Microsoftheaded, hugely stupid

Jon maddog Hall maddog at li.org
Thu Sep 18 16:10:53 EDT 2003 

So, I am not really a "security minded person".  Those people I usually
simply bow to and hope that the patches come out fast enough that I can apply
them and protect my system.  But I do expect a certain amount of decorum
in getting those patches.  Usually it means going to some protected site
and doing something reasonable.

A few minutes ago I get two email messages in rapid succession.

One has the subject line "Current Update", the other has a subject line
"Current Microsoft Critical Upgrade".  Both propose to fix "all known
security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS
Outlook Express as well as three newly discovered vulnerabilities."

Both letters delivered the patches directly, via email.  Neither letter
described a way that I could tell if the patch had been tampered with, or even
if the patch had actually come from Microsoft.

Each letter had a different file attached, with a different name.  If they
both fix "all known problems", why do I have two with different names,
different lengths, etc.

Now, I have no real problem in believing that these patches really did come
from Microsoft, which actually makes the problem worse instead of better.

Why would a major software company really believe that anyone who could
say the word "secure" would apply this patch that came through the email this
way?  And if they believe that no real security person would, then why bother
sending it?  If they get Mom&Pop installing patches this way, what happens
when the very first "spoofer" hits Mom&Pop with what looks like a patch
from Microsoft?

It just makes Microsoft look even more clueless.

The really great part is that I don't have any Microsoft products anymore.
I just stay on their mailing lists to see what other incredible things they
do.

md
-- 
Jon "maddog" Hall
Executive Director           Linux(R) International
email: maddog at li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.
UNIX is a registered trademark of The Open Group in the US and other countries.

More information about the gnhlug-discuss mailing list