DEBRIS.COMgood for a laugh, or possibly an aneurysm

Another day, another Windows exploit… This one inspires me to play a game called “Which of these things does not belong here?” Just select the statement that sticks out like a tattoo in a convent.

• A Microsoft official acknowledged that the risk to consumers was unprecedented.
  
• Microsoft “forcefully urged” consumers to install the patch.
  
• “Every Windows XP user needs to immediately take action.”
  
• Hackers using this exploit “could reformat your hard-drive”.
  
• “[XP] is the most secure version of Windows we have ever released.”

Ding ding ding, we have a winner! How is it that the “most secure version of Windows” is so badly broken that someone on the other side of the world can take over your computer and wipe out your hard drive? How is it that this “secure” software allows entire networks of computers to be compromised by “transmit[ting] an attack to a single Internet address?”

Scott Culp, manager of Microsoft’s security response center, may be telling the truth when he claims that XP is “the most secure version of Windows we have ever released” — but only if Win95, 98, NT, and 2000 were a lot more broken than has been reported to date.

I find it especially deceitful that he claims that complex software “will always fall short of perfection,” as if only perfect software is secure. Sure, security is difficult, but many applications and operating systems have excellent records: the MacOS, qmail, OpenBSD, Apache, djbdns…

Microsoft’s track record is lousy, in spite of their loud and frequent announcements about security. Their software is dangerous. Remember that it has been exactly one week since Microsoft announced the patch for a “critical” IE6 vulnerability, which allows third parties to run programs on your computer without your consent.

Here is the Chronicle article from which the XP exploit quotes were taken: Latest Windows versions vulnerable to unusually serious hacker attacks