What an amazing quote from Rick Devenuti (Microsoft CIO):

"At any given point in time, it is hard to be 100 percent patched with any machine."

If Microsoft can't keep a machine 100% patched, who can?

I think it is funny how microsoft has tons of people find holes in their coding. Its free QA. I don't think any other software has gone through as much security scrutiny as microsoft's products.

.Net will have just as many problems as the current stuff if not more. I don't know why the MS marketing department thinks MS developers believe anything they are saying.

The real test of Microsoft's efforts to create more secure code will be with the release of .NET server and IIS6. If they don't get it right this time they NEVER will. I expect there to be vulnerabilities found. Even apache and Linux have them all the time, but they don't seem to be as critical. But thats just me.

What's with the trolling Brett? Probably 50% of your user base is using IIS, and haven't been infected in a long time. leave the religious wars on slashdot.

This kind of post really doesn't have any use here surely. And on the front page as well. I like this site as it is a nice professional setting for discussiona and posts such as this 'lets jump on the MS bashing' bandwagon really doesn't fit in.

Yeah, lets just ignore the facts for the sake of not bashing poor Microsoft. ;)

I think the thing that is amazing about it is that Microsoft could build an incredibly secure, stable product that is easy to use.

They have enough money to pay the best coders around top dollar to make that happen.

But they haven't. It just doesn't make sense why they haven't dumped a LARGE amount of money into this issue.

[edited by: grnidone at 11:03 pm (utc) on Jan. 28, 2003]

Well, MS has been hyping their Trust Worthy computing, and just announced the hiring of several thousand salesmen to promote .net and it's "secure" features.

I just think it's time we stop and realize, that anything microsoft has to say isn't worth the value of a grain of sand any more.

After CodeRed, everyone knew there would be another one of these deals that affected everyone on the net again. That just happened.

MS "owns" the press, controls the agenda, and now many of the webmasters. When is it time to say enough is enough?

A lot of people lost a lot of money on Saturday. If there was ever a time to bash M$ then surely this is it?

Or maybe our time would be better spent bashing the criminals/terrorists who are causing/exploiting these problems?

Or maybe our time would be better spent bashing the criminals/terrorists who are causing/exploiting these problems?

What about those who didn't patch their systems when the vulnerability was made public?

Let's face it, if everyone had the patches in place the SQLWorm event would have been a non-event and I'd probably be eating supper about now. :)

Pendanticist.

>>if everyone had the patches in place the SQLWorm event would have been a non-event

True. But we are human not machine

So bash MS because they spend money on marketing?

If you've written any code in .NET (especially winforms) you will see how much they've locked it down. You can't do CRAP without getting permissions from the user. Everytime i get a System.Security.SecurityException in .NET, I have to spend an hour or two tracking it down.

Finally, Sql Server is due for an upgrade called Yukon, which is supposed to come out in 2004, to bring it into line with the rest of .NET. They have a lot of products and doing a security overhaul on all of them takes time.

...if everyone had the patches in place the SQLWorm event would have been a non-event...

Microsoft didn't -
[cnn.com ]

"Microsoft Corp. itself was exposed to the virus- like attack that crippled global Internet activity last weekend because it failed to install crucial fixes to its own software on many Microsoft computer servers, according to internal e-mails obtained by The Associated Press."

zooloo

Microsoft didn't -

Yeah :) I heard that on the Network news tonight and about split a gut laughing so hard. Ohhhhhh, the ironies of life. :o

Like ish said in an earlier post to this thread:

True. But we are human not machine

One has to wonder how their new .Net & IIS6 plans will actually pan out given some employees got bit by SQLWorm too, eh?

:)

Will wonders ever cease?

Pendanticist.