• MS whines that they were out of the loop on security problems

    by  • 12/28/2004 • geek • 1 Comment

    A rather large security hole is uncovered, again centered around image loading, and MS gets pissy that the public was notified.

    “Microsoft is disappointed that Xfocus took actions that could put computer users at risk by not following the commonly accepted industry practise of privately reporting security vulnerabilities to software vendors,” the spokeswoman said.

    One of the items on the XFocus page remains a problem post service pack 2, and the others may not be an issue, though I’m not sure if that is only thanks to the firewall that’s installed as part of the obnoxious “upgrade” to XP Service Pack 2.

    I think that it’s time to start comparing bug numbers in the same way that Microsoft’s reports do when they claim that they have fewer bugs than Linux. They count one separate security issue or bug for each distribution; if there’s an denial of service issue in PHP, they’ll count that same issue multiple times across distros and platforms. Using this tactic for this series of problems lists by XFocus, Windows adds 35 new security holes / bugs / design flaws right here. That would be crazy, that’s why it’s not counted like that…

    I suppose that Microsoft has a bit of a point in being a little bit pissy, or they would have if they were a bank. I mean, putting a big sign up about how to compromise a bank’s security before you inform the bank might be seen as in poor taste. However, Windows isn’t a public utility or service, and I’m not sure that they deserve the same level of respect or consideration that a bank should receive.

    About

    One Response to MS whines that they were out of the loop on security problems

    1. 12/28/2004 at 4:26 pm

      I suppose that Microsoft has a bit of a point in being a little bit pissy, or they would have if they were a bank. I mean, putting a big sign up about how to compromise a bank?s security before you inform the bank might be seen as in poor taste. However, Windows isn?t a public utility or service, and I?m not sure that they deserve the same level of respect or consideration that a bank should receive.

      Windows may not be a public utility or service but I and millions of other people do use it just as much as water, electricity or banks and learning about a vulnerability does me no good as I can’t muck around in the code and close the hole myself. I’d rather that Microsoft learn about it, fix it, test it then I get a patch.

    Leave a Reply

    Your email address will not be published. Required fields are marked *