Internet Explorer 7.0

[Mercifull]

It's a bloody joke :-?

 

 

 

Albeit not a very funny one :(

[battletrax]

 

 

 

Microsoft [...] doesn't care too much about security in their products.

 

 

 

 

 

 

 

I'm tired of seeing this security argument when it comes to MS. When are people going to realize that Windows being more unsecure than other OS'es is only a perception created by the larger coverage it gets ?

 

 

 

 

 

 

 

Other OS'es have just as many security holes, but nowhere near as famous as the Windows ones. As to whoever said MS doens't patch holes quickly, that's nonsense. In the past 2 years, it's improved a lot: MS rationalized their ratings of vulnerabilities and came out with a monthly cycle of regular updates, with critical updates being rolled out ASAP. Here's an example that affects a lot of us here: the latest vulnerability with the Java VM was fixed 1 day after it was discovered and was rolled out through Windows Update 5 days later. If you absolutely want the patches before they even hit Windows Update, then download Microsoft Baseline Security Anaylzer.

 

 

 

 

 

 

 

Just because it's fashionable to call MS more unsecure than others doesn't mean it's the truth. If that were the case, you wouldn't have companies running critical servers on Windows. And yes they do. And yes they'd switch in a heartbeat if MS was way more unsecure than others. Money isn't an objection when it comes to critical applications.

 

 

 

 

 

 

 

I really don't think coverage has anything to do with it. I have to concede that a big reason for windows's security problems is the larger number of people trying to find security holes, but that's not the most important problem. MS is still slow at making patches. Just becasue they roll out patches every month doesn't mean that it only takes a month for vulns to be patched... They may be improving, but they started at bad and are moving toward, but still far from, goood. Ever hear of slammer? That HUGE vulnerability was out how many months before it was patched? Microsoft didn't fix it until it was used to take down most of the internet...

 

 

 

 

 

 

 

And as for companies using windows for mission-critical apps... That's slowly changing. HP recently started using linux for it's NonStop servers, the most important and expensive servers that they produce... And that's just one example that I remembered from the news recently http://linux.slashdot.org/article.pl?si ... 6&from=rss

 

 

 

 

 

 

 

 

 

 

 

I agree that it's kind of popular to bash ms's security, but you can't say they don't deserve a lot of it.

 

 

 

 

 

 

 

I emphasized a sentence in your post. The reason ? Because I never said that. What I was trying to say was that the one-month cycle guarantees you some patching as opposed to a "when-we-fee-like-it" approach. Of course, some vulnerabilities may take more than a month. I can't say I check anymore. But when I did (and that was months ago), it took them less than a month to patch. Far from a month even.

 

 

 

 

 

 

 

Anyway, slammer was a long time ago. I believe that's part of what pushed them into doing things better too.

 

 

 

 

 

 

 

Some companied switch to Unix/Linux. Some switch to Windows. It's also fashionable to report on Microsoft's losses, rather than the other way around. ;) Perhaps sales would be more meaningful. Regardless, it seems MS reputation on the subject is going up rather than down. It's well known they used to run their own website off a Linux server. :P Obviously they switched when people found out, but anyway, they advertize Windows 2k3 server with emphasis on security, and you don't make these kind of claims lightly for a product aimed at IT specialists and business use. They'd be laughed at all the way out the door of companies if it turned out to be as full of holes as swiss cheese. :)

 

 

 

 

 

 

 

 

 

 

 

EDIT: almost forgot. EugenyG, MS "domination" started before Windows 95.

 

 

 

 

 

 

 

I have to agree that it's getting better and that the once-a-month updates are helping. It's really hard to even figure out what's more secure, because, as you said, it's much more popular to report ms's problems rather than some sort of linux flaw.

 

 

 

And I think it was after slammer that ms started using linux. I think that they had a linux server just redirecting to their IIS servers to filter out things like slammer vulns and guard against ddosses hurting their main servers. I know that they made it public early on, but I didn't know that they ever stopped lol.

