Analysis: Pushing security patches is a fast way to fix vulnerabilities, but Microsoft goes too far.
Neil McAllister, InfoWorld
It's an unpleasant fact: Programmers write buggy code. It's not their fault. Given the complexity of modern software development platforms, bugs are inevitable. What matters is that programmers acknowledge bugs when they arise and that they take steps to correct them before they can cause any harm.
Case in point: Internet Explorer. Microsoft's browser has long been recognized as a major vector for malware and other exploits, owing to its infamously permissive design and a seemingly endless string of security vulnerabilities. So when Microsoft released a critical security update to IE in mid-April, it should have been cause for celebration. Microsoft's developers were doing their jobs. Another security hole had been closed.
[ Roger A. Grimes is skeptical of iron-clad browser security in his blog post, "The curious case of the invulnerable Web browser" | Learn more about securing your systems with InfoWorld's Security Adviser blog and newsletter. ]
Except the update wasn't just another security patch. It was Internet Explorer 8 -- an entirely new, major-numbered version of the browser. Users who agreed to install it found that it took the place of their old version of IE. Users who didn't ... well, they would have to be brave enough to ignore a "critical security update." Decisions, decisions.
No comments:
Post a Comment