Win98 -- all kidding aside

Cybe R. Wizard cybe_r_wizard at earthlink.net
Fri Aug 1 01:36:23 UTC 2008 

Jimmy Montague <rhetoric102 at iowatelecom.net>  said:
> If I have a problem with Explorer (the Windoze file manager) Microsoft
> doesn't blow me off and tell me to consult the Explorer development
> team. Microsoft treats it as a Windoze problem and, soon as they can
> devise one, broadcasts the fix for that problem.
From: 
<http://www.wegotserved.co.uk/2008/03/10/windows-home-server-data-corruption-bug-fix-slated-for-june-2008/>
-----------------------------
Windows Home Server Data Corruption Bug Fix Slated for June 2008

Mon, Mar 10, 2008

Bugs, Windows Home Server

At long last, Microsoft today released a number of communications
around the long-standing Windows Home Server Data Corruption bug,
providing more details on the cause of the bug and outlining plans to
release a fix for the issue in June 2008.
----------------------------
From:
<http://caspian.dotconf.net/menu/Misc/Advocacy/>
----------------------------
...
4) How quickly are patches released?

      Microsoft claims on the linked site that they feel they are
plenty responsive
      to security issues. In their defense they have been getting
better. But I
      am subscribed to the BugTraq mailing list, and I can tell you
from first hand
      experience that Microsoft *routinely* ignores security issues
reported to them
      until an exploit is released to the public, at which point they
usually get a
      patch released within a week or two. Linux on the other hand is
famous for
      having patches to security vulnerabilities available within hours
of discovery.

      This is a key difference between open source and closed source
development
      models. With closed source software, the likelihood that
*anybody* has audited
      the code is relatively low. With open source software, the exact
opposite can
      be said -- the likelihood of *someone* auditing the code is high,
simply because
      it's there. It's the difference between being "proactive" and
"reactive".
      Microsoft is an extremely reactive software provider -- they
don't do in-depth
      security audits, and generally only provide fixes for each
specific bug that
      people have reported. Anything more costs money, and they're in
the business to
      MAKE money, not waste it on frivolous security audits.

      In the open source world, money isn't an issue. Instead, it's the
individual
      programmer's reputations that are at stake, and they take a
personal interest
      in the security of their code. As a result, they spend the extra
time to find
      security holes before they release code, and when a vulnerability
is found, they
      not only fix that specific bug, but also any other occurrences of
similar bugs
      throughout their code base.
------------------------------------

Does anyone else sense a M$ troll?

Cybe R. Wizard
-- 
Linux User # 126326
Ubuntu User # 2136

More information about the ubuntu-users mailing list