Re: lets vote for better security

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 04/11/05

  • Next message: Michael Pelletier: "Re: lets vote for better security" 
    Date: Sun, 10 Apr 2005 15:20:02 -0700

    Karl Levinson, mvp wrote:

    >
    > "Michael Pelletier" <mjpelletier@mjpelletier.com> wrote in message
    > news:ix56e.31346$Xs.2907@fed1read03...
    >
    >> I have a couple:
    >>
    >> 1) Stop lying to your customers! How many times have you been said linux
    >> solutions are more costly? Linux solutions are not cheaper?
    >
    > Microsoft truly believes Linux total cost of ownership in a business
    > environment is more expensive. It's not necessarily untrue, either.
    > Total cost of ownership depends on what environment you're in.

    Honestly, this is a ploy to lie to customers. My comment was based on the
    fact that they are lying and have been caught many times.
     
    >> How many times
    >> have you been caught "sponsoring" the research behind the "studies"?
    >
    > If you're talking about the most recent study that claimed that Linux is
    > not more secure than Windows, Microsoft was not "caught" sponsoring the
    > research. The researchers fully admitted this in their report. If ou
    > didn't know this, you may have gotten your information from a news source
    > that, um, lies. If you want to invalidate the results of that report, you
    > should read it and the description of their methodology in order to make
    > substantive arguments against it.

    First, how many times have they "sponsored" "research" about this? How many
    times have they been caught lying? Answer these question then we can
    address the problems of this latestet "research"...

    >> 2) Stop bastardizing the standards. Let's face it, Microsoft is not a
    >> company known for developing new Standards on it's own (that work well
    >> and are well thought out). Let's face it, when technology people around
    >> the World get together to develop a standard they do a much better job
    >> than you.
    >
    > I can't really discuss this statement without some examples.
    >
    > A frequent Microsoft explanation for why they did something a certain way
    > is
    > because the customers requested it. This explanation is not necessarily
    > untrue.

    Again, a feeble lie. That is one thing I will say Microsoft does well. They
    KNOW how to market. The use excuses about "adding new functionality"
    because of customer request. And some people buy it hook line and sinker.
    They do it for one reason: To sustain a MONOPOLY

    >> 3) Stop using your customers for Q&A test "dummies". Face it. We pay a
    >> lot of money for your software shouldn't it include even basic Q&A
    >> testing? If not, reduce the price. And while we are at it. Take off that
    >> sticker that says, basically, you are not responsible for the quality of
    >> the software you provide....
    >
    > Do you have examples to prove this? I have one. The author of the open
    > source mangleme assessment tool that threw malformed HTML at various web
    > browsers to find code problems stated that MS IE 6 was the only browser
    > that
    > had clearly gone through Q&A. It was found that all browsers except IE
    > were fairly easy to crash, even though IE 6 that was written and Q&Aed in
    > circa 1999 was being compared with brand new versions of Firefox, Netscape
    > and
    > other non-Mozilla browsers. Are you surprised that Microsoft was using
    > better Q&A five years ago than Mozilla and all the others are doing today?
    >
    > Interestingly, even though a lot of serious vulnerabilities were found in
    > other browsers with that tool, the only one anyone remembers is the
    > so-called "iframe" IE vulnerability that was used by download.ject. The
    > public continues to think that the IE code is sloppy, despite tools and
    > assessments that show significant concerns of security and code quality in
    > third party browsers.
    >
    > Other examples of MS stringent Q&A are security patches and XP SP2. MS
    > security patches generally take 45 days to release. Most of those days
    > are
    > because of Q&A and beta testing. XP SP2 had many very long Q&A and beta
    > test periods as well.

    Not just talking about IE. I am talking about the whole.

    Now about IE. Anytime a browser is embedded into the OS like IE is you have
    to worry. This is a bad design. The browser should run like any other
    application. DO you really want to use a browser, that is used to access
    the Internet, when it is "intergated" into the OS like that? Hell no. But
    remember the history. MS did this, originally, to try and leverage IE and
    to discourage the use of other browsers....This was a business (IE
    MONOPOLY) decision not a technical one.
     
