Security threats Toolkit

Story: Microsoft dodges anti-spyware charge accusations

• 
• 

For Microsoft to charge *anything* "extra" in order to protect it's customers from the *glaring* and *long-standing* security *defects* in MS' own technologies (today, ActiveX; but, mark my words, many-time-more-whiz-bangier WMI, too) would amount to nothing less than *extortion*.

Serious, peer-reviewed security was *never* built into ActiveX, WMI, the Windows Desktop (shatter-attacks), etc. from DayOne... and these security mistakes/oversights/defects are deliberately and stubbornly still being upheld by MS today as legitimate "architectural" choices.

Arguably, you can "turn-off" ActiveX (although never completely); but you can't turn off WMI/WMI scripting any more than an end-user can defend against shatter-attacks (involving maliciously crafted communications between programs running in the context of the Windows desktop).

Slapping *external* security "solutions" on top of deep and glaring *internal* software design defects, and then charging for the use of these *tatters of bandages* is best left to non-MS ISVs. (Several of these ISVs even make their anti-SpyWare products freely available for personal, non-commercial use.)

If MS is not going to go and truly fix what they got wrong (see above) from DayOne, they've got no business charging anyone anything extra for 11th-hour purchase and copy-catting of the anti-SpyWare ISVs as any kind of substitute for the Really Hard Work that is still not being done.

• 
• 

• 
• 
• 

Full Talkback thread