Working on it's reputation for security.

Post #39,334 by imric 5/20/02 7:04:51 PM Reply	Working on it's reputation for security. Gotta love that comment. MS is working on it's reputation for (in)security, alright, by insisting that security by obscurity is the best way to stay secure.. During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out. The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said. When Kevin Hodges, attorney for the dissenting states, asked him how many APIs would be exempt, Allchin said he did not know the exact number, but it would include APIs that deal with anti-piracy and digital rights management. Microsoft has already identified APIs involved with Windows File Protection that would be withheld, he said. When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said. So - the fact that the flaw is not discussed by the company means the flaw isn't there? Windows is secure if the flaw is undisclosed to the general public? What else can be expected of a company where reality is defined by the marketing and legal departments? Imric's Tips for Living Paranoia Is a Survival Trait Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised... Even though everyone is out to get you, it doesn't matter unless you let them win.
Post #39,387 by Steven A S 5/21/02 11:38:41 AM Reply	My question is If they know those problems are there, WHY DON'T THEY FIX THEM!!! ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton
Post #39,399 by hnick 5/21/02 1:14:41 PM Reply	Well, Duh... There's no money to be made for fixing existing products. The suckers have already paid. Suckers MAY pay for the next semi-polished turd that is ejected however. And they won't fix that either... They don't develop software, they run a software licensing business... bletch...
Post #39,470 by static 5/22/02 1:57:22 AM Reply	That's a Good quote! "They don't develop software, they run a software licensing business..." It may be worth pinching. Wade. "All around me are nothing but fakes Come with me on the biggest fake of all!"
Post #41,121 by wharris2 6/4/02 1:31:58 PM Reply	My answer is If they know those problems are there, WHY DON'T THEY FIX THEM!!! Have you had the chance to work on bad code? Many times it's more cost-efficient to make minor fixes, or ignore the problems. I'm currently working on undocumented stuff (to the point where even the setup of the process is only documented by some rather poor hand-written notes), and another batch of code that is taking 17 hours to run when it should take something like 1-2 hours at most. Both are miserable examples of code, seriously undocumented. I can't really ignore either of them, but it's taking an inordinate time to understand and correct those things I can. Famous last RPG quotes: "I'll just shoot this fireball down the dungeon passageway..."

Welcome to IWETHEY!