Micro$oft wonderment

Why is it that when Micro$oft issues security warnings, it’s never just one? I just got 3 of them in my work mailbox…

Do they wait until they have more than one to let their customers know about the flaws in their operating systems??


4 replies on “Micro$oft wonderment”

Maybe it’s like a Buy One, Get Two Free sale? If that’s the case, you’re getting a deal, and should really be more cheerful about it. 😉

Happened accross your site and saw this post. Checked cert.org and found the top three vulnerabilities:

Buffer Overflow in Sendmail
Multiple Vulnerabilities in Lotus Notes and Domino

Integer overflow in Sun RPC XDR library routines

Under the heading of “New and Notables” I found Multiple Buffer Overflows in Samba, Apache Contains DoS Vulnerability, Buffer Overflow in Sendmail, Brumley/Boneh RSA timing attack

None of them are MSFTs. How is it that everyone in the world can release code with bugs, but only MSFT gets taken to task?

Excellent point Sercata.

However, those advisories are the most recent and if you look at other ones, [http://www.cert.org/advisories/] you’d see a couple of more MSFT advisories right below them. Within a a similar time frame, on their Technet Security site you would see many more that are not even in CERT. [http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp]

As for these CERT advisories, RedHat’s already taken care of these and I only use RedHat for my linux boxes. I’d say they’re up to the task as well.. 😉

From years of experience, I have spent *much* more time patching my Windows clients and servers than I have ever done with my Linux clients and servers.

Windows is the dominant OS out there in corporate America and logic dictates that it would also be the one that gets hacked the most.

Apache and sendmail I believe are the most widely used web and e-mail server apps out there, so again logic dictates that they would be the most hacked as well.

The point is that *every* OS out there has bugs and that’s mostly because of less than great QA and testing on everyone’s part. If operating system companies spent more time putting out quality code than getting the “latest and greatest OS” out there, things would be a great deal different and we all wouldn’t gripe so much. 🙂

Comments are closed.