quote:"You need to look at this as Microsoft Nation 1.0," said United Nations undersecretary of corporate affairs Yolanda Fremont. "Bear in mind that security is a big problem in Iraq right now, and that security is not Microsoft's strong suit. I can just picture monthly "patches" being issued in the form of commando squads or armed raids, with new problems popping up immediately after each one. The country will be at the mercy of hackers within a year."
posted
Microsoft's security isn't terrible-- implemented correctly, it's fairly strong-- but since MS has market share, popular support, and hubris out the wazoo, it's a target.
Posts: 14554 | Registered: Dec 1999
| IP: Logged |
posted
Heavens, I'm going to have to pull out one of Leto's arguments.
MOST of the security patches that MS has come up with have not been due to their penchant for open market beta-releasing. They've been due to honestly made mistakes, which EVERY OS CONTAINS.
When MS discovers a problem with their software, they GENERALLY release a patch fairly quickly.
UNIX has security flaws; Linux has security flaws; OpenBSD has security flaws. The world is more aware of MS' security flaws because MS (I know it's Windows, not MS, but I'm abbreviating) is the more prevalent operating system.
Add to that the absolutely grand way that MS continues to improve the security of their OS-- it isn't the security hole it's been made out to be, as long as the user is educated.
Again, the answer is user education-- which we expect of people who use UNIX, by the way-- MS is no different.
Posts: 14554 | Registered: Dec 1999
| IP: Logged |
posted
I'd like to point out that Microsoft's "Fairly quickly" release of security patchs consists of days to weeks, while patchs of open source flaws consist of hours or days. For example the IE insecurities of a few months ago are still getting fixed, while the Mozilla/Firefox insecurity (which is caused by an insecurity in the operating system, thusly an Windows only bug) was fixed within 24 hours. Also, Microsoft's closed source policy means that no developer or user can go in and fix any problem in their software and have to wait for it to pass through the massive beaucratic machine that results from a hugely popular proprietary application of any sort. Satyagraha
Posts: 359 | Registered: Jun 2001
| IP: Logged |