Monday, 8 September 2008

Patch Tuesday

I notice this morning that Microsoft are touting 4 critical security patches next Tuesday in their monthly update patch. Apparently these affect all versions of windows, including vista: http://www.theregister.co.uk/2008/09/05/ms_patch_tuesday_pre_alert/

Every time I read these things I get angry but not surprised. Remember every time MS have released a new version of windows, they always tout the "more secure" marketing jibe. This seems to make sense except that not long after they release these things, another load of patches come out which undermine the fundamental idea of security. To be fair, these patches might be related to applications rather than the Operating System but for goodness sake Microsoft, these problems have been occuring for years and you still haven't fixed your security model. You've released Vista on the promise of more security, and it certainly adds a lot in the annoyance department with all the "are you sure" messages, but still haven't thought about the underlying problems. Quite simply, it should be impossible on most configurations for a user visiting a web site to do anything dubious such as deleting or reading files off the hard disk. Why doesn't Internet Explorer simply not permit it for any site in any scenario? How many people really do need to access files from the browser, certainly not most home users.

The other problem is that saying "more secure" is not a lie. Having 10 known vulnerabilities instead of its predecessor's 100 does make it "more secure", until the next 1000 are found anyway!

I used to really like Windows. XP isn't bad but over time it has become bloated, slow and generally annoying. Linux on the other hand has got better and better and now presents me with little hassle for the fact it is fast, robust, secure and free!

Please go and buy it.
Post a Comment