Tilted Forum Project Discussion Community - View Single Post - Forget California, it's time to recall Micro$oft

Sion · 08-21-2003, 05:31 PM

charliex, you have a point about the difficulties inherent in bug testing large software such as MS's operating systems. There is no doubt that it would be nearly impossible to completely, 100% eliminate EVERY possible bug or software/hardware incompatability problem that could cause WinXP (or any other OS) not to function perfectly. However, it is my opinion that security flaws both can and should be eliminated before any software product ships, especially one that comes with a built in firewall. After all, the number of network I/O ports in XP is finite, is it not? Would it be so hard for MS to assemble a small team of security experts to examine EVERY possible way into the system and securely close them before the product goes to market? I think not. As the MSBlaster worm showed, even a mediocre hacker can find and expoit these security flaws. That suggests that MS didnt do enough to eliminate the hole in the first place.

Of course, in this case it is entirely possible that MS precipitated the problem by issuing the patch, thus alerting the hacking community to the problem in the first place. It seems very likely to me that whoever createded the MSBlaster did so after MS announced the existance of the problem. In such a scenario, it is indeed the fault of the users for not implementing the patch as soon as it was available. However, MS still bears some culpability for a) not eliminating the problem before selling the product, and b) not taking a stronger proactive position to make sure all its customers knew about the existance of the patch and the danger that not running it presented.

Finally, if MS's OS wasnt so bloated with unnecessary and overly complicated code, perhaps product testing it would be a more useful endeavor.

08-21-2003, 05:31 PM	#7 (permalink)
Sion Dumb all over...a little ugly on the side Location: In the room where the giant fire puffer works, and the torture never stops.	charliex, you have a point about the difficulties inherent in bug testing large software such as MS's operating systems. There is no doubt that it would be nearly impossible to completely, 100% eliminate EVERY possible bug or software/hardware incompatability problem that could cause WinXP (or any other OS) not to function perfectly. However, it is my opinion that security flaws both can and should be eliminated before any software product ships, especially one that comes with a built in firewall. After all, the number of network I/O ports in XP is finite, is it not? Would it be so hard for MS to assemble a small team of security experts to examine EVERY possible way into the system and securely close them before the product goes to market? I think not. As the MSBlaster worm showed, even a mediocre hacker can find and expoit these security flaws. That suggests that MS didnt do enough to eliminate the hole in the first place. Of course, in this case it is entirely possible that MS precipitated the problem by issuing the patch, thus alerting the hacking community to the problem in the first place. It seems very likely to me that whoever createded the MSBlaster did so after MS announced the existance of the problem. In such a scenario, it is indeed the fault of the users for not implementing the patch as soon as it was available. However, MS still bears some culpability for a) not eliminating the problem before selling the product, and b) not taking a stronger proactive position to make sure all its customers knew about the existance of the patch and the danger that not running it presented. Finally, if MS's OS wasnt so bloated with unnecessary and overly complicated code, perhaps product testing it would be a more useful endeavor. __________________ He's the best, of course, of all the worst. Some wrong been done, he done it first. -fz I jus' want ta thank you...falettinme...be mice elf...agin...