Re: I feel a little let down by Microsoft - Anyone else? [SQL Slammer Worm ]

From: x y (levinson_k@excite.com)
Date: 01/26/03 

From: "x y" <levinson_k@excite.com>
Date: Sun, 26 Jan 2003 08:50:42 -0500

His point was, you see the exact same kind of programming errors in
non-Microsoft software. Check out the security advisories at www.cert.org
and you'll see plenty of proof of this. [Think of the issues in the past 6
months with Red Hat, BIND, SSH, Apache, etc.]

Compare OpenBSD with Windows. OpenBSD disables just about everything by
default. It is composed of way fewer lines of code than Windows, and their
team of programmers proactively inspect their code for security. And even
they have bugs. There's no way the OpenBSD team could deliver a product
with all the features of Windows, aimed at ease of use for home users, with
a GUI, and staying compatible with ancient non-Microsoft technologies like
DOS and NetBIOS and LAN Manager, without introducing numerous bugs. It
sounds so easy when you say "just hire more programmers," but it's not.

Someone could very easily write a second version of the Morris worm
affecting non-Microsoft platforms any time they wanted. But they don't,
because it's in their best interest to infect the platform with the best
chance of doing the most damage, e.g. Microsoft.

"Eric Pratt" <ericpratt@cox.net> wrote in message
news:#PX0loSxCHA.428@TK2MSFTNGP09...
> "So whats a software engineer to do huh?"
>
> Hire more engineers like those who found this hole.

Loading