On Mon, 05 Jul 2004 16:10:36 PDT, Alun Jones <alun@xxxxxxxxx> said: > Microsoft employs people who care about producing good software. We're all > indoctrinated from day one that our software is used by everyone - our > parents, our neighbours, our children... It's perhaps a unique situation > compared to producers of the other OSs, where the users are usually limited > to particular sections of the community. Yes, parts of Microsoft *are* trying to do better, but there's a limit to what any single programmer can achieve without some serious buy-in from high-level project leaders. Unfortunately, there's obviously a disconnect at *some* level, because they keep shipping software that's broken in very fundemental and recognized ways (the concept of "zoned", ActiveX, and other such stuff we've known for *YEARS* is a bad security idea). There's just too much lock-in to the concept that since your software is used by everyone, it has to have all sorts of bells and whistles to make life easier for everyone... ... including black hats. Be honest now - how many times in their career has the average Microsoft programmer been indoctrinated with "Be Featureful!", and how many times have they heard "Be security-minded paranoids!"? Remember to count double/triple scores for what they heard the first 6-9 months they were there and absorbed the culture. Proof that Microsoft still needs to re-educate some high-level people: the fact that there was *any* thought given to making SP2 only install on "legal" copies and locking out pirated copies. The number of people running pirated copies that actually will buy legit ones just to install SP2 is quite likely tiny - but the number of people running pirated ones that would end up remaining insecure is much larger. This one *should* have been a no-brainer: "We screwed up, our software sucked security-wise, and to make up for it, we're giving out a freebie update for *everybody* and swallowing the profits from the 23 people who would otherwise go legit just to install SP2". > I really don't think you'll find much truck with the idea that Microsoft > employees are happy to leave their mother's home machine, or those of the > general public, open to infection. Much would be explained by the thesis that the person(s) causing the disconnect mentioned above don't have mothers... ;)
Attachment:
pgpf9twRJeWYu.pgp
Description: PGP signature
