Re: CRIME Perspective on Criticisms leveled at Microsoft

From: Seth Arnold (sarnold@private)
Date: Tue Apr 09 2002 - 13:09:14 PDT

Next message: Crispin Cowan: "UCITA (Re: CRIME Spaf's Handouts)"

Previous message: Barry Shulak: "CRIME Perspective on Criticisms leveled at Microsoft"
In reply to: Barry Shulak: "CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Crispin Cowan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 09, 2002 at 11:44:09AM -0700, Barry Shulak wrote:
> This phenomenon ripples like a wave throughout the room. Now, please
> don't misunderstand. Microsoft has its problems, to be sure, but it's
> not the great Satan. I've wondered for a while if anyone in the
> security industry has anything good to say about Microsoft. 

Indeed; I find myself in the odd position of defending Microsoft on a
regular basis.

If the public were tired of wasting $60billion USD per year on email
virii, they would quickly migrate back to platforms that have no email
virii. The public obviously prefers dancing pigs, and Microsoft has done
a phenominal job of providing end users with those pigs. Until the
public gets tired of it and votes with their feet, I see no reason why
this should change.

As for downright good things to say about Microsoft? Plenty. Their
intended conversion to C# should mitigate the decades of problems that C
and C++ have left us. (If I recall correctly, Microsoft releases 90+
patches each year for buffer overflows .. that they announce. I imagine
they will save money by changing languages to one more buffer-overflow
resistent.)

Their new 'security focus', if it actually has translated into source
code audits as they claim, means their software is less likely to be
vulnerable to stupic mistakes -- which just leaves the inbuilt features
to worry about. (JavaScript, ActiveX, active OLE in documents, macros in
documents, wide-open settings, etc..)

But, with Microsoft's software leading the pack in terms of "annoying
references on CNN to $60 Billion USD per year lost" with several
appearances for the same stupid bugs over and over again, perhaps the
people in the audience are _right_ to snicker. Microsoft's history with
respect to security is poor. And their new attitude seems to show me
that they are ready to shed that image, and a few more years of auditing
and re-writing in C# just might do the trick.

Unless the Unix/Linux community takes a similar approach to improving
security problems, in four or five years, we may find that the tables
have turned.

Cheers

(My, what a long rant... :)

-- 
http://www.wirex.com/

application/pgp-signature attachment: stored

Next message: Crispin Cowan: "UCITA (Re: CRIME Spaf's Handouts)"
Previous message: Barry Shulak: "CRIME Perspective on Criticisms leveled at Microsoft"
In reply to: Barry Shulak: "CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Crispin Cowan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:46 PDT