Microsoft is often in the news for software problems that need corrected. To some extent that’s understandable given the amount of software they have in use. But soon they can partially thank a group called MSRC for their headaches. This newly formed group of security researchers calls themselves the Microsoft-Spurned Research Collective. That name is a jab at the Microsoft Security Response Center. They are ticked off how Microsoft recently treated an engineer who disclosed a Windows vulnerability. By hiding behind a group, they hope they and the companies they work for will be shielded from retaliation from Microsoft in the future. I expect we’ll see them flex their muscle in the months ahead.
Having a group go after a company is certainly not new. I recall years ago there was a group that had the goal of going after Apple because they were ticked off that Apple publically implied their software was flawless while taking Microsoft to task for having security holes in their software. This group had no trouble convincing the world that Apple products were not without problems too, once they embarked on their flaw exposing binge. (Due to relative market share, most ‘researchers’ spend their time attacking Microsoft rather than Apple products.) The year this group focused on Apple, I recall that every time Apple released a patch for QuickTime, they pointed out a new vulnerability the very next day! I think I remember 8 QuickTime updates in 9 months.
But recently Apple went after Adobe. (Did Apple not learn their lesson?) And frankly, I’m not impressed with Adobe either. Flash has regularly crashed my browser for close to a year. It is not unusual for me to experience a half dozen crashes per day due to Flash, depending on the websites I visit. And Adobe Reader has been the attack vector of choice for more than a year. What is with those programmers at Adobe that they can’t fix Flash nor get Reader right?
No comments:
Post a Comment