I think it has quite a lot to do with ease of use. The mindset may be
that products that are easier to use will sell more copies. If you have
to go into an application and set a couple hundred options just to
allow/disallow things, then people may not want to use the product.
Being easy to use right out of the box is a huge selling point for MS.
I dont think it is a matter of demanding insecure features, I think it
is more of demanding to do whatever they want to configure the
application to suit their needs, which then opens up security risks.
They need to keep it open enough so that when someone creates a custom
form in Outlook, they dont have to programatically check various
registry keys and settings to see if the necessary settings are
available and if they are not, enable them.
For a developer having to write 600 lines of code to make sure
everything is set right before launching the form would be an enormous
amount of work compared to editing a key to allow .exe files to show up.
Granted that may be the more secure way of doing things, but then people
may not want to develop for that platform.
Microsoft made a lot of money off Windows and Office being extremely
easy to develop for and use. With that there is security risks. If they
started to make it difficult and a lot of work for developers, they
would loose a portion of the bread and butter. There would be a lot less
MS/Windows/Office developers out there. Which I guess isnt a BAD thing.
:-)
Mike
-----Original Message-----
From: Benjamin Scott
Sent: Mon 11/12/2001 12:00 PM
To: Exchange Discussions
Cc:
Subject: RE: It's not Microsoft's fault because....
On Mon, 12 Nov 2001, Chris Scharff wrote:
>> Why should *I* have to clean up after *Microsoft's*
>> mistakes? I paid good money for their software; it is
>> unreasonable to expect it to be secure in the default
configuration?
>
> You're just being a troll like Shawn now right? If you're not
going to
> add anything useful to the conversation, why even have it?
Alright, I will concede that was a bit heated, but that
attitude really
irks me.
Some customers demand insecure features. Granted.
Historically,
Microsoft has implemented those insecure features by default,
leading to
security problems for everyone. Other customers have demanded
products
designed with security in mind. Microsoft blames the problem on
customers
not installing fixes.
Am I the only one who sees the inconsistency with this? Why
does
Microsoft only listen to the demands of customers who want
insecurity? Why
don't the demands of people who want more secure products count?
My issue is not with installing updates or correcting insecure
defaults.
I am perfectly capable of doing so, thank you very much. My
issue is that
the problem does not appear to be caused simple programming
errors, but
through a continued disregard for security on the part of
Microsoft. That
makes my job harder than it needs to be, and that is not
something I like.
To use an analogy, when I buy a car, I do not expect to have
to remove a
bolt mounted behind the gas tank to prevent the vehicle from
exploding when
involved in a rear-end impact.
Thankfully, after this latest Nimda fiasco, Microsoft appears
to be waking
up to the fact that producing the software equivalent of a Ford
Pinto is not
a practice that instills customer loyalty.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author
and do not |
| necessarily represent the views or policy of any other person,
entity or |
| organization. All information is provided without warranty of
any kind. |
_________________________________________________________________
List posting FAQ:
http://www.swinc.com/resource/exch_faq.htm
Archives:
http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
���h�ا�P���i��0��"��(����q����_j�m�
܆+�m�����0�y��o�y�܇��j�!j�S��칻��&ޙ����^j����Z�����2�G(�L\���x����f�yb�֝�)��)�r�
