[lug] Ah, yes: the much-vaunted Microsoft security

Prescott Oelke plkey at home.com
Sun Oct 28 11:33:44 MST 2001 

I read in an article on ZDNet somewhere that every third M$ patch is
designed to fix something that the 2 previous patches before it broke.
That's pretty messed up when you even have to patch the patched patches!
:)

As for their much talked about WPA security for Windows XP, I don't
think there was anyone out there who thought that it would last long.
Even the M$ security guys were saying they expected a crack for it
within a week of the release. But then you could always dig up a
corporate copy and not have to bother with it at all. M$ seems to waste
a lot of their developers' time on insanely stupid measures like this.

Prescott

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]
On Behalf Of Tony Dyson
Sent: Sunday, October 28, 2001 10:39 AM
To: lug at lug.boulder.co.us
Subject: Re: [lug] Ah, yes: the much-vaunted Microsoft security

Bear in mind also the M$ is completely *reactive* in this area. They are
playing catch-up with all their product lines, mostly in response to bad
publicity & a growing rumbling of discontent amongst the suits. Why?
Suits hate being embarrassed, & now running M$ software represents a
measurable cost in downtime, lost productivity & increased support
whilst security holes are patched & broken systems are "fixed" (a.k.a.
reinstalled).

So M$ are trying to duct-tape security onto products that were not
conceived with that objective. They are having to learn as they go
along, & the process is going to be painful for everyone. M$ recently
announced that "Windows Update" would be starting to check for server
patches, promising a "one click" solution. Sounds good, but more
recently they released a patch which broke "Terminal Server" for a
number of customers, & it took 4 days to find out why. There will be
more incidents like this down the road.

Any of us who are required to support M$ products are going to be
companions on this great adventure. What fun ...

Chris Wade wrote:
> 
> > On Sunday 28 October 2001 05:45 am, you wrote:
> > >
> > > I just can't stop laughing: Can't Microsoft do ANYTHING right with
> > > security?
> > >
> >
> > I'm not sure if its so much of that, but that they are the
> > biggest target.
> > If there's a will, there's a way.
> >
> 
> I dunno.  I've heard that Microsoft servers are known among crackers
as "low
> hanging fruit."
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list