What Microsoft needs to be doing is going back through the existing code in their current Operating Systems and finding the vulnerabilities BEFORE someone else does. That way they can roll out security fixes as part of their regular schedule and yet we can, for the most part, be safe from 0-day exploits.

My guess is this is due to their history as a top-down rather than customer-driven company. Rather than looking out for the best interests of the customers they are thinking of what will give them the next big injection of cash; that, of course, is Vista. Because of this an inordinate amount of their resources are spent on Vista, rather than finding and fixing vulnerabilities in the current code.

In the long term this diminishes their reputation in the market, driving more people to other Operating Systems. By emphasizing profits ahead of customers and employees they do themselves more harm than any blackhats ever could.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11368/32950#32950