Win98 -- all kidding aside
Cybe R. Wizard
cybe_r_wizard at earthlink.net
Fri Aug 1 01:36:23 UTC 2008
Jimmy Montague <rhetoric102 at iowatelecom.net> said:
> If I have a problem with Explorer (the Windoze file manager) Microsoft
> doesn't blow me off and tell me to consult the Explorer development
> team. Microsoft treats it as a Windoze problem and, soon as they can
> devise one, broadcasts the fix for that problem.
From:
<http://www.wegotserved.co.uk/2008/03/10/windows-home-server-data-corruption-bug-fix-slated-for-june-2008/>
-----------------------------
Windows Home Server Data Corruption Bug Fix Slated for June 2008
Mon, Mar 10, 2008
Bugs, Windows Home Server
At long last, Microsoft today released a number of communications
around the long-standing Windows Home Server Data Corruption bug,
providing more details on the cause of the bug and outlining plans to
release a fix for the issue in June 2008.
----------------------------
From:
<http://caspian.dotconf.net/menu/Misc/Advocacy/>
----------------------------
...
4) How quickly are patches released?
Microsoft claims on the linked site that they feel they are
plenty responsive
to security issues. In their defense they have been getting
better. But I
am subscribed to the BugTraq mailing list, and I can tell you
from first hand
experience that Microsoft *routinely* ignores security issues
reported to them
until an exploit is released to the public, at which point they
usually get a
patch released within a week or two. Linux on the other hand is
famous for
having patches to security vulnerabilities available within hours
of discovery.
This is a key difference between open source and closed source
development
models. With closed source software, the likelihood that
*anybody* has audited
the code is relatively low. With open source software, the exact
opposite can
be said -- the likelihood of *someone* auditing the code is high,
simply because
it's there. It's the difference between being "proactive" and
"reactive".
Microsoft is an extremely reactive software provider -- they
don't do in-depth
security audits, and generally only provide fixes for each
specific bug that
people have reported. Anything more costs money, and they're in
the business to
MAKE money, not waste it on frivolous security audits.
In the open source world, money isn't an issue. Instead, it's the
individual
programmer's reputations that are at stake, and they take a
personal interest
in the security of their code. As a result, they spend the extra
time to find
security holes before they release code, and when a vulnerability
is found, they
not only fix that specific bug, but also any other occurrences of
similar bugs
throughout their code base.
------------------------------------
Does anyone else sense a M$ troll?
Cybe R. Wizard
--
Linux User # 126326
Ubuntu User # 2136
More information about the ubuntu-users
mailing list