Nader urged leaders in the auto safety industry to "stop finding safety problems with automobiles. We can surely trust the automakers to make their cars as safe as humanly possible, without sacrificing their profit margin, and with no need of safety crash tests."
-dan
into unix? into punk? check out unixpunx
The security watchdogs of the net have no obligation to me. I am glad they do their tasks, but the owe me nothing.
My software providers have an obligation to provide me with secure software or none at all. I commend both Debian and Apple for responding to their occasional security problems in a timely manner.
In the olden days when watchdogs did not release sample code some software providers downplayed their flaws as theoretical problems. If the software providers had been responsive to security flaws, there would be no need for sample code.
"It's high time we stopped teaching Chemistry and Biology! People are spreading information that essentially maps out exactly how the human body works, which allows for all sorts of chemical and biological weapons! And explosives, too!"
Wrong analogy. Let's just imagine that these biologists and chemists were not only creating these potentially life-threatening entities, but were handing them to "bio-kiddies" to wreak havoc on the world. What if ever biological "advance" in the field of weapons was diagrammed, exploited, and written in clearly blue in white on a sheet of paper EXACTLY how to kill someone? Then you'd have a decent analogy.
"In other news, Master Lock wants to release a new model made out of twine and butter."
Not even close. In fact, both egotistical and lame (although what can you expect for a low-number Slashdot user. Where's your evidence? Ever get the feeling that, just perhaps, people go after Microsoft with viruses and worms because of a PERCEIVED evil?
"They ask the community to avoid discussing the security of the lock, since they anticipate it getting deployed widely, and once the ButterLock is being used to secure mission-critical systems, it will be extremely important to keep its flaws a secret."
Hardly. MS publishes every flaw they find. Literally hundreds of thousands, same as Open Source projects.
The difference, though, is that very few people want to ATTACK Open Source projects. Meanwhile, others perceive they have a RIGHT to do so to Microsoft, including fellow Open Source coders.
I think the point is that they assume it is enough for you to tell someone and that you don't have to go kick down a wall to show them.
--"Karma is justice without the satisfaction"
... why not open source windows?
Scale is irrevelant. Much more damage has been caused because there have been many more broken Windows installations.
I don't believe that Windows as a piece of software is fundamentally more insecure. However, as a general rule, it is less well-understood and administered by those who are less well-equipped to handle security. That is why Windows is more of a risk. The vulnerabilities exploited by the worms are equivalent.
Whether the incapacity of Windows administrators to take care of security is Microsoft's fault is another point entirely.