[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 4 Apr 2007 19:46:47 +0100 "Philip Whateley" <philip.whateley@xxxxxxxxxxxxxx> wrote: > Oooops > > Came across this yesterday: > > http://www.desktoplinux.com/news/NS3993153601.html > > Phil Whateley Please, everyone, if you post a link to a story, at least have the courtesy to quote something of the summary of the article so that people can choose whether to follow the link. The link above relates to: The "ANI" (Animated Cursor Image format) Windows vulnerability. > "The analysis of the bug and its history speak badly of Microsoft's > efforts in many ways: The company's patching practices came up short, > its security protection technologies came up short, and its code > analysis was shoddy. There are many reasons why this should never > have happened, and now we should all be upset about it." That is why all bug reports for all operating systems should be public. > This is from a strong Windows supporter. > > I'm just going to point one more thing. Microsoft's biggest, most > important, claim about Vista, at its launch, was that it had greatly > improved security. Why then does Vista have a major security hole > that's been in Windows since the 1990s? Now Debian does have bugs that are over 2 years old, some over 5 years old but these aren't security bugs! Windows is poor code because the source code doesn't get put in front of enough people. Peer review WORKS. MS employees are too close to the code, they sometimes can't see the wood for the trees and that is perfectly understandable. If third party software developers (like the people writing all these bespoke Windows applications that get turned into excuses not to migrate to free software) actually had full access to the Windows source code in an open and collaborative forum, all code in Windows would improve. The problem is now, the Windows source code is in such a bad state that MS dare not release the source code for fear of 1) being laughed out of the market and 2) creating a gazillion security exploits overnight. Ponder this: we only know about the security bugs in Windows that have been found - if a security bug can persist for over a decade and through all versions of Windows in that time, how many more are out there? It's not as if this was hidden away in some underused Windows versions like WinME or WinCE, it affects every recent and current version and because MS refuse to make Windows with IE, it affects every Windows box. Monopolies are bad for security, bad for users and bad for reliability. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpS0g5hKyKfw.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html