Slashdot Mirror
Early Warning For Microsoft Premium Customers
techmuse writes "According to internetnews.com, Microsoft is giving its premium customers early warning about vulnerabilities and patches. Those of us who aren't lucky enough to have such a relationship with Microsoft may find ourselves at greater risk than premium customers as a result."
The U.S. government's Computer Emergency Readiness Team (US-CERT) has also been heavily criticized for providing security advisories to paying customers ahead of coordinated public release.
Microsoft and the government using the same strategy! I am shocked! (sarcasm mode off)
Other juicy information from the article:
There won't be a patch this month for a "highly critical" bug in Internet Explorer browser's drag-and-drop feature.
So we are suppose to buy access to problems that won't be patched in a timely fashion? You've got to be kidding me.
The only justification that I can see to this might be that microsoft wants to release it to their "elite" first... so that work-arounds and patches might be generated by the community instead of within microsoft. Thus, trying to get one of the open source benefits...
While that's a good theory... I bet it's really just microsoft praying on the security worries of companies. Considering I run a Microsoft network... that's a sad conclusion for me to have to make.
Company gives preferntial treatment to its higher profit customers!
I've just signed legislation that'll outlaw Russia forever. We'll begin bombing in five minutes.
*shrug*
Doesn't sound like it affects overall computer security, really. It's nice for the organizations that sign on, so they have a couple more days to plan outages as necessary. It doesn't affect the vast majority of home users at all (I certainly don't plan my downtime, it just happens when I feel like it).
I can see this being irritating to customers who are unwilling to pay yet another Microsoft tax for early notification, but I don't see that it's some kind of horrible, evil practice, either.
Reality has a conservative bias: it conserves mass, energy, momentum...
I would re-write one sentence in the summary as:
"Those of us who aren't lucky enough to have such a relationship with Microsoft may find ourselves at greater risk FROM premium customers as a result."
(changed "than" to "FROM")
In a nutshell, is this not what MS is doing?
Bugtraq is almost always ahead of microsoft where it comes to vulnerabilities in their software. Why in the world would I pay Microsoft to tell me what might be wrong tomorrow when bugtraq will tell me what's wrong today? Does anyone have an experience where MS came out with vulnerabilities first?
I submitted this story last night, and it didn't get posted.
That is silly. Are "premium customers" going to be bound by some NDA not to talk about the vulnerabilities? What's to prevent some news outlet from becoming a "premium customer" and then publishing everything they hear five minutes later. But now MSFT will look bad (worse) because the press is announcing there flaws instead of them.
M$ says they are focusing on security, but how does giving advance warning only to subscribers support security? It's the average user who doesn't know how to patch their computer that is at the most risk (and can also propogate the most damage to the rest of us). And the average user won't be a premium customer.
Does it seem like M$ is saying one thing and doing another?
You won't hate yourself in the morning if you don't get up before noon.
Imagine if companies in the car industry worked the same way:
People wouldn't stand for it. Why do they hold software companies to such lower standards?
Always with the car analogies. This isn't Pontiac only recalling and replacing a defective part if you pay more. This is Pontiac recalling and replacing a defective part on exactly the same schedule for everyone, but telling premium customers three days earlier "hey, we're going to be recalling something on the 2005 GTO in three days. Get ready."
This just isn't a big deal.
Reality has a conservative bias: it conserves mass, energy, momentum...
>>Security through $$$
You mean "a false sense of security through $$$", right?
wbs.
Huh?
Security through $$$ might even work for them to except for the fact that to date Microsoft has shown almost zero ability to produce anything that's actually "secure".
Even if I were so inclined to pay someone for security Microsoft would be the last company on the face of the earth I'd go to to get that.
Their pile of cash is legendary and no matter how much they have (or can figure out how to get) they seem unable to incorporate this "security" thing into their products. What would make anyone think that throwing more money at them is going to change that?
Appended to the end of comments you post. 120 chars.
How does one become a "premium customer"?
Dedicated Cthulhu Cultist since 4523 BC.
I can only wonder: MS really is in quite deep trouble with their customers, especially those, who have paid big bucks to have the right to upgrades of their products. Since Longhorn is a long way out, and any upgrades (OS or Office) seem not hugely attractive, why is anyone paying the maintenance fees, which were designed to save you money on product upgrades?
MS has made their staunchest customers (i.e. the executives and managers having talked their companies into spending the extra money on maintenance) look absolutely foolish. So now, they desprately need to give those folks a story to tell their bosses, why they should not get fired for such a wanton waste of their companies' money.
Playing this security card shows an amazing act of desparation by a wounded giant. If even Gartner starts to critisize MS, there is a lot going wrong in the belly of the beast.
That's not fair, slashdot should give their information out freely to everyone...
Oh wait, they do, they just treat their paying customers a little better...
I really don't see this as much of an issue. The "premier" customers don't get the patches any sooner. They get an advance heads-up on what the patches will contain. Why will this affect anybody?
According to the article: Microsoft insisted the information provided in the notice was "very basic in nature" and intended only to provide general guidelines concerning the maximum number of bulletins that may be released, the anticipated severity ratings, and an overview of products that may be affected.
It's an early *warning*
If you can show me a virus writer who can take advantage of a hole by reading about it in a very generalised security bulletin, then I'd hire him on the spot.
(From the article: "The information is purposely not specific and does not disclose any vulnerability details or other information that could put customers at risk." )
you, being a 16-year old over-achiever, register yourself with Microsoft as a preferred customer using your daddy's company credit card. At that point, you learn of the impending vulnerabilities and release one hell of a worm virus on the net. Stick a fork in me, I'm done...
-- Game Developers: Stop porting badly-textured games from crappy console systems!
Please, hate MS all you want, but at least hate them for a reason, not the typical /. drooling paranoia I see here.
The drooling paranoia was built because of years of times when Microsoft really *did* screw over customers or competition in quite an unethical manner, like the DR-DOS application compatibility, or the IIS Netscape Navigator deprioritization. Microsoft generally didn't get in trouble for its misdeeds, so now IT folk angry after years of poor treatment have simply started attacking Microsoft for all sorts of things that really aren't very bad at all. Microsoft is simply paying back in installments for earlier nasty deeds.
May we never see th