On Mon, May 19, 2014 at 3:28 PM, Fred Baker (fred) <fred@xxxxxxxxx> wrote: > Several people have replied to the tone of your email. Let me reply with a > bit of somewhat-technical commentary. > > In their defense, Microsoft has taken a pretty strong approach to software > quality over the past decade plus. Frankly, poor software quality has hurt > them. It is in their interest to fix it for several reasons, not just this > one. That is perhaps one of the best arguments for their current campaign to > move their users from Windows XP-and-older to their latest operating systems > - it reduces their support costs and improves the quality of their brand. If we were going to start pointing fingers. Buffer overruns are an invention of Dennis Richie and UNIX. Microsoft Basic, the last code Bill Gates wrote himself had memory management and garbage collection on strings. Windows 95 was never designed to be an Internet operating system. Microsoft changed course on that in mid 1995 just after the launch of Windows 95. Windows XP was designed to be the last phase of the bridge to a fully accounts based security model. I remember that when Vista came out there was a huge amount of complaining from system admins whose lazy shiftless persons would actually have to do some work as a result of the new security model. So instead of that they yammered on about Vista not being any good and did their best to drag their feet. All the while knowing that the Windows XP security model was compromised by the need for backwards compatibility to Win 95. Even today most of the NSA runs on Windows XP or earlier. Which is how Snowden was able to extract all that data. And in the PKIX working group we had DoD contractors trying to block any changes to the specs that would force updates on the Netscape CA used by the DoD PKI that has cost over a billion dollars to deploy. There are certainly security problems on the net. But claiming that they are exclusively the fault of one party hides the fact that there is far more blame to go round.