Bill Gates blames the victim

["Richard M. Smith" <rms () computerbytesman com>]

Hi,

I just saw this interview with Bill Gates in today's New York Times:

   Virus Aside, Gates Says Reliability Is Greater
   http://www.nytimes.com/2003/08/31/technology/31SMIC.html

Boy, talking about blaming the victim:

   [Gates] "The fact that these attacks are coming out and that 
   people's software is not up to date in a way that fully 
   prevents an attack on them is something we feel very bad about."

And ducking questions by blaming the victim:

   Q. "The buffer overrun flaw that made the Blaster worm 
   possible was specifically targeted in your code reviews 
   last year. Do you understand why the flaw that led to 
   Blaster escaped your detection?"

   A. "Understand there have actually been fixes for all of 
   these things before the attack took place. The challenge 
   is that we've got to get the fixes to be automatically 
   applied without our customers having to make a special effort."

Patching security holes is a poor substitute for avoiding them in the
first place.  If three guys in Poland can find a buffer overflow in DCOM
without access to Windows source code, why can't Microsoft?

Richard M. Smith
http://www.ComputerBytesMan.com


 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html