[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Bill Gates blames the victim

At 10:28 AM 8/31/2003 -0400, Richard M. Smith wrote: 
Patching security holes is a poor substitute for avoiding them in the
first place.  If three guys in Poland can find a buffer overflow in DCOM
without access to Windows source code, why can't Microsoft?

Because Microsoft continues to build on top of already flawed code. When I was more involved in the Web Standards Project it was a HUGE windfall to have Microsoft rebuild IE from scratch from version 4 to 5. Their constant mantra is and has been - if the customers aren't asking for it, there's no business case to do it.

An interesting trend I continue to see at the ApacheCon, Black Hat and DEFCON conferences is the change in operating systems on laptops. Those content to run Linux or some flavor of BSD still are; but those hackers who used to come to conferences running Windows have now moved to OS/X. Being a hardcore Windows user since the late 80s, I myself am even ready to make the switch and the cool thing is, because of the easy-to-use Mac GUI, I can switch my mother as well.

I think if this trend continues (and I'm confident it will) then we'll begin to see larger customers of Windows move to OS/X. Then, and only then, will Microsoft HAVE to make their OS more secure but until they have a viable and business-threatening competition I don't think anything will change short of the Government taking action.

Just my $0.02....

--
B.K. DeLong
bkdelong@xxxxxxxxx
+1.617.797.2472

http://ocw.mit.edu                           Work.
http://www.brain-stream.com               Play.
http://www.the-leaky-cauldron.org        Potter.
http://www.city-of-doors.com               Sigil

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html