Roy Schestowitz wrote:
> __/ [ Philip ] on Friday 11 August 2006 15:51 \__
>
>> The MS insecurity architecture makes it hard enough for users to keep.
>>
>> Now the US government has to goad them into keeping up with stream of
>> fixes.
>>
>>
>
http://news.yahoo.com/s/afp/20060811/tc_afp/usitinternetattacks_060811120323
>
> ...As per Microsoft's request and appeal to the government.
>
> This shows that Microsoft has some tight relationships with
> figures in the government. Can you imagine a scanrio where
> Linus Torvalds, for instance, requests Homeland Security to
> make some public announcement? More disturbing is the
> generalisation here. The governments speaks out as though
> everyone uses Windows, not attempting at all to insinuate
> that folks who made better decisions are safe and unaffected
> by the frantic stampede to patch.
>
> I would expect the uptime of any Windows box to be greater
> than 2 days. Unless, of course, it is a zombie. There are
> over 5 million of these 'in the wild', according to
> Microsoft. Cyberspace is doomed.
>
> Best wishes,
>
> Roy
When the fire brigade break into your bedroom at 2am and shout FIRE!!! They
don't break into every other house and shout YOUR HOUSE IS NOT ON FIRE!!!!
It wasn't a generalization, it was simply addressing a weakness in MS
machines, which Linux doesn't have so no need to mention it. We don't want
to be mentioned in the same sentances or paragraphs that are discussing MS
weaknesses.
I can't help feeling that the warning is a nice clue that the particular
area of the fix is likely to be a good way in to users MS PCs. The clue
being that this is an over run error on a basic active 'server' service, so
the other services are just as likely to be weak.
It wasn't discovered by MS, it was 'brought to their attention'.
So how many active externally accessible services do they have that they
were too busy to check them after all the previous over run errors that
have caused problems. You can't help wondering if MS have anyone at all
checking their code.
I know from people who work/ed for MS that each prgrammer/team is given a
tiny piece of a project, they aren't given access to the other areas and
may not even know what the final goal of the project is. So there can't
possibly be anyone checking MS software for flaws because even the
programmers don't have their hands on the code.
It is also a very sad state of affairs when it takes someone like the
military or a government department to put the boot up the arse of MS
before they will even address these problems. I say that because this
particular flaw has been around for quite some time, all currently
supported MS OS's must apply the patch, so very likely any that are no
longer officially supported also have the flaw. That is a lot of machines
that are a weakness in the world network.
|
|
