Any software change is bound to inconvenience sombody. With Microsoft, I find the problem is not that they make changes but that they make changes WITHOUT properly announcing them. For example, if they do make a change and announce it at some conference, that gets the message to some small percentage of the people who NEED to get the message. Grandma and her e-mail client and pictures of her grandkids is totally clueless and possibly hostile towards detailed change information. I'm not grandma. I take pride in knowing what is going on and can do so if only I am enabled to do so.
Mark Rockman, B.S., MCP ----- Original Message ----- From: "Alun Jones" <[EMAIL PROTECTED]> To: "'ljknews'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, February 27, 2004 18:58 Subject: RE: [SC-L] Any software security news from the RSA conference? > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of ljknews > > Sent: Friday, February 27, 2004 9:51 AM > > > > You must be thinking of a different Bill Gates than the one familiar > > to me. I am thinking of the one who announced a few years ago that > > Microsoft would stop other activities for a month and fix > > their security. > > I wonder if this is the same Bill Gates who then doubled that time off new > development (note - he doesn't talk about security as a finished job), and > mandates the reading of the book "Writing Secure Code", amongst other > things. > > But Bill isn't the only person at Microsoft, and it's really important that > a large number of people at Microsoft "get it". Bill's job, when he turns > up to these things, is essentially to say whatever Microsoft's game plan is, > currently, not to impress us that he has found religion. What's key is the > number of other people within Microsoft that "get security". As a Security > MVP, I get to spend time with some of these people, and they really do seem > to have a clue - I should know, I fill their inboxes with whatever my latest > pontifications on security are, and I read the responses I get back very > carefully. > > Microsoft has a lot of code to contend with, and much of it is old - so a > lot of it has had to be scrubbed clean of imperfections, and some has had to > be re-written. And yet, they're actually _doing_ it. How many people are > howling about the decision to remove the non-RFC http format that's used by > so many scammers and spammers? How many people are going to howl that > enabling the firewall by default in SP2 makes life "harder" for them? There > are some very tough decisions being made in the right direction here, I > think. > > Alun. > ~~~~ > -- > Texas Imperial Software | Find us at http://www.wftpd.com or email > 1602 Harvest Moon Place | [EMAIL PROTECTED] > Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. > Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer. > > > >