Yesterday was a Tuesday -- and right on queue came the announcement that
another critical security flaw had been uncovered in Microsoft's IIS webserver
software (see the latest security alerts in the right-hand column).
the contents of Aardvark's "million-dollar ideas" notebook
are revealed for all to see!
Okay, so last week it was the webmail interface to Microsoft's Exchange 2000
and 5.5 and not IIS -- but even the most loyal fan of Billy's big software
shop must be starting to doubt the software giant's ability to cut safe code.
And it's not just that bad code escapes the QC at Redmond -- it's that there
seem to be an increasing number of occasions on which Microsoft seems incapable
of properly fixing the holes without making several failed attempts first.
Don't get me wrong -- I think Microsoft does a great job producing some very
slick software that the world has embraced -- at least partly due to a
good price/performance ratio.
However, it seems that someone is pushing the boys in the coding room just a little
too hard these days -- and the results are showing up as software with gaping
holes and lousy patches.
I find it interesting to note that when a couple of Ford Explorer SUVs tip
over because of allegedly faulty Firestone tires, the USA goes mad and even
government demands answers -- especially when the tires are supposedly
fixed but the problem persists.
Why then so little outcry over the shonky security QC associated with Microsoft's
flagship Internet products: Internet Explorer, MS Exchange, Outlook and IIS?
Okay, so maybe there aren't any lives at stake here -- but there are billions
of dollars involved when vulnerable servers are hijacked and used to launch
distributed denial of service attacks.
The craziness of the situation is made even more apparent when you realise that
the most popular alternatives to Microsoft's Internet server products are
free and no more difficult to set up (securely) than those from MS.
What's more --
indicate that they blow the Microsoft offerings out of the water from a
What's going on -- are Microsoft users just latent masochists or what?
However, that's no reason for ISOCNZ to make
this stupid recommendation
to its members.
Okay, so it does make sense to use Netscape rather than IE as your browser and
Pegasus is a whole lot safer than Outlook -- but anyone with half a brain can
make a single MS Windows PC secure enough to act as a PC rigged for Net browsing.
Just make sure your software is patched to the latest release, set all the security
settings to maximum and add a personal firewall. You won't be invulnerable
to a hostile attack -- but you'll make it hard enough that the script kiddies
will likely move on to an easier target.
If ISOCNZ is serious about protecting its member's security -- where's the
list of recommendations as to how to secure PC against attack? I thought
I'd find such a thing on the ISOCNZ website -- but a search for "security"
simply directed me to their 12 Commandments
with no mention of personal firewalls, good practice for managing incoming email,
What gives here?
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
Just add a
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
Contact me if you decide to use either of these feeds and
have any problems.
Did you tell someone else about Aardvark today? If not then do it
There is 1 Vacancy In The Job Centre
There are 14 Domain Names for sale UPDATED 14 MAY
There are 3 Events/Seminars listed