|
Microsoft Security: An Oxymoron
Mike Hudack
Editor
In the past month Hotmail, a part of the Microsoft Network, has experienced two major security problems. Internet Explorer and Outlook have experienced three major security problems. Windows 9x and Windows NT are experiencing numerous persistent major security problems. Is Microsoft serious about security?
Give me a break! They´ve been going at it for years. They´ve been in the business for decades now -- you´d think they´d know how to secure a product. Granted, when trying to make a "feature-rich" (read: bloatware-rich) product you´re more likely to have security problems. The real issue here is not their security problems but rather their reaction to the security problems.
According to someone who helped develop the Hotmail security hole (the latest one, that is), it´s been public for about a year. Likewise, things like Back Orifice (which is, by the way, a legitimate tool) use security problems which Microsoft refuse to admit exist.
Most software companies hire security experts to check out their software pre-release. Microsoft supposedly does this to some extent, but obviously not enough. A Microsoft spokesperson contacted for the purposes of this story didn´t respond in time for publication.
Microsoft can certainly afford to hire a few more consultants to check their code and attack it... So why don´t they?
Granted, when a problem is discovered, it´s posted on Microsoft´s Security site. The problem is that it takes SO long for them to fix these problems, sometimes weeks.
Related Links:
OSAll BBSystem |
