[plug] [OT] Experts: Microsoft security gets an 'F'
Leon Brooks
leon at brooks.fdns.net
Sun Feb 2 00:12:31 WST 2003
One for the BorgHaters' club (with a footnote for Macophiles):
http://www.cnn.com/2003/TECH/biztech/02/01/microsoft.security.reut/
"Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said
of the Microsoft initiative. "I gave it a 'D-minus' at the beginning of
the year, and now I'd give it an 'F."'
[...]
Microsoft placed responsibility [for Slammer] on computer users who
failed to install a patch that had been available since at least last
June.
[...]
"Microsoft was completely hosed (from Slammer). It took them two days
to get out from under it," said Bruce Schneier, chief technology
officer of Counterpane Internet Security, a network monitoring service
provider. "It's as hypocritical as you can get."
[...]
In October Microsoft released a fix for a different SQL Server problem
that if installed in the expected manner would have made patched
systems vulnerable again, he said. "If I followed their advice I'd
have been vulnerable."
[...]
However, the fruits of [Trustworth Computing] may not show up until
future versions of products are released, said Richard M. Smith, a
Cambridge, Massachusetts-based computer security consultant. "I'd
rather they focus on the problems we have today."
"The problem is the whole patch regime has lots and lots of problems,"
he said. "It would be much better if the software shipped from
Microsoft with fewer problems to begin with."
[...]
A Consumer Reports survey last year found that virus infection rates
on Macs are half what they are on Windows, noted Smith. "Is that
because Macs are safer? I think the answer is yeah."
Cheers; Leon
More information about the plug
mailing list