Please run windows update now

Brad Knowles brad at shub-internet.org
Tue May 16 17:23:36 UTC 2017


On May 16, 2017, at 11:40 AM, JoeSox <joesox at gmail.com> wrote:

> LOL. I think that is a really bad example and I see many facilities in it,
> including a hasty generalization, as intersections, and roads for that
> matter, in America have been resigned to improve safety.

So, if you want to talk about roads in the US, the first thing you have to do is look at the budgets.  There are trillions of dollars worth of road improvements that should have been made over the past decades, but which haven't.  You'd have to ask the politicians as to what they think the real reasons are, but my guess is that they were unwilling to make long-term investment on critical infrastructure, because it was seen as being too expensive in the short-term.

And I definitely see a strong analogy there with what Microsoft has/has not done.

> Isn't it true, with any tech product, the more complex features, the less
> secure it is? Ask yourself why this is the case, and I believe the true
> issue with tech lays there.

To a degree, this is true.  But there are more iOS devices out there than there are Windows boxes, and while iOS certainly isn't perfect, it definitely has a much better security posture.

So, there is at least one other company out there that can do the job.  I have to believe that there is more than just one.

> I don't know. It is hard to imagine a professional IT nowadays, seriously
> blaming Microsoft for every bad thing out there.

I don't blame Microsoft for every bad thing out there.  I do think they are, by far, the worst of the Fortune 25.  But there are 24 other companies on that list who all have their own part to play -- including Apple.

> What would be more of an interesting discussion, to me, would be why
> doesn't Microsoft know about these hoarding of vulnerabilities by State
> actors and plug them up?

Well, this one is actually an old vulnerability, right?  One that Microsoft supposedly fixed years ago?  So, why didn't they fix it properly back then?

> Are they really that clever of vulnerabilities? Does Microsoft not have the
> resources? Is Windows like the ocean, where there are just hundreds of new
> species awaiting to be discovered?
> Did Microsoft at least know of the NSA vulnerabilities, for example, and
> kept it classified until NSA told them to plug them up?

Good conspiracy questions to ask.  But frankly, I don't care that Microsoft wants to blame the NSA for hoarding vulnerabilities.  If Microsoft had spent more time/money/effort to get their crap right the first time, then we wouldn't have this mess.  We might have a different mess, but we wouldn't have this one.

-- 
Brad Knowles <brad at shub-internet.org>



More information about the NANOG mailing list