[LINK] security problems are not always Microsoft's fault

Roger Clarke Roger.Clarke at xamax.com.au
Thu Nov 6 15:11:33 AEDT 2008 

At 7:05 PM -0800 5/11/08, David Goldstein wrote:
>Why am I not surprised amongst all the Microsoft bashing, some 
>justified, some not, on Link that a report that shows security 
>issues are not always Microsoft's fault gets no mentions?

Maybe we were all politely waiting for you to post it?  (:-)}

Seriously, we must be clear about this.

Microsoft has cleaned up its act as regards the parameter-settings on 
its products, and the processes of discovering problems and reacting 
to them.  It appears that their back-end QA may have improved too, 
and maybe even some of their architecture (although ActiveX is still 
what it always was).

Unfortunately, they continue to write dreadful monolithic code, do 
far too much coding and far too little design, have inadequate 
early-phase QA, and used spyware.

But not only are they not alone in at least some of those respects, 
they're actually mainstream.  Software development quality has 
plummeted as scale and ambition have increased, as coding has become 
a commodity, and as QAD 'methods' have come to dominate.

But I've been teaching this seminar on 'Internet and Web 
Infrastructure for eCommerce' up here in HK for 7 years, and many of 
the cheap shots I used to take now have to be phrased far more 
carefully.  I welcome that.


At 7:05 PM -0800 5/11/08, David Goldstein wrote:
>Why am I not surprised amongst all the Microsoft bashing, some 
>justified, some not, on Link that a report that shows security 
>issues are not always Microsoft's fault gets no mentions?
>
>Anyway, Microsoft's Security Intelligence Report shows security for 
>Windows "has significantly improved, while at the same time the 
>threat of computer viruses, frauds and other online scourges has 
>become much more serious," reports the New York Times. And security 
>vulnerabilities have shifted to individual programmes.
>
>"In comparing Web browser vulnerabilities in Windows XP and Windows 
>Vista in the first half of the year, the new report found that while 
>Microsoft could be blamed for half of the top 10 vulnerabilities in 
>Windows XP, the top 10 browser vulnerabilities under Vista all came 
>from third-party add-on software from companies like Apple and 
>RealNetworks."
>
>Some media reports are available from:
>http://nytimes.com/2008/11/03/technology/companies/03security.html
>http://www.guardian.co.uk/technology/askjack/2008/nov/03/windows-security
>http://www.siliconrepublic.com/news/article/11725/cio/volume-of-cyber-security-threats-on-the-rise-warns-microsoft.
>
>David
>
>
>       Find your perfect match today at the new Yahoo!7 Dating. Get 
>Started http://au.dating.yahoo.com/?cid=53151&pid=1012
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list