Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista still Rife with Insecure Code

Posted by ryuzaki0 on from the rife-i-say dept.

osxpetition writes "As noted in a News.com article, Symantec researchers have been testing the latest Microsoft Windows Vista build (Beta 2), and have found that the code is 'complete with new corner cases and defects' in the networking component. Symantec describes how Microsoft scrapped the old networking stack code from Windows XP in favour of newer, rewritten code. 'Microsoft has removed a large body of tried and tested code and replaced it with freshly written code.' Since January 2002, Microsoft has put a stronger emphasis on protecting PCs by attempting to implement stable, secure code into Windows XP and their new operating system. This latest report from Symantec brings attention to Microsoft's trustworthy computing campaign, and shows how it will be a long way before it is ready for the mainstream."

1 of 330 comments (clear)

  1. Re:You joke, but by DroppedPacket · · Score: 5, Interesting
    OK, I have to bite on this:
    In fact, I think it's the only way to explain how many security bugs are in Windows.

    I think you perhaps need to take some lessons in critical thinking. This is the equivelent of saying, "The only reason auto-manufactuers put problems into cars so they have to recall them is because the government makes them, which is why Japanese cars are better than American cars."

    Large monolithioc systems are inherently more complex that smaller componant built systems. (Although those have problems too along the boundary interfaces.) Auto-makers put lots of time and money into making a car that A) doesn't fall apart and B) doesn't require a multi-billion dollar recall effort. Microsoft puts lots of time and money into trying to make their software more secure.

    On the whole, I'd say the auto companies do a better job. :-) Thowing money at a problem very rarely solves the problem. The need to have an understanding of the problem, and how to fix the underlying problem is vital. I think that is where Microsoft fails. The systems they have in place (from what I hear) are more frustrating to the engineers than helpful.

    I also have problems believing MS engineers are really motivated these days. Many of Microsoft's security issues have stemmed from their own code interactions which they implemented as deliberate features. Many more have been from sloppy programming (such as buffer overruns).

    Trying to blame MS security issues on government mandated back doors smacks of plain political diatribe with a nice glossy veneer of ignorance on the top to give it a nice sheen.

    --
    I am not a resource! I am a free man!