ZD Net Announcements reports:
Microsoft Announces 22 NEW Security Flaws
Isn’t time to look for an alternative to Bill Gates’ Microsoft Windows fourl ups?
There’re already plenty alternatives. Don’t like Microsoft why don’t you try one of the others?
I’d be more suprised if Microsoft announced 22 REALLY OLD security flaws, like if they identified new buffer-overflow vulnerabilies with DOS 3.3 or Microsoft Bob.
Security flaws exist in all software. Microsoft should not be flogged for announcing theirs. Indeed, the legitimate criticism of Microsoft in the past was that they concealed security flaws instead of announcing them, claiming that announcing them just encouraged exploits. The truth is that announcing them lets sysadmins take what steps are needed to protect unpatched systems.
The hope is that Microsoft will correct flaws promptly and not wait to find resolutions to these flaws until they are forced to by bad publicity. Microsoft is doing better than it did. Two years ago, Microsoft dismissed cross site scripting vlunerabilities as unimportant. Since then they have started to treat them like real threats, patched several of the know ccs vulnerabilities and has even taken steps to better secure 2003 in ways that show that they “get” the issues involved.
Other software is fine and dandy, I encourage you to use it. I encourage you to level legitimate criticism at Microsoft, but this is not legitimate criticism. How many products won’t have at least 22 bugs in their life cycle? The advantage in open source software is that the vulnerabilities can be patched by anyone, and the flaws are generally openly announced so that sysadmins can know about them nearly as fast as the black hats do. In the past Microsoft has preferred to say, “What bug? Pay no attention to that man behind the curtain!” and then sue anyone that publicized vulnerabilities. Announcing flaws should be encouraged, not used as a lame excuse to flame them.
Is this a debate? How?
Whether or not it is time to look for an alternative to MS is a personal, subjective decision for individuals and companies.
I use Red Hat Fedora Core 2 Linux, and Mandrake 10 Linux. Quite often, there are updates because security issues are found. It doesn’t seem like any less than with my Windows XP machines.
I dislike Windows to the point that I’d pay $2000 for a used Quadra with System 7 if it were the only alternative to using Windows as my primary OS.
But I think this is an unfair rant. Credit where it’s due, to the extent that it’s due, at least Microsoft is probing for holes and issuing patches. Correct me if I’m wrong, but I thought they had a (well-earned) reputation for mostly ignoring them, so this looks like movement in the right direction.
Of course they’re probably more vulnerable in the marketplace than they used to be w/regards to security issues, so now it matters more to them.