GDI Vulnerabilities: An Open Letter to Microsoft
UnderAttack writes "Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open
letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not."
I use XP and it works fine. True I have to install security patches now and then, but it does for me what I need. Any big company is going to have troubles like these.
What a moron.
Why should Microsoft be responsible for checking third party libraries?
Oracle probably doesn't check for DB2 vulnerabilites either.
How is MS responsible for 3rd party dlls. Why dont you contact the 3rd party vendors and ask them whether this bug affects their application or not. Writing open letter to MS would do no good.
I think it should be 'worse than useless'
Their you go.
Just a simple grammar error.
(..yes it was intentional.. laugh)
"Worse then useless" would mean that something is worse, then it is followed by useless.
"Worse than useless" which is the actual quote, is correct English.
He didn't say it is worse THEN useless, he said it is worse THAN useless.
Learn how to spell! If we don't do so, how can we expect others to learn and use our language correctly?
OK, let's get a few things straight: You start with Linux as the kernal, and Linus wrote that... Then other people (like RMS) came along and started bundling it with an OS, and we call them GNU/Linux, then still more people customized those things into distros with additional software written by completely separate entities (such as "The Gimp"), so to make a long story short: Linus is not responsible for programs like "The Gimp" ever!
It's not like Microsoft. The various distros contain software written by litterally thousands of contributors, and Linus is just one of them. He really can't even stop people from releasing modified versions of his own code so long as they follow the guidelines of the GPL.
I bet he won't get a response from anyone at Micro$oft who matters...
Interesting that you completely disregarded point #3.