Forwarded from: Mark A. Simos <MSimosat_private> Cc: myemailaccountat_private The attacks on Microsoft's security are getting repetitious and counter-productive. There are plenty of flaws in many open source products that could be listed and lambasted on a list such as this. IMHO, the attacks have worked and should be put aside until it is obvious they are needed again. The company shutdown production for 2 months and forced every developer to review every line of code. That is a pretty serious commitment for a profit driven corporation. The versions of the software most directly affected have not even been released in production yet. How would you motivate a large number of home-users to patch affected systems? RedHat et al currently still have the mixed blessing of not having a large install base of unmanaged home PCs. RedHat will face the exact same problem if/when it gains marketshare in that area. then what? do they remotely as redhat root account force people to patch? do they coax, cajole and try to sell patching to end users? Full Disclosure: I work for the evil empire, get over it. FYI, I mean nothing special about redhat specifically, they are just the most popular MS alternative in the US At 04:52 AM 12/13/2002 -0600, InfoSec News wrote: > Forwarded from: "Kuypers, Jimmy" <myemailaccountat_private> > > CMIIW, but didn't microsoft anounce to downplay alot of it's > security warnings to less then "critical" because of the many > critical patches real end-users could no longer distinquish wich > patches are truely critical (imo all are ofcourse) and then the > end-users wouldn't download any of them... This was also called the > "boy who cried wolf" effect.... > > Leme see, yes a quote : > "The Redmond-based software giant also plans to limit the "critical" > rating on security alerts to customers because of fears that too > many high-level alerts were being issued. Instead of issuing a > "critical" rating on vulnerability warnings, Microsoft has modified > its Severity Rating Criteria to specify clearly which bugs needed to > be addressed immediately. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:57:28 PST