Paul, no disrespect, but I think you're really off-base on this one.
Microsoft's bad security days are WAY a thing of the past. In Internet history, it's prehistoric.
Yeah, I understand where I can come off like this but to me, it's not prehistoric. It's just cultural understatement.
Just because Microsoft has improved in such a way that they now please security concerned techies, doesn't somehow mean their reputation has overlapped the in-grained culture their reputation has and to me, these kinds of distractive article of "Oh noes! How dare someone act disillusioned with us and not give us a chance..." counter-reaction just shows to me Microsoft is still mostly playing the PR game.
They could have easily focused on how Google botched up the security fix but instead they sensationalize this whole bad protocol to rile up the techies whom they know would over-react and turn this into a non-security by obscurity issue but instead a Google is bad issue.
Google has shown an utter disregard and disrespect for Windows users with a completely flagrant and irresponsible spit in the face to both Microsoft and all Microsoft customers (which also happen to be Google customers). Google has clearly shown that it is more concerned with hurting its competition than in caring for its customers.
And Microsoft has shown an utter disregard and disrespect for Windows users' security for years in such a way that alot of newbie users developed bad security habits.
This is a case where I'm for Google hurting the competition because even if it's unprofessional, it's a stress test for Microsoft. You've pleased the techies now let's see how you buy back people's trust. How you react to cases like this.
If these type of habits become abused to the point that it endangers Microsoft customers beyond one or two incidents, sure go ahead. Make these kind of comments as a call to action.
But this is a limited incident and the way we're now talking about it: Look! We're no longer talking about the security issue. Microsoft's complaint has now turned this into "Oh...bad bad bad Google...or...oh...MS is right on this one."Why?!
Proper disclosure of security exploits is there because of security but now even if the "technicality" of why it's wrong is still mentioned, Microsoft has turned this into political mudslinging where the big news is how Google is the evil idol instead of the security issue being at the forefront of the discussion.
4 days is very, very far from reasonable.
The reality of security is that Windows is more secure than most other operating systems by a very wide margin. Literally. (You can't stop idiots from getting hacked no matter what platform, so that's really not a valid complaint about Windows.)
It is a valid complaint because it is a cultural complaint in my opinion.
That's the disconnect though. At the end of the day, this kind of article has done it's job and eventually it's going to be the new type of FUD.
One that passes the buck not necessarily on the issues but one that creates uncertainty in what specific forefront issue needs to be emphasized, discussed and payed attention to.
Still, I'm exaggerating what hasn't happened yet but this is why things like these frustrate me.
Articles written like these are what creates rabid disconnect and prevents non-knowledgeable users to "empathize" and understand why this is a big issue. Meanwhile people with the background and knowledge ends up playing American Idol "who displeases me more on this issue because the right way was done wrong" and true they have a valid point but that point in the long run just reads "I'm siding with Microsoft now" instead of just sticking with the security reason for why it's wrong.
You could almost see it in this thread. Lots of complaints about the reporting but very little acknowledgement of the incomplete analysis and easily circumvented workaround when that is just as much a huge deal if not bigger from a security perspective and a bigger security issue considering who disclosed it.
As for this being Microsoft or anyone else -- that's largely irrelevant. The fact is that Google disclosed a security vulnerability without allowing the product vendor the opportunity to fix the problem. This is simply inexcusable and unforgivable. It doesn't matter whether it is Microsoft or anyone else. It is standard to give vendors a couple months to get the problem fixed and rolled out, much less disclose the vulnerability WITH EXPLOIT CODE!!!!!
Actually, I need to take something back. It isn't Google spitting in people's faces. That would be irresponsibly disclosing the vulnerability. They disclosed exploit code. No... Google pissed in everyone's face.
Again, that it was Microsoft only shows that Google is more interested in pissing in people's faces to spite its competition than in acting like a responsible, good corporate citizen.
I seriously doubt that this would happen for ACME Software Inc. because they're not any kind of threat or competition for Google.
Exactly. But look at your post now.
The details, the points, they're all correct. But instead of security, you're more interested in creating analogies of what Google's actions correlate with other rude actions.
At the end of the day, this is what the article has done and that's why I still side with Google on this. Not because it's Google but it's a long time coming and Microsoft's stance needs to be tested further by such acts.
I'm not saying I want the act or I support the act because at the end of the day, it's still a code exploit but there's also issues extending from that.
There's issues with Microsoft's past reputation. There's issues with competition.
...but the main important thing is, this article which was a security issue causes people to react as if it was a political or business issue and it distracts and that's why I'd rather be off-base here if this is how I come off than be satisfied at seeing how things get riled up in the wrong type of sensationalism that has caused issues to be boggled.
If this is confusing, to use politics as an analogy, this is like politicians bringing up a side issue to distract the main issue. It's not that the people suddenly are talking in wrong terms especially the knowledgeable people but the core issue has been turned to a side issue and that's only going to worsen the cultural gap of what the more important issue is eventually whenever similar future incidents gets reported like this.