I suspect maybe this paper is intended as a threat, a stick to beat Microsoft with. It's clear that their dominant position has made them lazy and lax. Vulnerabilities in Windows continue to appear on an almost daily basis. Microsoft patches frequently break systems or simply fail to actually provide the protection they are supposed to. (e.g., the RPC DCOM vulnerability, which can be exploited even on systems supposedly patched against it.)

Remember the old SNL skit with the tagline, "We don't care. We don't have to. We're the phone company"? That's Microsoft's position. "We don't care about security. We don't have to. We know you'll buy our stuff anyway."

Until there's real competition for Microsoft I really doubt that their attitude towards security will improve.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/190/23067#23067