DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » looking for bugs in Vista at the moment is the right thing to do, but to say that by finding a bug constitutes a security risk just makes me laugh
looking for bugs in Vista at the moment is the right thing to do, but to say that by finding a bug constitutes a security risk just makes me laugh

Symantec Continues Windows Vista Bug Hunt

I saw this article and it just made me want to cringe.  Symantec have released a report that has rightly pointed out issues and concerns with the new technology in Vista.  Every time code is changed there is a risk of inserting new security vulnerabilities, however, new code is the way of new products and the evidence from Windows Server 2003 and SP1 vs Windows 2000 shows that the processes Microsoft goes through has a real and tangible impact on the security quality of the applications.

Now, security is indeed a key feature of Vista and while we all know there will be a security patch for the product at some point, jumping up and down and pointing the finger at bad code before we have finished the security sweep or even got out of beta is not likely to reflect life once the product releases.

I have to say, this looks like someone getting a little upset with the features in Vista and therefore saying - look, you need us because they are not good at this security stuff.  Obviously I have absolutely no official connection here, just laughing at the implied statements that are being blown up in the press.

For information on the Vista security features, go have a look at http://www.microsoft.com/windowsvista/businesses/security.mspx 

ttfn

 

David

Posted Thu, Jul 27 2006 5:31 AM by David Overton
Filed under: , ,

Comments

Tim Long wrote re: looking for bugs in Vista at the moment is the right thing to do, but to say that by finding a bug constitutes a security risk just makes me laugh
on Thu, Jul 27 2006 12:39 PM

Well Microsoft is hoisted by its own ptard. This is a consequence of releasing beta software so ubiquitously. Office 2007 (and vista) are no longer beta products - they are released but unsupported. With the bits so widely available and Microsoft screaming "download it now!" then it's not really surprising that beta software starts to get the same "media attention" and security scrutiny as shipping product, when every Tom, *** and Harry are running it on their desktop. Well you know what they say - there's no such thing as bad publicity ;-)

David Overton wrote re: looking for bugs in Vista at the moment is the right thing to do, but to say that by finding a bug constitutes a security risk just makes me laugh
on Thu, Jul 27 2006 5:51 PM

Tim,

I have to disagree with you on many counts.  We have 600 million PCs world wide running Windows and 400m running Office.  Vista is no longer downloadable - it was only ever advertised to partners and strong IT Pros, which is not the majority of the populous.  It was not cover mounted, mentioned by us in the Sunday Times or Mail on Sunday.  We allowed about 2.5m licenses to be had - you have to activate Vista, so no installing it on 20 machines - and this includes the MSDN, Beta programme, partner kits etc.  Office we provide an online trial to stop people downloading, but this is less of a security impact for people as it tends to be the OS that people try to compromise.

We want feedback - there are over 1/2 million devices that work on PCs today- we can not test them all.  We are not building a product for MS users, but other people, so we want your opinion as to what works and does not work.

2.5M copies vs 600M machines means that <1/2% of the IT Base will be able to test Vista - this is not screaming to everyone to test.  Now - to our partners - yes, but we hope you would want to see how you can build a business around it.

On the scrutiny front - I personally welcome people poking holes in the product, but then suggesting these holes will nto be fixed before release is where I find it stretching the line a bit too much.

You should not (yet) find it available to every TD&H, not until we have a real release candidate, then it might go broarder, but even then I would be amazed if we distributed 10M RC copies.

ttfn

David

Add a Comment

(required)
(optional)
(required)
Remember Me?

(c)David Overton 2006-23