Microsoft’s Security Lunacy (continued)

Posted Mon, Jul 5 2004 3:27 by bill

This is a continuation of my earlier rant from weeks ago.  The security issue has still not been addressed. That is to date, 25 days later.  However on day 24 of this latest security issue Microsoft did release the ADODB patch. What they didn’t tell everyone is that their disabling of ADODB being called from Internet Explorer does not address the permissions elevation issue(s) that are the root of this. No, instead they decided to just turn off ADODB from IE.  To add to them breaking of people’s thin client apps, it should be noted that Microsoft was aware of this issue over *10 months* ago.  So it has taken them 10 months to work out how to disable ADODB by removing one registry key ?  And they have the cheek to release this so called fix (talking about being liberal with grammar) and call it a *critical update* !!

You do the math.  Bill Gates recently in Australia said Microsoft is averaging a two day turn around.  Really ?  Sure doesn’t show up on Window’s update Bill.  Doing the math, this *critical update* took over 300 days, so in the last year, it would mean there were over 299 updates that took only 1 day to even out the averages to 2 days. I don’t think so.

Meanwhile the ability for internet zone code to get elevated permissions to trusted site or local machine zone continues. What will Microsoft close down next, instead of fixing the issue. How many more days will it take. This issue, the day zero exploit still remains open.

Oh and please don’t tell me that XP SP2 addresses these issues. That does nothing for people who bought windows ME while Microsoft was happily selling that to computer vendors only a couple of years ago. 

Trust worthy computing ?  When the vendor doesn’t inform customers of exploits for weeks, when it takes over 10 months to get a patch, when it takes over 24 days before they act when known exploits are published on the web ?

And as for people trying to blame the hackers, well hello, we knew they existed, we live in a world where there is unfortunately always some level of crime.  Take your home for example, you might go out on a summer’s day and leave the back door open.  But when you leave the front door and windows all open and put a sign down the road saying that this house is easily robbed, well then the story is a bit different wouldn’t you say.  Well that’s what Microsoft has done.  They knew the sign down the road was there alerting people that the front door was wide open, that Windows was wide open, and they did nothing for over 24 days.  In insurance terms MS has acted negligently, but hey, they aren’t’ the ones making the claims for damages and losses are they.  Over here, we have a saying, “keep honest people honest” and that means closing the front door.  Would you expect your house not to be burgled if you left the door open for 24 days and signs every saying it was unprotected?  Of course you would.

Filed under: