[LINK] Rampaging bugbear

[Malcolm Miles]

On Sat, 05 Oct 2002 10:08:20 +1000, you wrote:

>> Microsoft released a patch for the security hole that both bugbear and
>> klez exploit back in May 2001. Current versions of IE do not have this
>> security hole.
>
>Fixing holes in the O/S for each and every virus that comes out is ar**-backwards.

I totally agree. But given that the holes are currently there, there
is little else Microsoft can do for software that is already out
there. 

>There are over 50,000 virus and worm exploits for the Windows platform.

And the majority of them take advantage of just one or two holes in
IE. Getting users to fix those few holes would substantially reduce
the amount of infection.

>AND, as
>we all know, there are literally hundreds of millions of unpatched PC's out there.
>As a matter of fact, some of the older virii are now doing the rounds again, and
>will continue to do so as long as there are unpatched Windows boxes in the wild.

So what is the solution to patching all the boxes? Users won't
actively go out and patch their boxes, auto-update seems to work well
but a number of people have concerns about its misuse by Microsoft. 

Perhaps vendors and users need to acknowledge that PCs are complex
devices and need to be regularly serviced. Just as Jims Mowing comes
in every few months to mow your lawns and weed your garden, and we
take our cars in for regular service, perhaps we need to instil a
culture where we get our PCs regularly serviced (service packs
installed, defragged, checks that the anti-virus us functioning etc).

>Malcolm, as a constant apologist for Microsoft on this list, I wonder if you do
>consulting work for the Windows platform. The short-sightedness of the your remark
>above would tend to make one think this is the case.  Do you have an MCSE?

I provide high-level PC support in a large Australian company. I do
not have an MCSE.

-- 
Best wishes,
Malcolm

----------
For Link list information see http://sunsite.anu.edu.au/link/