Microsoft Poses a Serious Threat to the Internet
Article by Brian Martin: Microsoft Poses a Serious Threat to the Internet
Bottom-line, what is the point of what he writes? Does anyone walk away
with new information or knowledge based on what he wrote?? His article wasted
my time. Its the same old dribble. Man, how worthless.
-Art
# 1 Re: Microsoft Poses a Serious Threat to the Internet
"Arthur Tamarack" <atamarack@hotmail.com> wrote:
>
>Article by Brian Martin: Microsoft Poses a Serious Threat to the Internet
>
>
>Bottom-line, what is the point of what he writes? Does anyone walk away
>with new information or knowledge based on what he wrote?? His article
wasted
>my time. Its the same old dribble. Man, how worthless.
>
>-Art
I have spent 10 years writing software for Microsoft platforms and have been
a vocal advocate of Microsoft all that time. I read Brian's article and
felt he voiced the concerns all of us Microsoft advocates have - the system
is broke.
I think everyone acknowledges that there are possible problems with any software,
especially something as complex as operating systems. However, there is
no real mechanism for ensuring that when known vulnerabilities are identified
and consequently corrected, the patches are filtered through the user community.
This should really be an automatic mechanism, rather than a conscious daily
activity of system administrators to check for new patches.
The other complaint that applied patches often break OS functionality or
other patches is very real. I don't know how many people out there have
had to deal with the enormous number of patches and hotfixes out there, but
it is a daunting job to apply them to one machine, let alone a group of them.
It is awful.
I personally am not about to abandon Microsoft as my web server platform,
but I sure hope they HEAR the community on this. It is getting harder and
harder to convince customers that the Microsoft solution is the "right" solution.
Something needs to be done, and it needs to happen now.
# 2 Re: Microsoft Poses a Serious Threat to the Internet
What does your community do, just rubber stamp. My community, Linux, would
tear it apart and argue about how to make fixes.
"Stuart McCafferty" <w.stuart.mccafferty@saic.com> wrote:
>
>"Arthur Tamarack" <atamarack@hotmail.com> wrote:
>>
>>Article by Brian Martin: Microsoft Poses a Serious Threat to the Internet
>>
>>
>>Bottom-line, what is the point of what he writes? Does anyone walk away
>>with new information or knowledge based on what he wrote?? His article
>wasted
>>my time. Its the same old dribble. Man, how worthless.
>>
>>-Art
>
>I have spent 10 years writing software for Microsoft platforms and have
been
>a vocal advocate of Microsoft all that time. I read Brian's article and
>felt he voiced the concerns all of us Microsoft advocates have - the system
>is broke.
>
>I think everyone acknowledges that there are possible problems with any
software,
>especially something as complex as operating systems. However, there is
>no real mechanism for ensuring that when known vulnerabilities are identified
>and consequently corrected, the patches are filtered through the user community.
> This should really be an automatic mechanism, rather than a conscious daily
>activity of system administrators to check for new patches.
>
>The other complaint that applied patches often break OS functionality or
>other patches is very real. I don't know how many people out there have
>had to deal with the enormous number of patches and hotfixes out there,
but
>it is a daunting job to apply them to one machine, let alone a group of
them.
> It is awful.
>
>I personally am not about to abandon Microsoft as my web server platform,
>but I sure hope they HEAR the community on this. It is getting harder and
>harder to convince customers that the Microsoft solution is the "right"
solution.
> Something needs to be done, and it needs to happen now.
# 3 Re: Microsoft Poses a Serious Threat to the Internet
BINGO - Arthur
"Arthur Tamarack" <atamarack@hotmail.com> wrote:
>
>Article by Brian Martin: Microsoft Poses a Serious Threat to the Internet
>
>
>Bottom-line, what is the point of what he writes? Does anyone walk away
>with new information or knowledge based on what he wrote?? His article
wasted
>my time. Its the same old dribble. Man, how worthless.
>
>-Art
Greg at 2007-11-12 0:16:51 >
# 4 Re: Microsoft Poses a Serious Threat to the Internet
"Arthur Tamarack" <atamarack@hotmail.com> wrote:
>
>Article by Brian Martin: Microsoft Poses a Serious Threat to the Internet
>
>
>Bottom-line, what is the point of what he writes? Does anyone walk away
>with new information or knowledge based on what he wrote?? His article
wasted
>my time. Its the same old dribble. Man, how worthless.
