Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft’s Trustworthy Computing initiative a bag of hot air?

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

January 23, 2006

Microsoft's recent Windows WMF fiasco underscores the company's Trustworthy Computing initiative is little more than a bag of hot air. From the beginning, the concept that Microsoft would take a long hard look at all its source code and hopefully eliminate all security bugs has been laughable at best. Doing that would require the complete rewrite, recompilation and full testing of all Microsoft software.

This is simply impossible for a company the size of Microsoft.

The WMF scandal became public when Microsoft was informed of a remotely exploitable flaw that could be triggered by opening a specially crafted WMF file.

Microsoft downplayed the severity of the flaw by saying it was not aware of any customers’ systems being compromised because of the flaw. Clearly this is not the same as someone saying customers systems have not been affected. Anyhow, a few days later, reports of various exploits circulating on the internet presumably caused Microsoft to U-turn on the issue and release its WMF patch.

Obviously, there is no hope of improving Windows security unless Microsoft becomes better at finding and fixing flaws than the outsiders.

The WMF flaw demonstrates that currently this is not the case. It also shows that Microsoft’s previous code reviews were largely ineffective, or else the flaw would have been spotted and cleaned long ago.

The key question is, how does Microsoft find flaws and how do its methods compare with those of other people?

Hackers often find new flaws by learning from past ones. When a flaw came to light in the way a web server handled HTTP chunked encoding, for example, these folk started looking at the ways other web servers handled HTTP chunked encoding. Sure enough, they found new flaws to exploit.

Presumably a significant number of people also looked at earlier TIF, GIF and JPEG flaws and realised it could be worthwhile to look at other similar file formats.

Another key question is how many people are employed by Microsoft, full time, to do this kind of work. Unless the number of Microsoft researchers significantly exceeds the number of hackers and outside researchers, then flaws will continue to be exploited before patches appear.

Over the last year or two I’ve asked most of Microsoft’s security experts these questions, and none has offered an answer.

Fair enough, you might say; after all, I don’t know how the various other units in IT Week’s parent company operate.

But with so much at stake, if a lot of effort was going on, I’d imagine Microsoft executives would say they didn’t know the answer but would find out and let me know. Such an offer has never been made.

Source: Vnunet


Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer