Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Can't Microsoft Just Patch Everything?

Posted by Zonk on from the they-need-more-cookies dept.

paneraboy writes "If smaller software companies can patch all of their bugs serious or minor, ZDNet's George Ou asks, why can't Microsoft -- with its massive army of programmers and massive budget -- patch all of its vulnerabilities? Had Microsoft fixed a low risk browser vulnerability six months ago, perhaps we could have avoided last week's zero-day exploit. Currently, more than two dozen Windows XP issues remain unpatched. Ou thinks Microsoft ought to fix them all." From the article: "Almost 4 years after the launch of Trustworthy Computing, I found myself wondering why am I staying up till 4:00 AM to deliver an emergency set of instructions (Home and Enterprise) to my readers because Microsoft felt it unnecessary to patch a flaw six months ago that was originally low risk but mutated in to something extremely dangerous."

11 of 640 comments (clear)

  1. Seems like some people don't understand coding by MSFanBoi2 · · Score: 5, Insightful

    Seems like some members of the press don't understand coding. You can't just go and patch everything. Regression testing? Making sure all the changes work as needed without impacting other subsystems.

    Do you really think if Microsoft COULD do it, they wouldn't.

  2. patch the leaky boat by Speare · · Score: 5, Insightful

    You can only patch a leaking boat so much, even if you drydock the vessel for a few months. When it's only held together by the barnacles and the masthead, it's going to sink whether you bail it out or not. At some point, you're going to have to re-think the design of that hull, and start from scratch.

    --
    [ .sig file not found ]
  3. It can't be done ... by malcomvetter · · Score: 5, Insightful



    I think MS has come a long way from where they were, but I agree. To the people who claim it can't be done: OpenBSD does it!

    1. Re:It can't be done ... by Anonymous Coward · · Score: 5, Insightful

      I think you're missing the point: OpenBSD doesn't think it can make perfect software. But rather they have a policy of fixing any bug *no matter how small*.

      Microsoft (and other vendors) make a cost-benefit analysis.

      And that's where we get screwed.

  4. Because they don't have to by nuggz · · Score: 5, Insightful

    Why should they?

    People will still buy thier product, people accept that it sucks.
    Unless they see a good ROI on patching or developing good code they won't.

    Quite honestly if it isn't a worthwhile use of their resources they shouldn't patch code.

    When there is serious competition and code quality becomes a competative advantage they'll fix it.

    1. Re:Because they don't have to by pubjames · · Score: 5, Insightful

      People will still buy thier product, people accept that it sucks.

      This is something that winds me up terribly about Microsoft, or rather, the people who use Microsoft software. For example, a friend has had absolutely terrible problems with his Windows XP laptop, tearing his hair out stuff with viruses and worms and other issues. He was going to buy a laptop for his wife and asked me for my advice. I said, buy an Apple laptop and you won't have all these problems. So what did he get? Another windows machine. Why? WHY??? Because everyone uses Windows, and he was afraid of something different. And this isn't the only example.

      I got my old mum and dad a Mac Mini - they love it, and their friends coo over the slide show software and ask me how to buy one. I explain it's an Apple computer, it's cheap and compatible and will have all the software they need already installed. Then I find out later they've brought a Windows machine, because their son uses one and they were afraid that if they got an Apple they wouldn't be able to email him.

      Microsoft survives because of the fear most people have of something different. Drives me nuts. My only recompense is saying to these people "You asked my advice and I said buy a Mac then you wouldn't have these issues. So sorry I can't help you. " when they phone me to solve their stupid problems...

      Rant over.

  5. I ask the same question by xtracto · · Score: 5, Insightful

    Why can't the Mozilla Software Foundation allt the 6300
    Firefox Bugs? instead, they have to release a "new" version... just freeze the freaking lreleases and patch your bugs!

    No, OSS is not free of bugs

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  6. Mod parent up! by khasim · · Score: 5, Insightful

    There are two types of "patching".

    1) Patches to fix code flaws in an otherwise sound security model.

    2) Band-aids for a flawed security model (anti-virus updates are in this category).

    Microsoft focused on "user friendly" and "easy of use" for so long to the detriment of security. And security cannot be retro-fitted to a system.

    When they merged IE with the OS, just to be able to beat Netscape, they opened the OS to a whole new category of exploits.

    And then ActiveX made web app programming so much easier ... and opened a whole other category of exploits FOR THE OS.

  7. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  8. Strawman argument... by Numen · · Score: 5, Insightful

    The initial post is a strawman argument...

    If smaller software companies can patch all of their bugs serious or minor, ZDNet's George Ou asks ...which predicate the argument on the notion that small software companies patch all their bugs.

    So if I go looking for bugs in say the Opera browser I wont find any, because small companies patch all their bugs?

    Nobody patches all their bugs; not small companies, and not large companies. The argument is a piece of sophistry that simply sets up another round of MS bashing. A fun sport, but it shouldn't be mistaken as anything exccept sport.

  9. "Quality" by RealProgrammer · · Score: 5, Insightful
    the minimum they have to do in order to keep people just happy enough to stick with their products.

    There was a business mantra in the '90s, and still out there today, that defines "quality" as whatever it takes to please the customer. Consultants hauled in buckets of money generating cliches out of that. Companies may be driven by customer satisfaction, which is fine as far as it goes, but it doesn't mean their products are any good.

    The flaw in the cliched definition is that often the customer doesn't know what they're getting or have any basis to judge how good the product is.

    Microsoft, being driven by market share, is a step removed even from that level of quality. They only want their customers to be happier with their products than with the competition (which is often another of their products or an earlier version of the same one).

    Making things properly is not in their range of capability.

    --
    sigs, as if you care.