>
>-Art
"same old dribble"? Well, that seems to be what we're getting from Microsoft.
How many times do we have to point out the problems with their software before
people will just say "enough!" Microsoft pushed their products for functionality
and ease of administration. Companies that brough into this didn't bother
staffing skilled admins since you didn't need a "guru" to run a MS system.
Yet what does Microsoft do when organizations are dealing with teh worm of
the month? They blame the admins for not securing their systems.
-CF
CF at 2007-11-12 0:17:53 >
# 5 Re: Microsoft Poses a Serious Threat to the Internet
>"same old dribble"? Well, that seems to be what we're getting from Microsoft.
>How many times do we have to point out the problems with their software
before
>people will just say "enough!" Microsoft pushed their products for functionality
>and ease of administration. Companies that brough into this didn't bother
>staffing skilled admins since you didn't need a "guru" to run a MS system.
>Yet what does Microsoft do when organizations are dealing with teh worm
of
>the month? They blame the admins for not securing their systems.
>
>-CF
Part of this is Microsoft's fault, and the other part is the fault of administrators.
Yes, admins sometimes don't load the latest patches. However, the software
should NEVER have allowed buffer overruns to be an issue in the first place.
The fact that it was an issue for so long indicates a problem.
Should this surprise anyone? Not really. Microsoft has a long history as
a client software development shop, but they have just recently gotten into
server-side development in a big way. In fact, they are just now getting
really competitive in that space. This also means that those who have been
using Microsoft tools for web development all along are just getting savvy
to the web.
Microsoft needs to learn how to manage their rollouts, but they also need
to learn how to better educate their admins. Microsoft products will continue
to be the target of hack attacks. They are the "big fish," and you get a
lot more recognition for figuring out a hack for IIS than for Apache.
Does this make other web servers more secure than IIS? Not necessarily,
and that is the problem that others may not see right now. As all the hackers
are targeting IIS, Microsoft is struggling to clean up vulnerabilities.
This will ultimately make IIS a very secure web server. Nobody is paying
much attention to hacks against Apache right now, because no one is targeting
it. This means that any exploits due to bugs in the program will be around
until someone honest discovers them (honest people don't look for ways to
exploit loopholes though), and it also means that admins for Apache systems
may not be as vigilant in stopping hack attacks.
So in the end, all this "bad news" for IIS may make it stronger than the
competition. Microsoft appears to have realized it has a problem, and it
appears to be dealing with it in a very public manner. Microsoft has the
resources to make IIS secure. Let's hope they put them to good use!
Jason at 2007-11-12 0:18:55 >
# 6 Re: Microsoft Poses a Serious Threat to the Internet
>Does this make other web servers more secure than IIS? Not necessarily,
>and that is the problem that others may not see right now. As all the >hackers
>are targeting IIS, Microsoft is struggling to clean up vulnerabilities.
>This will ultimately make IIS a very secure web server. Nobody is paying
>much attention to hacks against Apache right now, because no one is >targeting
>it.
Incorrect. In its early days Apache was very insecure and was the target
of repeated attacks - that's where the name comes from: it's a "a patchy"
webserver - it needed patching all the time to make it secure. Indeed, when
it first came out, if you were running a copy of Apache that hadn't the latest
patches on it you were fair game to the cracker community.
The most disappointing thing about Mickeysoft's attitude is that they are
effectively telling us "We cannot deliver you security because it's too hard
and we're not clever enough". Well, if Mickeyosoft's in-house developers
are too thick to deliver us security, perhaps they should get the sack and
be replaced by some of those black hats who - without ever seeing Mickeysoft's
precious "source code" - manage to break their way in and deface OUR websites,
costing OUR companies precious money and resources... It seems there are
plenty of people out there who ARE clever enough!
I recently recieved a security update concerning my copy of "Windows 2000
Advanced Server"... apparently, it's copy of Windows Media Player had opened
a security hole that would allow system violation...
Excuse me? "Media Player"? Since when did an "Advanced Server" operating
system come with a media player built in? Is this where all my CPU time and
memory usage is going - to run an operating system that has a Media Player
built into it? What a joke! My company payed good money for this TOY operating
system - and it seems that all we got was a home PC games and movies platfrom
dressed up as commercial software!
I'm sorry, but in future I may be forced to buy my software off clever people.
Darren at 2007-11-12 0:19:55 >
