Re: I think I have Becky's computer gremlin

From: leslie (LESLIE_at_JRLVAX.HOUSTON.RR.COM)
Date: 06/30/04 

Date: Wed, 30 Jun 2004 11:02:46 GMT

Anne Carle (acarle@munge.com) wrote:
: You're right, there has been a dramatic change in Net safety over the
: last decade or so, and the mindset behind the shananigans is
: disturbing. Obviously someone who hacks to perform identity theft for
: monetary gain has a motive, but the hackers who write malware that
: does nothing more productive than destroy computer function are just
: plain emotionally disturbed. I really don't understand the "need"
: behind anyone who performs malicious mischief of any kind. If it's
: like Clinton's revelation ("Just because I could...), then how can we
: motivate these people to channel their creativity into truly
: productive, even lucrative endeavors? What evil makes someone destroy
: something just because they can? It's soooo ugly!
:

Why is Microsoft's poor security so widely tolerated ?

   http://www.theinquirer.net/?article=11108
   Microsoft cerebrates fifteen years of poor security

  "Microsoft cerebrates fifteen years of poor security
   Augmented by the Infernet

   By EURuromole: Tuesday 19 August 2003, 11:53

   THAT THE Blaster worm should spread as rapidly as it did was testament
   to one thing only, the poor security in Microsoft's software.

   [snip]

   Microsoft has had more than 15 years to get it right and it still
   cannot create a secure operating system. In fact in 2002 Windows had
   the dubious honour of accounting for 87% of all virus infections
   reported to the Australian office of the Sophos anti-virus group. This
   came on top of about 130 vulnerabilities that were reported for
   Windows during the year 2000, which is an average rate of more than
   one every three days.

   Given this kind of track record from Microsoft I am quite surprised
   that in jurisdictions with strong consumer laws there has never been a
   class action against Microsoft for selling poor quality software.
   Other operating systems have achieved far better security and have
   done so since their very early releases, so why is Microsoft unable
   to?

   As for secure operating systems, ask IBM users about the security of
   their operating systems prior to AIX which itself introduced the usual
   Unix problems. Or ask OpenVMS users about its security. Its bug list
   is still in the low double digits after about 30 major and minor
   versions in its 25 years, which is a sharp contrast to Microsoft's 130
   problems in year 2000 alone!

   OpenVMS is even more relevant to Microsoft because about 1989 it
   acquired about 20 software engineers from Digital's cancelled Prism
   project which was developing an operating system called Mica. These
   engineers were the designers for Microsoft's NT and borrowed a large
   number of concepts from OpenVMS, but unfortunately the security
   concepts were not included. Was it a matter of meeting release
   deadlines, potential breakage of other code or keeping third party
   software houses happy? We will probably never know.

   Microsoft relies on the users to apply the stream of patches for
   Windows but many users are unaware of the patches or where to find
   them, and they are often reluctant to download large patches which can
   take hours over a dialup line. The frequency can be overwhelming and
   some users just ignore any problems that do not directly affect them.
   Microsoft's attitude seems to be so what if the virus mail bombs other
   users, so long as no damage happens to my system.

   And wrapped around all this is the quite reasonable argument that if
   Microsoft cannot produce secure product releases then its ability to
   produce secure patches just as suspect.

   In recent years Microsoft has had the gall to receive an award for its
   security from the Department of Defense (perhaps the first award for
   "lowering the bar" in many years) and another reward for the manner in
   which it created tools to allow users the ability to automatically
   patch their software versions. It is simply beyond a joke..."

The remainder of of the article goes into possible solutions.

What's more frightening is the use of Microsoft operating systems in
mission-critical applications such as pipeline control, the Navy's
Smart Ship systems, and in at least one air-traffic control system.
(Swiss).

Jerry

Quantcast