On Thu, 2002-01-17 at 10:21, Paul Overby wrote: > You will probably need to create a login to view this but thought I'd pass it > on for anyone who cares. > > http://www.nytimes.com/2002/01/17/technology/17SECU.html?todaysheadlines > > At least it suggest that micosoft is feeling a little pressure which is the > only way we are going to get better products from them. I wouldn't hold your breath. To paraphrase Bruce Schneier, Microsoft does not treat security as a software quality problem, they treat it as a public relations problem. Until they start treating it as a software quality problem, we will continue to see these sorts of problems (referring to the recent holes found in all versions of IE, from 4.0 on up). While Gates' email memo may have the look and sound of addressing security as a software quality problem, it is really just a tool to continue treating security as a PR problem. Else, why send the thing out to all the major media services? MS has a well-deserved reputation for being liars. With every new OS release, they claim that it is "vastly more secure" than the previous release, just like they claim it is "vastly more stable" than the previous. Well, Win2000 and XP *might* be more stable than previous releases of NT (and I have heard conflicting stories/opinions on that -- my own experience says they are more stable), but the recent IE hole proves that on the security front, at least, MS are still liars. I subscribe to the philosophy of "show me, don't tell me". I know enough about Gates, Ballmer, etc., to take everything they say with a BIG grain of salt, and hold my own opinion until I see evidence that what they are telling me is true. Thus far, they have let me down almost every time (the exception being that Win2000 appears to actually be more stable than NT). Dave -- Do not meddle in the affairs of dragons, for you are crunchy, and good with ketchup.