October 3rd, 2003, 01:30 AM
With so many vulnerabilities, 4200 in 2002, Why cant M$ test their products more vigorously?
Microsoft is considering making Windows automatically download new updates and patches so its users are better prepared for outbreaks. But some of those files are huge, so what do you do if you're only on dial up? Some businesses don't even want to apply new patches because of the time it takes to test them. The problem is only made worse by yhe fact that there are literally thousands of security fixes every year. How much time would you need to spend per year to keep up with every security fix and patch? Here's what the experts estimate you'd need to do if you wanted to plug the 4,200 software vulnerabilities discovered in 2002.-----Set aside 20 minutes to read each security alert. this adds up to 175 days.-----Set aside one hour for each patch. Say you're affected by 10% of those alerts.....that's 52 days of work.-----All told, that's 227 days. Let's hope you're getting paid for this..
With so much profit being made, why cant they employ the best of the best to test all new releases to a better standard? Is it only a matter of design it, produce it, quickly test it so they can sell it to make more profit? It would'nt solve all the security issues for good but surely
it would mean a better, less vulnerable product.
I mean i have heared exploits being found in some M$ only hours after the release. Do they actually check before they sell? Or does profit come before the customer?
Seems like very poor business practice to me, but hey i suppose if you have the monopoly you can do what you want, people will still buy our producy anyways. I can only imagine the smiles of arrogance on the faces in the CEO's meetings. Sort of seems understandable that some make an effort to expose this lack of responsibility and find exploits.
Anyways just my thoughts.. TidaLphasE23
October 3rd, 2003, 01:53 AM
With so many vulnerabilities, 4200 in 2002, Why cant M$ test their products more vigorously? With so much profit being made, why cant they employ the best of the best to test all new releases to a better standard?
If you ask me the profit comes before the customer. If they didn't have so many OSes they wouldn't have so much profit. They are actually trying to corner the whole pc world if you ask me. I mean firewall, now Antivirus. If they took these ventures to the extreme. Two things would happen. They would be sued again for the same reasons they got sued over IE. Two with the speed they push out OSes it would just add another layer of explotation.
So I tell you this, don't lose any sleep over it. Switch to Mac, or Unix. Or just patch em as they throw those SP's out.
Your heart was talking, not your mind.
October 3rd, 2003, 02:53 AM
Just a few thoughts
I can remember when Microsoft used to market antivirus...........up to around Windows 3.x? Then they dropped out of the market. IBM also used to have their own AV. So Uncle Bill has seen a new opportunity and is back in the market, so to speak
I am not a great fan of autoupdates myself, but I have only just got ADSL. I like them for non-literate people though, as they will never get round to doing it manually.
Problem is, a lot of the World is still on 56.6 (only about 60% of the UK can get ADSL) and some of these patches are pretty large. What happens when the phone connection crashes in the middle.............remember we are looking at non-computer literate people here? They would need to include an autocontinue feature in the OS?...what is the betting that they will forget?
I suppose that there are two major problems with testing:
1. There are so many diverse environments out there, you can never cover them all (this is why commercial users want to test the patches on "reference machines" first)
2. There is always the commercial pressure to produce something new, particularly as *nix is encroaching rapidly into traditional Windows territory? I suspect this is the reason for a single OS (XP) approach?
Just a few thoughts.