Microsoft Blames the Messengers
Roger writes: "In an essay published on microsoft.com, Scott Culp, Manager of the Microsoft Security Response Center, calls on security experts to "end information anarchy" and stop releasing sample code that exploits security holes in Windows and other operating systems. "It's high time the security community stopped providing the blueprints for building these weapons," Culp writes in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them." See the story on Cnet News.com."
The security watchdogs of the net have no obligation to me. I am glad they do their tasks, but the owe me nothing.
My software providers have an obligation to provide me with secure software or none at all. I commend both Debian and Apple for responding to their occasional security problems in a timely manner.
In the olden days when watchdogs did not release sample code some software providers downplayed their flaws as theoretical problems. If the software providers had been responsive to security flaws, there would be no need for sample code.
I think the point is that they assume it is enough for you to tell someone and that you don't have to go kick down a wall to show them.
--"Karma is justice without the satisfaction"
Scale is irrevelant. Much more damage has been caused because there have been many more broken Windows installations.
I don't believe that Windows as a piece of software is fundamentally more insecure. However, as a general rule, it is less well-understood and administered by those who are less well-equipped to handle security. That is why Windows is more of a risk. The vulnerabilities exploited by the worms are equivalent.
Whether the incapacity of Windows administrators to take care of security is Microsoft's fault is another point entirely.