On Sat, 05 Nov 2005 07:41:09 +0000, Roy Schestowitz wrote:
> __/ [Erik Funkenbusch] on Saturday 05 November 2005 07:26 \__
>
>> On Sat, 05 Nov 2005 03:54:50 +0000, Roy Schestowitz wrote:
>>
>>> Previously we discussed conflicts that arise when a user gets 'injected'
>>> with non-stop updates. The integrity of the system breaks and below is a
>>> very recent example, among many. I still get many queries from staff whose
>>> software broke due to some updates, so it's costing time.
>>>
>>> URL: http://news.yahoo.com/s/pcworld/123431
>>
>> Perhaps you'd like to read the real story?
>>
>> http://blogs.xxmsdn.com/ie/archive/2005/11/04/489256.aspx
>
> I would have read it if it came from an impartial source.
What does an impartial source have to do with it? The actual story of what
the patch does and why can come from only one source, and that's MS.
>> Are you really suggesting that Microsoft should prefer not breaking things
>> over improving security? Do you really think backwards compatibility is
>> more important than security?
>
> I think that security must be put at a high priority for exactly that reason.
> Until recently, Microsoft have not made "security their #1 priority" (as
> Gates phrased it).
>
> If patches are made essential (as in this case), there must be careful
> testing involved. Unfortunately, with time-critical patches, there is not
> enough time for thorough tests to be completed. It's a cyclic trap.
>
> Windows programmers have punished themselves and they may struggle to come
> out of this mess for years to come. Many businesses are still reluctant to
> upgrade from ME/2000.
You seem to fundamentally misunderstand the issue. This is not a case of a
bad patch breaking things inadvertantly due to improper testing. This is a
case of DELIBERATELY breaking applications that are acting in insecure ways
to improve security.
There is simply no way to avoid the breakage, because the app is being
insecure.
>> That seems to be what you're saying when you complain that tightening
>> security breaks something.
>
> I complain about security. Then I suggest that even that magic elixir, which
> is called "patches", can in fact be poison.
It's not the patch per se. The patch is just enforcing the security. It's
like complaining that a "patch" to a door installs a lock, and you can't
just open it whenever you want.
>> This is not a case of a patch breaking functionality that should work, it's
>> a case of a patch breaking something that should not have ever worked in
>> the first place.
>
> Try to tell that to your average Windows user...
So you ARE in fact saying that Microsoft should leave gaping security holes
in the OS for fear of breaking someone's insecure application.
What a hypocrite you are.
|
|