    >> 4) Stop trying to make solutions that are inoperable with other
    >> solutions. IBM did it in the 70s and lost. Digital Equipment Corporation
    >> did it in
    > the
    >> 80s and lost..You piss customers off! Work harder at better solutions
    >> than working hard at solutions that indenture your customers to you!
    >>
    >> 4) Get real about security. This involves more Q&A. This involves "less
    >> fluff and more stuff"
    >
    > They have. I'm not sure what reasons you have for not thinking they have.
    >
    > I don't agree with all of Microsoft's security decisions so far, and some
    > of their security decisions made in the past two years won't be seen until
    > the
    > next software release. But if you look at products like XP SP2 and before
    > that, IIS 6.0 and Windows 2003 Server, their security records are not bad
    > and show a lot of improvement.

    I will give you one point they have improved some. However, look at how many
    pacthes have come out for XP in the relatively short time it has been on
    the market. Can you really say it was QA'ed well? I can still take down a
    XP machine with Syn floods. This is one of the oldest DOS's around...

    >> 5) Stop "nickel and diming" your customers! You guys a billionaires do
    >> you really need more money? Come on. You do not release some technical
    >> resources unless you are a "gold" support customer? What the hell is that
    >> about?
    >
    > You're complaining about paying for technical support? Do you think those
    > resources cost nothing for MS to create? Do you know of other companies,
    > open source or not, that put out more and better free tech support
    > resources? What other company puts more or less the same knowledgebase
    > used by their tech support onto the web for free?

    What I am saying is that they make BILLIONS a year. Why not put ALL of the
    technical support online. Now, if you have inept people working for you
    that need their hand held, also offer purchased tech support. In either
    case, ALL of the technical support is ONLINE. Which is my point. Not all of
    their tech support is ONLINE...

    >> 6) Stop try to prevent/penalize me from using other solutions than
    >> Microsoft. If I choose to use Apple or Linux it is MY CHOICE NOT YOURS.
    >> If I want a hybrid solution using Microsoft, Apple, Linux IT IS MY
    >> CHOICE.
    > NOT
    >> YOURS! Stop being so damn arrogant.
    >
    > How have they penalized you?

    They penalize you by making solutions that intentionally prevent you of
    using any other solution they do not want you to use. They will NOT publish
    ALL of their APIs so people can write their own applications. You can only
    get ALL of them if you are a "partner"....Now, what I am saying is this.
    Publish ALL of the APIs so people can write applications without being a
    "partner". Who wins with this? We ALL DO. If they did this there would be a
    flood of really great apps on the market that work with everything not just
    MS. In short the consumer wins.

    >> Summary:
    >> Face it Microsoft. If you do not change you are going to lose. History
    >> has proven this. Already, the EU is looking to replace you, The German
    >> government has already started. You treat you customer like they are
    >> nothing more than mindless revenue streams who's only purpose is to serve
    >> you and your monetary needs. You lie. You arm twist. You mistreat your
    >> customers. You charge an arm and a leg use your software but then write
    >> "Micosoft is not responsible for anything" on the software packages...
    >
    > Microsoft is crying all the way to the bank. Customers [including you and
    > your employer?] must like being mistreated, because they keep buying
    > Microsoft products despite complaints about the supposedly high price,
    > poor security and poor support.

    They are probably "crying all the way to the bank with your money" and how
    stupid you are for being a masochist. Arrogance like this is a real short
    coming. History has proved that this mindset loses in the end. And to
    answer your question I run a hybrid shop. Moving away from Microsoft if
    they do not change their ways. And to answer your arrogant short sided
    statement, we ARE REDUCING our purchases every quarter....and will continue
    to do so.

    > Don't get me wrong, Microsoft like any big business has done some things
    > that can legitimately be criticized, especially if you go back further
    > than
    > the past two years. But what you've posted here sounds a bit like
    > rambling. There might be some valid points in here, I can't really tell
    > without clarification and examples.

    I think I have been clear. I am asking them:
            1) Be honest when "evaluating" your competition. Stop lying and playing
    games.
            2) Stop trying to intentionally make solutions that ONLY run on Microsoft
            3) Stop trying to alter standards and keep to the standards. Let's face it
    their strengths are not in the theoretical. They are in marketing.
            4) Open up their APIs so developers can develop software WITHOUT
    restrictions. For example, you must be a "partner" before you can get this
    kind of access.

    There are more requests but those would be a good start.
    Michael 

    -- 
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald
  • Next message: Michael Pelletier: "Re: lets vote for better security"