Neowin.net - Microsoft software "riddled with vulnerabilities"

Microsoft software "riddled with vulnerabilities"

Posted by malebolgia on 30 August 2003 - 21:56 · 18 comments & 1035 views

The US Computer and Communications Industry Association (CCIA) has urged the US Department of Homeland Security to avoid using Microsoft software. The Washington based association, which represents members that generate over $200 billion, has issued an open letter to Tom Ridge, Secretary of the department, urging him to review his decision to choose Microsoft for its desktops and servers. It claims that last week's events relating to the Blaster and SoBig worms, have highlighted problems in cybersecurity.

The letter, from Ed Black, the association's president, said:"We believe that for software to be truly secure it must be well written from the outset with security considerations given a high priority". It accuses Microsoft of being more interested in economic marketing and competition than security and said the lack of diversity within a network system "amplifies the risk emanating from any vulnerabilities that do exist".

News source: The Inquirer

Trillian maker Cerulean Studios is interested in signing a deal with Microsoft, the company's co-founder and head developer Scott Werndorfer said in an e-mail answer to a reporter's questions.

"We're anxious to work with Microsoft on any licensing models they might have," Werndorfer said. He added that Trillian Pro 2.0, which entered beta testing on Aug. 1, supports the latest MSN IM protocol, but did not say if that means that older Trillian clients will be locked out from the MSN IM network soon or if Trillian Pro 2.0 would work with MSN IM regardless of a licensing deal.

Other clients that connect to Microsoft's IM network include Imici and Odigo.

Besides the issue of not wanting to run an IM network for other client makers to exploit, the changes to the MSN IM network also are for security and privacy reasons, Microsoft said.

"If there is unauthorized access to our network, it opens us up to potential security and privacy vulnerabilities," Gurry said. In fact, there is a yet undisclosed security flaw in Microsoft's IM network and clients, she said.

Because of this unknown flaw, Microsoft is forcing users of several older versions of its own MSN Messenger and Windows Messenger clients to upgrade to newer versions. Users that have to upgrade have been alerted via e-mail and will soon start to see notifications in their Messenger client, according to Microsoft.

MSN Messenger is one of the most popular IM services on the Internet, along with AOL's Instant Messenger and Yahoo's Messenger. Microsoft claims about 100 million unique users log on to its service each month. IM services let users exchange text messages in real time and providers have also added video conferencing, PC phone calls, gaming and other features.

Hide additional information

About the Author
Full name: Unknown
Forum name: vet

malebolgia
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

(3 replies) #1 Posted by elliot on 30 Aug 2003 - 22:14: the only thing the blaster worm highlighted was that 90% of computer users have absolutely no idea how to use them

(1 reply) #2 Posted by beatlesdb on 30 Aug 2003 - 23:24: This is typical of governments - the people who make all the complaints normally don't even use a computer - or bother to consult with their own Computer departments - but Innuendo and rumours are more than good enough for these people.

I agree that there are many vulnerabilities in Microsoft software - but this is mainly due to the fact that Microsoft have tried to create a product based on user needs - most of these needs require network and internet access.

If you want the system to be 100% safe - un-plug the network cable - DONE! But people need external access - and there will always be someone out there trying to find a security hole.

I admire the way Microsoft takes the criticism and continues to make the necessary security fixes as they are found - most people that complain about Microsoft’s lack of security rarely even visit the Windows Update site. The latest MS Blast proves this - the fix was available in JULY but so many people where still infected.

Microsoft have also tried to help this by adding the Automatic software updates to their OS - but people tend to turn this feature off as they do not understand what it is for - or are just ignorant.

#3 Posted by Electroglitter on 30 Aug 2003 - 23:25: Yup, i totally agree. Microsofts admits to holes and vulnerabilities and they issue patches and services packs. If users dont update there systems then thats not microsoft fault. they have automatic updating for a reason, as with norton auto update.

(1 reply) #4 Posted by SomeDork on 30 Aug 2003 - 23:48: Lets not forget that, personally I'm impressed as all heck with Windows 2003. Since going gold it's had 1 critical vulnerability and two more not so critical. That's comparable with any other OS out there, as long as you include the whole distribution...

The problem is the comparing unix kernels and the windows "distribution" is like comparing apples to oranges.

MS has done a fine job with patch management. The trust levels need to be raised -- we need to be able to accept an autoupdate strategy.

#5 Posted by AgEnTsMiTh on 31 Aug 2003 - 00:04: Nothing is 100% secure.

The old saying stays true to our current days. WHERE THERE IS A WILL THERE IS A WAY. As long as someone wants to create problems, they will find a way to do it.

(1 reply) #6 Posted by Octol on 31 Aug 2003 - 00:05: This story should have started out, "The CCIA, a violently anti-Microsoft industry group, urged that..."

Actually, it shouldn't have started out at all, since it isn't even news, but a mere reprint of one piece of anti-Microsoft propaganda farted out by one of Microsoft's enemies.

If this bullsh*t had an ounce of truth or legitimacy, then it would be "news" and worth publishing, but it doesn't and isn't.

Frankly, I'd never even heard of this CCIA before I read about them here, but five minutes on their website showed me what they were all about.

This crap hardly measures up to the Inquirer's low standards. I'm truly surprised that it was published here.

#7 Posted by ripgut on 31 Aug 2003 - 03:29: only newbs get viruses

#8 Posted by Zatko55 on 31 Aug 2003 - 04:49: Microsoft is a virus

#9 Posted by insurektion on 31 Aug 2003 - 05:40: Email sent to them :

"Are you guys insane. Recommending people to not use Microsoft products. Any operating system as popular and widely using as Windows is bound to be hackers #1 choice. And if a hacker wants in there is NOTHING that can stop him as long as your connected to the net. I would say Microsoft has done a tremendous job of releasing fixes and patches as necessary. You may as well not recommend breathing air as you could get sick from airborne viruses. CCIA should be Crackhead Computing Industry Association."

(1 reply) #10 Posted by gameguy on 31 Aug 2003 - 07:34: you know, sometimes i wish that in this country we didn't have freedom of the press. i know it's a good thing, but more often than not, in today's world, all i hear is crap on the news. and most of it's biased one way or the other i find out later. **** like this needs to be kept in these idiots's heads, where no one is bothered by it.

#11 Posted by DsnBehind on 31 Aug 2003 - 08:39: Then, the CCIA discovered that all software is "riddled with vulnerabilities". The year is 2003 and up is not down. Good god!

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top