[battletrax]

 

 

 

Microsoft [...] doesn't care too much about security in their products.

 

 

 

 

 

 

 

I'm tired of seeing this security argument when it comes to MS. When are people going to realize that Windows being more unsecure than other OS'es is only a perception created by the larger coverage it gets ?

 

 

 

 

 

 

 

Other OS'es have just as many security holes, but nowhere near as famous as the Windows ones. As to whoever said MS doens't patch holes quickly, that's nonsense. In the past 2 years, it's improved a lot: MS rationalized their ratings of vulnerabilities and came out with a monthly cycle of regular updates, with critical updates being rolled out ASAP. Here's an example that affects a lot of us here: the latest vulnerability with the Java VM was fixed 1 day after it was discovered and was rolled out through Windows Update 5 days later. If you absolutely want the patches before they even hit Windows Update, then download Microsoft Baseline Security Anaylzer.

 

 

 

 

 

 

 

Just because it's fashionable to call MS more unsecure than others doesn't mean it's the truth. If that were the case, you wouldn't have companies running critical servers on Windows. And yes they do. And yes they'd switch in a heartbeat if MS was way more unsecure than others. Money isn't an objection when it comes to critical applications.

 

 

 

 

 

 

 

I really don't think coverage has anything to do with it. I have to concede that a big reason for windows's security problems is the larger number of people trying to find security holes, but that's not the most important problem. MS is still slow at making patches. Just becasue they roll out patches every month doesn't mean that it only takes a month for vulns to be patched... They may be improving, but they started at bad and are moving toward, but still far from, goood. Ever hear of slammer? That HUGE vulnerability was out how many months before it was patched? Microsoft didn't fix it until it was used to take down most of the internet...

 

 

 

 

 

 

 

And as for companies using windows for mission-critical apps... That's slowly changing. HP recently started using linux for it's NonStop servers, the most important and expensive servers that they produce... And that's just one example that I remembered from the news recently http://linux.slashdot.org/article.pl?si ... 6&from=rss

 

 

 

 

 

 

 

 

 

 

 

I agree that it's kind of popular to bash ms's security, but you can't say they don't deserve a lot of it.

 

 

 

 

 

 

 

I emphasized a sentence in your post. The reason ? Because I never said that. What I was trying to say was that the one-month cycle guarantees you some patching as opposed to a "when-we-fee-like-it" approach. Of course, some vulnerabilities may take more than a month. I can't say I check anymore. But when I did (and that was months ago), it took them less than a month to patch. Far from a month even.

 

 

 

 

 

 

 

Anyway, slammer was a long time ago. I believe that's part of what pushed them into doing things better too.

 

 

 

 

 

 

 

Some companied switch to Unix/Linux. Some switch to Windows. It's also fashionable to report on Microsoft's losses, rather than the other way around. ;) Perhaps sales would be more meaningful. Regardless, it seems MS reputation on the subject is going up rather than down. It's well known they used to run their own website off a Linux server. :P Obviously they switched when people found out, but anyway, they advertize Windows 2k3 server with emphasis on security, and you don't make these kind of claims lightly for a product aimed at IT specialists and business use. They'd be laughed at all the way out the door of companies if it turned out to be as full of holes as swiss cheese. :)

 

 

 

 

 

 

 

 

 

 

 

EDIT: almost forgot. EugenyG, MS "domination" started before Windows 95.

 

 

 

 

 

 

 

I have to agree that it's getting better and that the once-a-month updates are helping. It's really hard to even figure out what's more secure, because, as you said, it's much more popular to report ms's problems rather than some sort of linux flaw.

 

 

 

And I think it was after slammer that ms started using linux. I think that they had a linux server just redirecting to their IIS servers to filter out things like slammer vulns and guard against ddosses hurting their main servers. I know that they made it public early on, but I didn't know that they ever stopped lol.