| </span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by
there are thousands of patches ready for download on their website<hr size="1" /></blockquote><span class='postcolor'>
Ahuh, and you dont look at that and say 'hey, there are THOUSANDS of patches, maybe we should help the user update them every ten nano-seconds when another fault exists'. I am a programmer, I am also a proffessional security analysist (read: whitehat).
Microsoft IS negligent, would you like to know why these problem's exist? buffer overflow's are the result of poor programming, believe it or not, if you send a dynamically-sized variable, into a fixed sized one, then you really wonder what you were trying to do when you set it to be fixed in the first place.
Take a look at linux, it generally suffer's from less of these incursions for two reasons I can think of:
1) Linux programmer's tend to look for peer acceptance of their code, thus check it, and try make it as well written as possible
2) Code is then reviewed before endering the Kernel
Then look at microsoft programmer's:
1) I'm being paid to write this, not to write it well
2) My boss isnt going to check this.
Thus you have a clear divide that could be called negligence. Consider a comparison with the car industry, if say GM didnt crash-test their vehicles, and thouroughly test them, they would be negligent, why should the software industry be any different, when we have nuclear reactor's running on WinNT (which incidentally was the cause of that major blackout)
...
-Gwala |