Microsoft takes 7 years to 'solve' a problem?!

["Memisyazici, Aras" <arasm () vt edu>]

<RANT>

<snip:: taken from MSRC Blog: http://blogs.technet.com/msrc/archive/2008/11/11/ms08-068-and-smbrelay.aspx>

What we released today with MS08-068 is that security update. It addresses the SMBRelay issue (discovered in 2001) does 
so in a way that doesn’t have the negative impact on applications that we originally believed addressing this issue 
would have.

</snip>

So... Hmm... I wonder what would happen if the rest of the world followed suit with M$' approach, and took 7 years to 
"fix" an issue in order to "not cause a significant impact"...

Scenario:

Ppl: Hey Ford, if one brute-forces the keyless entry on the door, you're car explodes...

Ford: well... I'll offer you three choices, two immediately, and the last one 7 yrs later. You can either not use the 
keyless entry system (we'll give you some shiny duck-tape to cover it) or you can use the biometric-knub system which 
requires that you have a knub... So those who have arms & legs can't use the system... (btw this will give birth to a 
whole new industry that will allow ppl to pay money for a product that fakes a knub for people with appendages) But 
it's biometric & cool this way! Or you can wait for 7 years and we'll release a non-exploding version of the 
keyless-entry system.

***************************************

OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is interpreting this, this way? Really? When has 
releasing a solution to a problem 7 years later ever been acceptable?

Jus' sayin' ...

</RANT>

Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/