[LINK] security problems are not always Microsoft's fault
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Nov 6 15:11:33 AEDT 2008
At 7:05 PM -0800 5/11/08, David Goldstein wrote:
>Why am I not surprised amongst all the Microsoft bashing, some
>justified, some not, on Link that a report that shows security
>issues are not always Microsoft's fault gets no mentions?
Maybe we were all politely waiting for you to post it? (:-)}
Seriously, we must be clear about this.
Microsoft has cleaned up its act as regards the parameter-settings on
its products, and the processes of discovering problems and reacting
to them. It appears that their back-end QA may have improved too,
and maybe even some of their architecture (although ActiveX is still
what it always was).
Unfortunately, they continue to write dreadful monolithic code, do
far too much coding and far too little design, have inadequate
early-phase QA, and used spyware.
But not only are they not alone in at least some of those respects,
they're actually mainstream. Software development quality has
plummeted as scale and ambition have increased, as coding has become
a commodity, and as QAD 'methods' have come to dominate.
But I've been teaching this seminar on 'Internet and Web
Infrastructure for eCommerce' up here in HK for 7 years, and many of
the cheap shots I used to take now have to be phrased far more
carefully. I welcome that.
At 7:05 PM -0800 5/11/08, David Goldstein wrote:
>Why am I not surprised amongst all the Microsoft bashing, some
>justified, some not, on Link that a report that shows security
>issues are not always Microsoft's fault gets no mentions?
>
>Anyway, Microsoft's Security Intelligence Report shows security for
>Windows "has significantly improved, while at the same time the
>threat of computer viruses, frauds and other online scourges has
>become much more serious," reports the New York Times. And security
>vulnerabilities have shifted to individual programmes.
>
>"In comparing Web browser vulnerabilities in Windows XP and Windows
>Vista in the first half of the year, the new report found that while
>Microsoft could be blamed for half of the top 10 vulnerabilities in
>Windows XP, the top 10 browser vulnerabilities under Vista all came
>from third-party add-on software from companies like Apple and
>RealNetworks."
>
>Some media reports are available from:
>http://nytimes.com/2008/11/03/technology/companies/03security.html
>http://www.guardian.co.uk/technology/askjack/2008/nov/03/windows-security
>http://www.siliconrepublic.com/news/article/11725/cio/volume-of-cyber-security-threats-on-the-rise-warns-microsoft.
>
>David
>
>
> Find your perfect match today at the new Yahoo!7 Dating. Get
>Started http://au.dating.yahoo.com/?cid=53151&pid=1012
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list