[plug] [OT] Experts: Microsoft security gets an 'F'

Leon Brooks leon at brooks.fdns.net
Sun Feb 2 00:12:31 WST 2003


One for the BorgHaters' club (with a footnote for Macophiles):

    http://www.cnn.com/2003/TECH/biztech/02/01/microsoft.security.reut/

    "Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said
    of the Microsoft initiative. "I gave it a 'D-minus' at the beginning of
    the year, and now I'd give it an 'F."'

    [...]

    Microsoft placed responsibility [for Slammer] on computer users who
    failed to install a patch that had been available since at least last
    June.

    [...]

    "Microsoft was completely hosed (from Slammer). It took them two days
    to get out from under it," said Bruce Schneier, chief technology
    officer of Counterpane Internet Security, a network monitoring service
    provider. "It's as hypocritical as you can get."

    [...]

    In October Microsoft released a fix for a different SQL Server problem
    that if installed in the expected manner would have made patched
    systems vulnerable again, he said. "If I followed their advice I'd
    have been vulnerable."

    [...]

    However, the fruits of [Trustworth Computing] may not show up until
    future versions of products are released, said Richard M. Smith, a
    Cambridge, Massachusetts-based computer security consultant. "I'd
    rather they focus on the problems we have today." 

    "The problem is the whole patch regime has lots and lots of problems,"
    he said. "It would be much better if the software shipped from
    Microsoft with fewer problems to begin with."

    [...]

    A Consumer Reports survey last year found that virus infection rates
    on Macs are half what they are on Windows, noted Smith. "Is that
    because Macs are safer? I think the answer is yeah."

Cheers; Leon



More information about the plug mailing list