Geeks With Blogs
Michael Flanakin's blog Food for thought...

So, I'm skimming through a new magazine, right, and I come across a news update, "Microsoft Sued Over Security." Now, when I'm reading magazines, I generally go until I find something of interest in the IT sector that I can relate to. So, of course this one caught my eye. I figured I'd check it out to see what kind of jam old Billy-boy has gotten into this week - it's almost like the weekly comic between Garfield and Peanuts, "Little Billy and the Marketeers." So, anyway, I read the brief and it informs me that someone in LA is suing Microsoft because of a California law protecting the privacy of personal data stored in databases. The claim is that security warnings are too complex and tip off hackers about flaws. The plaintiff also claims that s/he is the victim of identity theft because of Microsoft software.

Ok, this guy (or gal) is retarded. (1) If you see a patch, install it. Now, I know a lot of techies out there will argue that, and that's fine. I do think that patches should be installed only if needed, but in the case that you don't know/understand what's going on with your computer, just install them all. Microsoft doesn't create patches for every vulnerability (*gasp, sigh*). But, they do cover a significant portion of them. And, for Microsoft to create a patch, the company has had to identify it as worth the cost to develop the patch. Let's not forget that this is all overhead costs. They don't get paid for patches, unlike some companies. (2) Complex!? Wha...? All that the warnings say is that there is a vulnerability and that by using it, someone can gain access to your system or its resources. Unless you dig too deep, Microsoft does not go out of its way to explain the problem. They just say that there's something wrong and you need to patch it. Plain and simple - download the patch, dummy! (3) Last time I read a Microsoft patch description, I didn't see any blueprints that told me how to hack into the system and what tools I need to do that. I will say that I am sure the hacking community refers to vulnerabilities on Microsoft's site and you can probably search the web to find ways to get into the system. These sites are most likely monitored, too. As I stated in point #2, Microsoft does not go out of its way to describe the problem, or, in this case, how you can use that to your advantage. Any attempts to do so are made by the person planning the attack and are probably done with less than 25% of Microsoft original response. (4) Sucks to have had your identity stolen, I'll give you that one, but...umm, did you catch the person? Did you ask this person where they got the data? Did they also show you the blueprints they downloaded from http://iwannahackthisdummy.microsoft.com? My guess is that none of these happened. Hello, McFly! How do you know where your info was grabbed from? And, as a user of said system, how do you know that it was using Microsoft technologies? Granted, there is a chance that this was all true - you can find out what technologies/software people are using; you may only have submitted personal data to one company; you may not know that we have things called automobiles. Chances are, however, that we don't know these things about the places we submit our personal info. SSN's are so easy to get nowadays, it's a wonder we still try to keep them secret. I won't even begin to get into that, though. I have yet to see any info on whether or not somebody has been caught for this crime.

Ok, so I can go on and on about this. The bottom line, however, is that this person is making outrageous claims. Don't read this as me taking Microsoft's side on security issues, though. Don't get me wrong, I think Microsoft is making an effort, but they can probably make a better one. I think we, as consumers, choose to accept their technologies and software, therefore we are stating that we accept their faults. If you can't deal with it, don't buy their software and refuse to work with anyone who does use it. I guarantee you'll be pretty lonely. It's not my fault they have some of the best positioned tools on the market. (Notice I didn't say best software.)

[Original post Sat Oct 11, 01:28:58 PM UTC]

Posted on Friday, November 14, 2003 7:28 PM IT | Back to top

Copyright © Michael Flanakin | Powered by: GeeksWithBlogs.net