ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Microsoft lashes out at Googler for making Windows vulnerability public

<< < (3/12) > >>

Problem is, Tavis Ormandy has submitted numerous security bugs and larger issues for years, and in return has waited months and years for patches. Seems like he just got tired of waiting on someone at Microsoft to write better code.

Search result: Tavis Ormandy Windows kernel vulnerability-zridling (June 11, 2010, 11:08 PM)
--- End quote ---

Frustration can certainly be damaging. I usually don't let my frustrations get the better of me unless I know that I can get away with it. :)

PS: @Renegade -- There are no "good corporate citizens." They'll all get away with whatever they can, just as Microsoft has always done. Karma ain't so fun when it's due.
-zridling (June 11, 2010, 11:08 PM)
--- End quote ---

Granted and agreed. The "corporation" is basically a license to sin. All the rights and privileges of the state with none of the responsibilities or obligations. Google apparently doesn't understand that "evil corporation" is a pleonasm. :P (Yes - I am extremely cynical on the topic of corporate agency.)

(Though I'm honestly not so hard on Microsoft ("karma"). I've seen enough of the good that they do and never get credited for. The ONLY press that Microsoft gets is bad press. If Microsoft cured cancer, the press would scream that they didn't cure lukemia. Microsoft simply cannot win. Ever.)

(Though I'm honestly not so hard on Microsoft ("karma"). I've seen enough of the good that they do and never get credited for. The ONLY press that Microsoft gets is bad press. If Microsoft cured cancer, the press would scream that they didn't cure lukemia. Microsoft simply cannot win. Ever.)
-Renegade (June 12, 2010, 12:01 AM)
--- End quote ---
MS are still sneaking unwanted stuff onto computers with their security patches, see theReg (orig from ArsTechnica). They even grey out the ability to uninstall.

Paul Keith:
Paul, no disrespect, but I think you're really off-base on this one.

Microsoft's bad security days are WAY a thing of the past. In Internet history, it's prehistoric.-Renegade (June 11, 2010, 10:21 PM)
--- End quote ---

Yeah, I understand where I can come off like this but to me, it's not prehistoric. It's just cultural understatement.

Just because Microsoft has improved in such a way that they now please security concerned techies, doesn't somehow mean their reputation has overlapped the in-grained culture their reputation has and to me, these kinds of distractive article of "Oh noes! How dare someone act disillusioned with us and not give us a chance..." counter-reaction just shows to me Microsoft is still mostly playing the PR game.

They could have easily focused on how Google botched up the security fix but instead they sensationalize this whole bad protocol to rile up the techies whom they know would over-react and turn this into a non-security by obscurity issue but instead a Google is bad issue.

Google has shown an utter disregard and disrespect for Windows users with a completely flagrant and irresponsible spit in the face to both Microsoft and all Microsoft customers (which also happen to be Google customers). Google has clearly shown that it is more concerned with hurting its competition than in caring for its customers.
--- End quote ---

And Microsoft has shown an utter disregard and disrespect for Windows users' security for years in such a way that alot of newbie users developed bad security habits.

This is a case where I'm for Google hurting the competition because even if it's unprofessional, it's a stress test for Microsoft. You've pleased the techies now let's see how you buy back people's trust. How you react to cases like this.

If these type of habits become abused to the point that it endangers Microsoft customers beyond one or two incidents, sure go ahead. Make these kind of comments as a call to action.

But this is a limited incident and the way we're now talking about it: Look! We're no longer talking about the security issue. Microsoft's complaint has now turned this into "Oh...bad bad bad Google...or...oh...MS is right on this one."


Proper disclosure of security exploits is there because of security but now even if the "technicality" of why it's wrong is still mentioned, Microsoft has turned this into political mudslinging where the big news is how Google is the evil idol instead of the security issue being at the forefront of the discussion.

4 days is very, very far from reasonable.

The reality of security is that Windows is more secure than most other operating systems by a very wide margin. Literally. (You can't stop idiots from getting hacked no matter what platform, so that's really not a valid complaint about Windows.)
--- End quote ---

It is a valid complaint because it is a cultural complaint in my opinion.

That's the disconnect though. At the end of the day, this kind of article has done it's job and eventually it's going to be the new type of FUD.

One that passes the buck not necessarily on the issues but one that creates uncertainty in what specific forefront issue needs to be emphasized, discussed and payed attention to.

