[TCLUG] Microsoft Makes Software Safety a Top Goal

Fri Jan 18 11:27:07 CST 2002

Take a look at The Register's take on it
(http://www.theregister.co.uk/content/4/23715.html):

"'So now, when we face a choice between adding features and resolving
security issues, we need to choose security.'

"Sounds great, but then he goes completely off the rails: 'A good example of
this is the change we made in Outlook to avoid email borne viruses.'

"Hello? Earth to Bill -- it took years of grinding public humiliation for MS
to make a simple modification preventing malicious executables from
launching automatically in Outlook. If this is Gates' idea of a security job
well done, then all we have here is another PR smokescreen."

I agree...(and yes, this is sent from a MS mailer--if anybody has had any
luck getting the serial ports to work on VMware, please send me a message
off-line)

Thanks,

James Spinti
jspinti at dartdist dot com
952-368-3278 ext. 396
952-368-3255 (fax)
----- Original Message -----
From: "Dave Sherman" <dsherman at real-time.com>
To: "TC-LUG" <tclug-list at mn-linux.org>
Sent: Friday, January 18, 2002 8:12 AM
Subject: Re: [TCLUG] Microsoft Makes Software Safety a Top Goal

> On Thu, 2002-01-17 at 10:21, Paul Overby wrote:
> > You will probably need to create a login to view this but thought I'd
pass it
> > on for anyone who cares.
> >
> > http://www.nytimes.com/2002/01/17/technology/17SECU.html?todaysheadlines
> >
> > At least it suggest that micosoft is feeling a little pressure which is
the
> > only way we are going to get better products from them.
>
> I wouldn't hold your breath. To paraphrase Bruce Schneier, Microsoft
> does not treat security as a software quality problem, they treat it as
> a public relations problem. Until they start treating it as a software
> quality problem, we will continue to see these sorts of problems
> (referring to the recent holes found in all versions of IE, from 4.0 on
> up).
>
> While Gates' email memo may have the look and sound of addressing
> security as a software quality problem, it is really just a tool to
> continue treating security as a PR problem. Else, why send the thing out
> to all the major media services?
>
> MS has a well-deserved reputation for being liars. With every new OS
> release, they claim that it is "vastly more secure" than the previous
> release, just like they claim it is "vastly more stable" than the
> previous. Well, Win2000 and XP *might* be more stable than previous
> releases of NT (and I have heard conflicting stories/opinions on that --
> my own experience says they are more stable), but the recent IE hole
> proves that on the security front, at least, MS are still liars.
>
> I subscribe to the philosophy of "show me, don't tell me". I know enough
> about Gates, Ballmer, etc., to take everything they say with a BIG grain
> of salt, and hold my own opinion until I see evidence that what they are
> telling me is true. Thus far, they have let me down almost every time
> (the exception being that Win2000 appears to actually be more stable
> than NT).
>
> Dave
> --
> Do not meddle in the affairs of dragons, for you are crunchy, and good
> with ketchup.
>
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul,
Minnesota
> http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>