The Third-Party Patching Conundrum

An anonymous reader writes, "The Zero Day Emergency Response Team, or ZERT, stepped out of the shadows a week ago to offer a quick patch for the Microsoft VML vulnerability. eWeek reports that reactions to third-party patches have been mixed. Jesper Johansson, a former Microsoft security consultant, said 'I will not use the unofficial patch, nor can I think of anyone I would recommend it to.' ZERT has enrolled former White House IT security expert Marcus Sachs as a spokesman of sorts. He told eWeek, 'This patch is just another arrow in the quiver. These guys are some of the best-known reverse engineers and security researchers. It's a tight-knit group that has worked for years to make the Internet a safer place. This isn't a patch created by some guy in a basement.' And while MS did release an out-of-band patch this week for XP, ZERT releases updates for operating systems that are out of MS support: Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3."

FOSS required for homeland security

[Anne+Thwacks]

As MS have a monopoly, then they should be forced to support the OSes or open-source them (their choice)

Given the fact that huge numbers of Win2k and Win98 systems are, and will remain in use, they must be patched deliver homeland security.

If MS won't release patches, surely it is incumbent on the US Government to force them to OpenSource them so that others can. The US government IS still supposed to deliver homeland security?

Providing Patches for Microsoft is Wrong

[Coeurderoy]

Microsoft makes it purposedly hard to work with them.
Their security is bad, and anything that encourage people to use their software is wrong.

It encourage Microsoft to continue to work as they are.

And therefore it actually lowers the global security of the Internet