Comments on: Microsoft: Watch out for rogue code
Sample attack code released by security firms is putting unpatched PCs at risk, the software giant claims.
Most Popular
Latest tech news headlines
- Amazon to open bricks-and-mortar stores?
December 6, 2009 12:23 PM PST
- Apple MacBook vs. HP Envy (part 2)
December 6, 2009 12:05 PM PST
- Youth using phones to harass and spy on partners
December 6, 2009 11:00 AM PST
- See all headlines
RSS Feeds
Add headlines from CNET News to your homepage or feedreader.
More feeds available in our RSS feed index.
- Markets
Related quotes
Microsoft has brought this on themselves first for not doing patches faster. Frankly the company should come to a complete stop so they can fix any problems reported. And then make matters worse because as they said in this article they rely on others to do their security testing for them.
Which also means that if these other companies waited Microsoft would fix the problem when they are ready and take credit for it. What are the other companies supposed to do wait until Microsoft gives the ok only to be made to look like fools for taking credit for finding a problem that Microsoft already fixed? You could bet that the ok would be months after the fix was in.
No I think these companies are doing the right thing. If Microsoft doesn't want to get the blame for all of these problems and the problems that comes from these security holes then Microsoft needs to start doing a better job in the development department instead of trying make other companies do all of the work for them and then Microsoft take the credit.
I for one think a lot less of Microsoft because they can't even find their own security holes. They have to have other companies with better testers and programmers do it for them. I don't think you can get much more lame than that. And, that is what Microsoft wants to guard against people thinking they are a bigger joke than they are. They don't give hoot one about the security of our systems. If you think otherwise your a fool.
Robert
It's bad enough there are security holes in windows. The general public really doesn't need bozos like this publishing proof of concept code before most it guys get into work to patch their systems.
- Unspoken Law
- by February 14, 2005 5:57 AM PST
- Microsoft shouldn't be pointing a finger to the two companies who published the code. Everyone knows Windows is a sieve anyways. Besides, if Microsoft was really concerned about the speed in which people apply updates, it should make Windows Update so that it indicates there is an update available when an update gets published...not three days later which is the case that a lot of systems report "Updates Available". Microsoft seems to like to scatter new update notifications likely to ease the load on their download servers...
- Like this Reply to this comment
-
-
- Ignorance hurts
- by aabcdefghij987654321 February 14, 2005 7:38 AM PST
- Such a large percentage of the internet is composed of MS based machines that if MS tried to send the updates to everyone all at once (as you suggested) then the internet connections to MS would be too jammed for anyone to get through and the patch would take even longer for everyone to get it.
- Like this
-
(7 Comments)The criticism for releasing POC code hours after the fix becomes available is valid but then you get into yet another debate about how long to wait before it would be ok to publish such code.
It should also be understood that the description of the problem plus examining the old code vs the new code is enough for many people to recreate the POC code on their own and because of that it's quite possible that a miscreant could create a working exploit and have it running before the "delayed" announcement containing POC code.
Regardless, the author of any virus/trojan (not the author of a POC unless they make it a complete virus) is still wholly and completely the person to blame for their actions.