Slashdot Mirror
Can You Trust Microsoft On Security?
simetra writes "Here's a shocker... This story on Yahoo! is pointing out the obvious. How many of these until the suits start believing us?" Maybe the article is just trying to stir up trouble, though: ladislavb points out that Windows XP is an Operating System you can trust. (The review is also available on mirror1, mirror2, mirror3, mirror4.)
Beware of the man behind the curtain
However, even the non paranoid don't trust Microsoft. The problem is evidently that the suits are going for Microsoft while the techies (the real ones, who didn't get the job by the list of MCSEs in their CVs) just get beaten into submission.
Conversion Rate Optimisation French / English consultant
What people want is a quick response to the problem.
As MS are always saying - and the article admits it's true - they are actually pretty good at releasing patches for most (not all) vulnerabilities quickly.
The security problem is that admins don't apply these patches, because they too often break something that was working before. This is a result of either shoddy testing on MS's part, or unclear specifications and documentation encouraging third-party programmers to make use of facilities they're not supposed to know about.
Microsoft is suffering raging split personality. Part of it wants programmers to use every last nook and hook of the code to squeeze the best possible performance out of it; another part of it wants to control (limit) the features available to third-party programmers, so that it retains the freedom to change inner workings without breaking their code.
This is a major QA problem for MS, and I think - from the tone of their talk on "Trustworthy" computing - that at least some of them are aware of it.
While 77 percent of respondents in the information technology (IT) field said security was a top concern when using Windows, 89 percent still use the software for sensitive applications[...]
So, clearly people *do* trust Windows, in that they are using the software for "sensitive applications". Of course, they probably have very little choice in the matter, and hopefully they take my tack of firewalling it off from everything when forced to use it.
I was just getting at the obvious false statement in the teaser - the respondents *are* trusting Win, they just aren't *happy* about having to.
I forget what 8 was for.
Given that the Windows codebase has evolved over so many versions, it's hardly surprising that there are plenty of security holes. If the foundation is shakey, don't expect the building to stay up. Especially in a closed-source environment where the number of people scrutinising the code is minimal.
.Net products is the opportunity for them to start over with their security. The models in place for .Net apps are superior to what was previously on offer for Windows development. They even throw in stuff like run-time buffer overflow detection...if you turn it on.
.Net security problems so far appears to be minimal, MS could improve their image as being poor in security, provided they get sufficient take up...and don't screw it up this time around...
It seems to me that one potential benefit for MS from it's
Given that the number of