I can't agree more. In fact I wrote a nasty response to the ZDnet article the other day complaining about the exact same thing. It has become rather shiek to bash Microsoft these days. Not to mention, it makes us all feel better when we tear someone else down. It makes us feel like we have a sense of power or something.

One article was complaining that there was no egress filtering in the Windows Firewall, and spent a great deal of time discussing it. The whole goal of having a firewall was to stop the spread of worms viruses, and otherwise prevent malicious hacking. Well how is your latest RPC worm going to infect you if your computer blocks any attempts to connect to it? Egress filtering, while nice, isn't a deal-breaker, and certainly does not kill the overwhelming benefits.
Almost all of them overlooked the fact that Micrsoft recompiled core components of their OS with compilers that do a really good job flagging buffer-overflows, and similar bugs. This has been my gripe for the longest time. Security researchers can reverse-engineer Microsoft's code and find bugs in it, where Microsoft themselves can't, and Microsoft has the source! Now that they are finally going in the right direction, people are STILL complaining. If it isn't one thing it is another. The problem is that these people just destroy their own credibility. Is SP2 the best thing ever? Absolutely not, but it is a solid step in the right direction. I wanna grab every one of those reporters, round them up, and read the article you just wrote.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/265/28445#28445