« If You Were Accidentally In Love
Create your own air-con »

My Bias Against Microsoft

It is an important and popular fact that I’m a bit biased against Microsoft.

Okay, so it’s not as important and not so popular. But this entry has nothing to do with the importance, nor the popularity of my bias.

After reading this ZDNet Asia article, I was appalled to learn that Microsoft won’t be giving IE a patch to cover the dialog origin vulnerability I mentioned a couple of days ago, instead saying that it is a feature, not a vulnerability and that “[t]his is an example of how current standard Web browser functionality could be used in phishing attempts”.

Standard functionality or not, it is still an attempt for phishing confidential information.

To say that it’s-a-standard-functionality-so-it-doesn’t-need-a-patch is like saying that because metal fork-and-knife set is standard cutlery, there is no need to change it to plastic ones in a commercial airplane, even though it is known that the metal set can be used in a hijacking attempt.

After all, metal cutlery is a feature, not a vulnerability and this is just an example of how current standard cutlery could be used in hijacking attempts.

Right?

Wrong.

Standard cutlery or not, they can still be used for hijacking, and that is, in fact, still a vulnerability to address.

Even when metal cutlery and sharp household items are finally allowed on board again as of April this year (at least on UK-based airlines) it is only because these airlines have upgraded the security of the airplanes, such as using “sealed cockpits, closed-circuit TV cameras and sky marshals” (source: The Sun Daily). In a way, these airlines have ‘patched’ their vulnerability before allowing such items on board again.

To Microsoft’s credit, it is mentioned in its security advisory that “[c]ustomers who already follow our general guidance about avoiding spoofing and phishing attacks are at reduced risk of being affected by this issue.”

Unfortunately, not everyone follows Microsoft’s “general guidance” (those who do, please put your hands up) and the least that Microsoft can do for these people is to update their softwares automatically. At least the number of people who do Automatic Updates are, hopefully, more than those who bother to read security guidelines.

Okay, so I’m biased against Microsoft.

But think about it. And let me know what you think of the issue.

bcc

This entry was posted on Saturday, June 25th, 2005 at 6:28 pm and is filed under Rant. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.