Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Does Microsoft Understand Security?

January's Newsletter discussed Microsoft's new focus on security, but a recent interview of Paul Flessner, senior vice president of Microsoft Corp.'s .Net Enterprise Server group by ComputerWorld (http://www.idg.com.hk/cw/readstory.asp?aid=20020416003) casts doubt on the company's sincerity, or their ability, to achieve "Trustworthy Computing". At one point Flessner says, "I think our security model is very sound", which begs the question: Then why do they need this massive change of direction at all?

Flessner talks at length about how much effort they are putting in to code review, which is necessary remedial action, but will they recognise and admit the major security design flaws? Where is the announcement that the next release of Outlook Express will not support scripting? How about making macro support in Office applications optional, not installed by default? These are a couple of the major contributors to insecurity, stemming from breaking the rule that Code and Data should not be mixed. In January's memo, Bill Gates said, "when we face a choice between adding features and resolving security issues, we need to choose security", will they bite the bullet and remove the features that currently contribute so much to security problems?