Microsoft Security Patch Said Ineffective
Posted by DavidXP on 14 February 2002 - 13:56 · no comments & 69 views
About the Author
Full name: Unknown
Forum name: DavidXP
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name: DavidXP
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
Last month Microsoft Chairman Bill Gates announced a company-wide initiative to improve the security features of its products.
Microsoft on Wednesday unveiled a collection of programming tools, including a new version of a special-purpose program that it modified to try to prevent a common hacker attack called buffer overflows, the Journal said.
Researchers at Cigital, of Dulles, Va., found that Microsoft apparently adopted a technique that has been used with the Linux operating system and shown to be vulnerable to attack, the Journal said.
As a result, the program, called Visual C++.NET, could lead programmers to write even more programs that are vulnerable to buffer-overflow attacks, the Journal alleged.
Microsoft was not immediately available to comment.
In Tuesday's motion, the states also asked the judge to appoint a technical expert to help provide "impartial opinions on the complex, highly technical issues raised by the parties."
Microsoft has rejected both requests when approached directly by the states.
Microsoft spokesman Jim Desler said the company had proved during the trial that it is impossible to remove software features from Windows without damaging the operating system.
"They're trying to relitigate issues that they did not prevail upon in the court of appeals," Desler said. "And, in doing so, they're trying to complicate this case unnecessarily."
Desler said state attorneys general are working "hand-in-hand" with Microsoft competitors, who "will stop at nothing to get access to our intellectual property."
Microsoft reached a deal with Justice in November to settle the long-running case. Nine of the 18 states in the lawsuit agreed to sign on to the deal, but nine others are pressing ahead and asking the judge to impose stricter sanctions.
During the trial, the government accused Microsoft of using its Windows monopoly to snuff out competitors who make add-on "middleware" products, such as Netscape Communications Corp.'s Navigator browser.
In a landmark ruling on the case in June, a federal appeals court dismissed parts of the government's case, but upheld a lower court's conclusion that Microsoft had used illegal tactics to maintain the Windows monopoly.
Among the illegal tactics cited by the court was the "commingling" of Windows source code with add-on middleware.
The dissenting states -- including California, Massachusetts, and Connecticut -- say the availability of a stripped-down browser, without additional features, would help restore competition to the software business.
Later in the day, lawyers for the two sides said in a joint legal filing that they cannot agree on how much time each should have to bring witnesses before the judge.
The dissenting states want each side to be limited to 20 witnesses and no more than 85 hours of testimony. They said that would amount to about three weeks of courtroom time.
Microsoft proposed that each side be allowed up to 150 hours worth of testimony, nearly double the states' proposal.
The states have in the past accused Microsoft of using legal maneuvers to drag out the proceedings and delay the outcome of the case.
But Desler said Microsoft is not stalling.
"We'd like nothing better than a short process. However, given the breadth of the states proposals, and their potential harm on industry and consumers our recommendations on time and witnesses are entirely appropriate."