Microsoft cerebrates fifteen years of poor security

Dom · Aug 20, 2003, 12:08 AM

THAT THE Blaster worm should spread as rapidly as it did was testament to one thing only, the poor security in Microsoft's software.

In the first few months of last year Microsoft spent about eight weeks in what was reportedly an intense effort to improve the security of their software. And what a joke that turned out to be, because within a just few months we were seeing security alerts about Microsoft products that had supposedly been thoroughly checked and corrected.

These statements of 2002 were not the first time that Microsoft has declared the problem solved and buffer overflow banished. Back in September 2001 Jim Allchin, a Microsoft vice president, declared that this problem had been stamped out in Windows XP. Supposedly Microsoft had made a complete code review of its operating system and removed all the buffers which could overflow.

Microsoft has had more than 15 years to get it right and it still cannot create a secure operating system. In fact in 2002 Windows had the dubious honour of accounting for 87% of all virus infections reported to the Australian office of the Sophos anti-virus group. This came on top of about 130 vulnerabilities that were reported for Windows during the year 2000, which is an average rate of more than one every three days.

Given this kind of track record from Microsoft I am quite surprised that in jurisdictions with strong consumer laws there has never been a class action against Microsoft for selling poor quality software. Other operating systems have achieved far better security and have done so since their very early releases, so why is Microsoft unable to?

More info...

DriveEuro · Aug 20, 2003, 06:41 AM

Too imagine that they are so big and they can't fix these holes. I wonder if they incorporate some "hackers" or just people that spend day after day trying to find holes.

Aug 20, 2003, 12:08 AM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Microsoft cerebrates fifteen years of poor security THAT THE Blaster worm should spread as rapidly as it did was testament to one thing only, the poor security in Microsoft's software. In the first few months of last year Microsoft spent about eight weeks in what was reportedly an intense effort to improve the security of their software. And what a joke that turned out to be, because within a just few months we were seeing security alerts about Microsoft products that had supposedly been thoroughly checked and corrected. These statements of 2002 were not the first time that Microsoft has declared the problem solved and buffer overflow banished. Back in September 2001 Jim Allchin, a Microsoft vice president, declared that this problem had been stamped out in Windows XP. Supposedly Microsoft had made a complete code review of its operating system and removed all the buffers which could overflow. Microsoft has had more than 15 years to get it right and it still cannot create a secure operating system. In fact in 2002 Windows had the dubious honour of accounting for 87% of all virus infections reported to the Australian office of the Sophos anti-virus group. This came on top of about 130 vulnerabilities that were reported for Windows during the year 2000, which is an average rate of more than one every three days. Given this kind of track record from Microsoft I am quite surprised that in jurisdictions with strong consumer laws there has never been a class action against Microsoft for selling poor quality software. Other operating systems have achieved far better security and have done so since their very early releases, so why is Microsoft unable to? More info...

Aug 20, 2003, 06:41 AM	#2
DriveEuro HardwareHeaven Extreme Member Join Date: Jul 2002 Location: Gurnee Illinois Posts: 4,677 Rep Power: 0	Too imagine that they are so big and they can't fix these holes. I wonder if they incorporate some "hackers" or just people that spend day after day trying to find holes. __________________ [color=orange]ASUS P4P800 Deluxe [color=black]-[/color] 2.4C --> 3300mhz [color=black]-[/color] Mushkin PC3200 at 220 5-2-2-2 (cpu limited) [color=black]-[/color] BBAti 9800Pro at 430/375 [/color] [color=black]3[/color][color=gray]D[/color]M[color=black]a[/color][color=gray]r[/color]k[color=yellow]01[/color] [color=black]3[/color][color=gray]D[/color]M[color=black]a[/color][color=gray]r[/color]k[color=yellow]03[/color] 16001200 12801024