Still, I'm exaggerating what hasn't happened yet but this is why things like these frustrate me.

Articles written like these are what creates rabid disconnect and prevents non-knowledgeable users to "empathize" and understand why this is a big issue. Meanwhile people with the background and knowledge ends up playing American Idol "who displeases me more on this issue because the right way was done wrong" and true they have a valid point but that point in the long run just reads "I'm siding with Microsoft now" instead of just sticking with the security reason for why it's wrong.

You could almost see it in this thread. Lots of complaints about the reporting but very little acknowledgement of the incomplete analysis and easily circumvented workaround when that is just as much a huge deal if not bigger from a security perspective and a bigger security issue considering who disclosed it.
As for this being Microsoft or anyone else -- that's largely irrelevant. The fact is that Google disclosed a security vulnerability without allowing the product vendor the opportunity to fix the problem. This is simply inexcusable and unforgivable. It doesn't matter whether it is Microsoft or anyone else. It is standard to give vendors a couple months to get the problem fixed and rolled out, much less disclose the vulnerability WITH EXPLOIT CODE!!!!!

Actually, I need to take something back. It isn't Google spitting in people's faces. That would be irresponsibly disclosing the vulnerability. They disclosed exploit code. No... Google pissed in everyone's face.

Again, that it was Microsoft only shows that Google is more interested in pissing in people's faces to spite its competition than in acting like a responsible, good corporate citizen.

I seriously doubt that this would happen for ACME Software Inc. because they're not any kind of threat or competition for Google.
--- End quote ---

Exactly. But look at your post now.

The details, the points, they're all correct. But instead of security, you're more interested in creating analogies of what Google's actions correlate with other rude actions.

At the end of the day, this is what the article has done and that's why I still side with Google on this. Not because it's Google but it's a long time coming and Microsoft's stance needs to be tested further by such acts.

I'm not saying I want the act or I support the act because at the end of the day, it's still a code exploit but there's also issues extending from that.

There's issues with Microsoft's past reputation. There's issues with competition.

...but the main important thing is, this article which was a security issue causes people to react as if it was a political or business issue and it distracts and that's why I'd rather be off-base here if this is how I come off than be satisfied at seeing how things get riled up in the wrong type of sensationalism that has caused issues to be boggled.

If this is confusing, to use politics as an analogy, this is like politicians bringing up a side issue to distract the main issue. It's not that the people suddenly are talking in wrong terms especially the knowledgeable people but the core issue has been turned to a side issue and that's only going to worsen the cultural gap of what the more important issue is eventually whenever similar future incidents gets reported like this.

A theme here with regard to corporate behaviors is certainly frustration at cutting corners (whether it's skirting regulations, using cheap fixes, slow-walking fixes, suing each other over endless frivolities -- Novell finally won, SCO finally lost! -- and so on).

Google is no exception. In fact, their rhetoric demands we hold them to their word.
Microsoft is no exception.
Neither is Apple (under FTC investigation this week).

Like it or not, these companies exert vast influence over our tech lives. No, check that: our lives! Whether it's locking out developers, raising prices, insane EULAs, patent stupidity, data liberation, or what have, we just want their products to work without ruining our data, our businesses, and wasting our time and money. But in every real world example, asking that is asking too much from a corporation! ("Corporations" aren't the problem, it's those fools who run them, give themselves hundreds of millions in compensation, and then when things go wrong because they cut corners, they claim: "No one could have known!"


This is a case where I'm for Google hurting the competition because even if it's unprofessional, it's a stress test for Microsoft. You've pleased the techies now let's see how you buy back people's trust. How you react to cases like this.
-Paul Keith (June 12, 2010, 08:32 AM)
--- End quote ---

If this were just Google kicking MS I probably wouldn't care too much myself. But it's not, it's Google putting everyone in danger. And I really mean everyone! Holes like this are how worms spread, how bot-nets grow, and how mal-intentioned individuals can bring whole internet services to their knees, regards of what OS the victims are using. There are no excuses for Google in this one!

As for buying back non-techies trust, well buy is the word, isn't it? Non-techies only believe what they see in ads, Apple has proved that. No amount of actual good deeds or responsible actions really matter these days.


[0] Message Index

[#] Next page

[*] Previous page

Go to full version