Advertisement
Promo

Security threats Toolkit

In association with HP

Talkback

Post a comment


Story: Microsoft dodges anti-spyware charge accusations

  • Previous comment

Posted by: Anonymous (Saturday 18 December 2004, 11:31 AM)

  • Reply

For Microsoft to charge *anything* "extra" in order to protect it's customers from the *glaring* and *long-standing* security *defects* in MS' own technologies (today, ActiveX; but, mark my words, many-time-more-whiz-bangier WMI, too) would amount to nothing less than *extortion*.

Serious, peer-reviewed security was *never* built into ActiveX, WMI, the Windows Desktop (shatter-attacks), etc. from DayOne... and these security mistakes/oversights/defects are deliberately and stubbornly still being upheld by MS today as legitimate "architectural" choices.

Arguably, you can "turn-off" ActiveX (although never completely); but you can't turn off WMI/WMI scripting any more than an end-user can defend against shatter-attacks (involving maliciously crafted communications between programs running in the context of the Windows desktop).

Slapping *external* security "solutions" on top of deep and glaring *internal* software design defects, and then charging for the use of these *tatters of bandages* is best left to non-MS ISVs. (Several of these ISVs even make their anti-SpyWare products freely available for personal, non-commercial use.)

If MS is not going to go and truly fix what they got wrong (see above) from DayOne, they've got no business charging anyone anything extra for 11th-hour purchase and copy-catting of the anti-SpyWare ISVs as any kind of substitute for the Really Hard Work that is still not being done.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters