[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Neil Williams wrote: > On Wed, 4 Apr 2007 19:46:47 +0100 > "Philip Whateley" <philip.whateley@xxxxxxxxxxxxxx> wrote: > > >> Oooops >> >> Came across this yesterday: >> >> http://www.desktoplinux.com/news/NS3993153601.html >> >> Phil Whateley >> > > Please, everyone, if you post a link to a story, at least have the > courtesy to quote something of the summary of the article so that > people can choose whether to follow the link. > > The link above relates to: > The "ANI" (Animated Cursor Image format) Windows vulnerability. > > >> "The analysis of the bug and its history speak badly of Microsoft's >> efforts in many ways: The company's patching practices came up short, >> its security protection technologies came up short, and its code >> analysis was shoddy. There are many reasons why this should never >> have happened, and now we should all be upset about it." >> > > That is why all bug reports for all operating systems should be public. > > >> This is from a strong Windows supporter. >> >> I'm just going to point one more thing. Microsoft's biggest, most >> important, claim about Vista, at its launch, was that it had greatly >> improved security. Why then does Vista have a major security hole >> that's been in Windows since the 1990s? >> > > Now Debian does have bugs that are over 2 years old, some over 5 years > old but these aren't security bugs! > > Windows is poor code because the source code doesn't get put in front > of enough people. Peer review WORKS. MS employees are too close to the > code, they sometimes can't see the wood for the trees and that is > perfectly understandable. If third party software developers (like the > people writing all these bespoke Windows applications that get turned > into excuses not to migrate to free software) actually had full access > to the Windows source code in an open and collaborative forum, all code > in Windows would improve. The problem is now, the Windows source code > is in such a bad state that MS dare not release the source code for > fear of 1) being laughed out of the market and 2) creating a gazillion > security exploits overnight. > > Ponder this: we only know about the security bugs in Windows that have > been found - if a security bug can persist for over a decade and > through all versions of Windows in that time, how many more are out > there? It's not as if this was hidden away in some underused Windows > versions like WinME or WinCE, it affects every recent and current > version and because MS refuse to make Windows with IE, it affects > every Windows box. Monopolies are bad for security, bad for users and > bad for reliability. > > Hmm, I think I'll show this to a friend at work who has just bought a laptop running Vista. I suggested he move over to Linux the other day. At least he's thinking about having it installed on his Desktop. Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html